DNS Authentication - Let Emply send e-mail on behalf your domain

To avoid mails sent from Emply, being marked as "Fraud" and to avoid the risk of spam and phishing mails, a DomainKeys Identified Mail (DKIM) must be created which is the method of email authentication and used to secure that email is not changed during transit between the sending and receiving servers.

In addition, Emply's mail server solution must be added, as approved Sender Policy Framework SPF, which is a text record in DNS TXT domain records. The record contains information about the list of servers that have the right to send a letter on behalf of the domain.

Requirements for technical setup:

  • IT person
  • Requires access to your domain administration
  • Access an email from your own domain that can receive an activation link

Step in setup

1. Create DKIM TXT record

DKIM is a DNS-based email authentication mechanism that helps Mandrill more effectively send mail on your behalf by allowing receivers to verify that we have permission to send your email. To enable DKIM, create a TXT record for mandrill._domainkey.yourdomain.com (just replace yourdomain.com with the domain you're setting up) with the following value:v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB;

Some DNS providers require that semicolons be escaped. If your provider requires escaping, use this value instead:v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQA

2. Add to the SPF TXT record

If you don't yet have an SPF record, you'll want to add one for your domain. At a minimum, the value should be the following if you're only sending mail through Mandrill for that domain:v=spf1 include:spf.mandrillapp.com ?all

If you already have a TXT record with SPF information, you'll need to add Mandrill's servers to that record by adding include:spf.mandrillapp.com in the record (before the last operator, which is usually ?all~all, or -all).

3. Send mail to support@emply.com and specify the internal mail address where you want the verification link sent to. 

4. Emply support sends an activation link to the specified mail address.

5. Forward the mail to Emply support

6. You will get a confirmation from Emply support once verified

 

 

DMARC
Fx Google og Kitterman har lavet en god beskrivelse af hvordan I kan sætte det op. Det anbefales at rulle DMARC langsomt ud og starte i notificerings tilstand (p=none).

Actions to take for failed DMARC check TXT record contents
Take no action on messages that fail the DMARC check. Email a daily report to xxxx@your-domain.com. v=DMARC1; p=none; rua=mailto:xxxx@your-domain.com

Put 5% of the messages that fail the DMARC check in recipients' spam folders. Email a daily report to xxxx@your-domain.com.

v=DMARC1; p=quarantine; pct=5; rua=mailto:xxxx@your-domain.com

Reject 100% of messages that fail the DMARC check. Email a daily report to two addresses: postmaster@your-domain.com and xxxx@your-domain.com. 

Failed messages cause an SMTP bounce to the sender.

v=DMARC1; p=reject; rua=mailto:postmaster@your-domain.com, mailto:xxxx@your-domain.com