Is Neoserra capable of sending DMARC compliant email, and how do I set up domain authentication: DKIM and SPF?
First of all, Yes, Neoserra is capable of sending DMARC compliant email, but what does that really mean? Well, in the early days of email, there were limited ways available to support sender verification. Nearly all spam, scams, and viruses that spread through email did so using falsified sender information - as some still do today. Verifying who is sending the emails actually was, and still is, a difficult process, especially when some domains are, in fact, allowed to send email using your domain, like OutreachSystems.
When you send email using the Neoserra platform, you will be sending an email originating in Neoserra, but when your client receives it you want it to look like it came from email@example.com - not from firstname.lastname@example.org!
In order to allow Neoserra to send emails that look like they came from your email servers, we recommend that you set up custom DomainKeys Identified Mail (DKIM) authentication for your domain and include Neoserra in your Sender Policy Frameworks (SPF) record. Both are necessary because SPF uses rule sets to determine authorized IP addresses from which you will be sending emails and DKIM uses public key cryptography to authenticate individual email messages.
Yes, this article may be a bit techy, and we recommend that you share it with your IT staff who can set up DKIM and include Neoserra in your SPF record. They will want to edit your domain's Zone Editor and create a CNAME record for:
- osc1._domainkey.yourcenter.edu to map to this value: osc1._domainkey.outreachsystems.com.
Where "yourcenter.edu" is truly your program's domain name. A sample zone file entry would look like:
osc1._domainkey.yourcenter.edu IN CNAME osc1._domainkey.outreachsystems.com.
If the osc1._domainkey.yourcenter.edu DKIM key is not found at the time of sending, then Neoserra will not use DKIM.
Additionally you will want to create a TXT record for yourcenter.edu with this value (adjust for your mail provider; below is for Microsoft Outlook):
- v=spf1 include:spf.protection.outlook.com include:spf.outreachsystems.com -all
If your hosting provider requires you to use IP addresses, then you can provide them with the following IP addresses:
NOTE: OutreachSystems may add or remove IP addresses over time and usage of the include:spf.outreachsystems.com will ensure a smooth transition.
Once your DMARC policy has been updated by your IT department, please contact OutreachSystems so that we can clear all email addresses that were rejected because they could not be authenticated. If your IT department is not willing or able to update your zone then you may choose to use the Neoserra Authentication option instead.
Last but not least, what can you do? We always recommend that you follow best email practices!
Want more? Browse our extensive list of Neoserra FAQs.