DNS Authentication - Let Emply send e-mail on behalf your domain

How to activate Emply mail service

  1. Activate "Own Email domain" in Emply
  2. Chose Our mail server
  3. Follow online guidance
  4. Activate
  5. Wait for answer from Emply support

Sk_rmbillede_2021-01-26_kl._09.58.04.png

It is necessary to activate this in Emply, If you want to be able to send out mails using your own domain.

Sk_rmbillede_2021-01-26_kl._09.58.50.png

Add your domain and follow guide

Sk_rmbillede_2021-01-26_kl._09.59.20.png

Chose our mail server

  • Enter your domain and follow instructions
  • Click "Go back"
  • Click Activate

Sk_rmbillede_2021-01-26_kl._10.02.41.png

IMPORTANT!

Check that you have pressed Activate

And that it looks like this in Emply

Sk_rmbillede_2021-03-11_kl._09.39.27.png

 

Background

To avoid mails sent from Emply, being marked as "Fraud" and to avoid the risk of spam and phishing mails, a DomainKeys Identified Mail (DKIM) must be created which is the method of email authentication and used to secure that email is not changed during transit between the sending and receiving servers.

In addition, Emply's mail server solution must be added, as approved Sender Policy Framework SPF, which is a text record in DNS TXT domain records. The record contains information about the list of servers that have the right to send a letter on behalf of the domain.

 

Requirements for technical setup:

  • IT person
  • Requires access to your domain administration
  • Access an email from your own domain that can receive an activation link
  • White list emails from message.emply.net so that they are not caught in your anti-phishing system

Step in setup

First go to menu and choose

Settings -> Integrations -> Applications

Sk_rmbillede_2020-12-01_kl._11.54.14.png

Activate "Own email domain"

Sk_rmbillede_2020-12-01_kl._11.31.14.png

You start by clicking “Add domain”.

Select Our email server
Sk_rmbillede_2020-12-01_kl._11.58.07.png
Follow the directions
Enter the mail where to send verification link
 
Note!
After you have set up spf and DKIM records we will send you a link - this link must be forwarded to us in Zendesk as we have to activate it on our account.

 

Setup your DNS records

1. Create DKIM TXT record

DKIM is a DNS-based email authentication mechanism that helps Mandrill more effectively send mail on your behalf by allowing receivers to verify that we have permission to send your email. To enable DKIM, create a TXT record for mandrill._domainkey.yourdomain.com (just replace yourdomain.com with the domain you're setting up) with the following value:v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB;

Some DNS providers require that semicolons be escaped. If your provider requires escaping, use this value instead:v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQA

2. Add to the SPF TXT record

If you don't yet have an SPF record, you'll want to add one for your domain. At a minimum, the value should be the following if you're only sending mail through Mandrill for that domain:v=spf1 include:spf.mandrillapp.com ?all

If you already have a TXT record with SPF information, you'll need to add Mandrill's servers to that record by adding include:spf.mandrillapp.com in the record (before the last operator, which is usually ?all~all, or -all).

3. Send mail to support@emply.com and specify the internal mail address where you want the verification link sent to. 

4. Emply support sends an activation link to the specified mail address.

5. Forward the mail to Emply support

6. You will get a confirmation from Emply support once verified

 

 

DMARC

For example, Google and Kitterman have made a good description of how you can set it up. It is recommended to roll out DMARC slowly and start in notification mode (p = none).

Actions to take for failed DMARC check TXT record contents
Take no action on messages that fail the DMARC check. Email a daily report to xxxx@your-domain.com. v=DMARC1; p=none; rua=mailto:xxxx@your-domain.com

Put 5% of the messages that fail the DMARC check in recipients' spam folders. Email a daily report to xxxx@your-domain.com.

v=DMARC1; p=quarantine; pct=5; rua=mailto:xxxx@your-domain.com

Reject 100% of messages that fail the DMARC check. Email a daily report to two addresses: postmaster@your-domain.com and xxxx@your-domain.com. 

Failed messages cause an SMTP bounce to the sender.

v=DMARC1; p=reject; rua=mailto:postmaster@your-domain.com, mailto:xxxx@your-domain.com