| Table of Contents |
|---|
SECUTIX SecuTix sends either technical (transaction ...) emails or "marketing" emails via SAM.
In both cases, reliability of delivery is very important.
Technical measures
Set an SPF entry in your DNS
Introduction to SPF
Sender Policy Framework (SPF) is an email authentication method designed to detect forged sender addresses in emails.
...
The example below illustrates this SPF information in the header of an email from a fictive institution mosamuseum:
| Expand | |||||
|---|---|---|---|---|---|
| |||||
|
...
| Info |
|---|
v=spf1 include:spf.secutix.com ~all |
SPF - Procedure to follow
- SecuTix SECUTIX provides a list of authorized servers used to send emails on behalf of the institution mosamuseum
- The mosamuseum institution publishes a corresponding SPF record in its DNS
- create a SPF record:
...
- Check your SPF record. Several Web sites exist:
Setup DKIM
Introduction to DKIM
SecuTixSECUTIX, acting as software-as-a-service providers (SaaS), allows you to define DomainKeys Identified Mail (DKIM) for sent emails. This requires coordination with SecuTix SECUTIX to set up the corresponding DNS records.
The example below illustrates this DKIM configuration with the header of an email from a fictive institution "mosamuseum":
| Expand | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
In this example, the DKIM signature included in the header of the email is:
|
The recipient system can verify the authenticity by looking up the sender's public key published in the DNS. A valid signature also guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed.
For further reading, please refer to https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
DKIM -
...
Procedure to follow
- The customer opens a service support request in order to enable signature of outgoing emails
- SecuTix generates a pair of DKIM public/private key for two given selectors
- The mosamuseum institution add the two following DNS records in their zone (to enable updates of keys)
stxsel1._domainkey.mosamuseum.com. IN CNAME sel1-mosa._domainkey.dkim.secutix.com.
stxsel2._domainkey.mosamuseum.com. IN CNAME sel2-mosa._domainkey.dkim.secutix.com.
!!! Be careful to change:
domain name "mosamuseum.com" with the domain name which is defined in Sales Channels (Parameters => Sender email)
institution code "mosa" with the institution code
...
- The customer opens a service support request in order to enable signature of outgoing emails
- SECUTIX generates a pair of DKIM public/private key for two given selectors
SECUTIX SecuTix signs all emails sent with the DKIM private key. This signature is included in the header of the email.
Setup MX
See https://abnormalsecurity.com/glossary/mx-record, which includes "if you want to successfully deliver emails, you need an MX record".
Setup DMARC
Introduction to DMARC
DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email. Source: https://dmarc.org/.
DMARC - Procedure to follow
Due to recent changes to email handling by Google and Yahoo for anyone sending more than 5,000 emails daily, you should ensure that you have a DMARC record in your DNS settings.
If you don't know anything about DMARC, then we recommend you add the following DNS record:
- _dmarc.mosamuseum.com. IN TXT "v=DMARC1; p=none"
Please check afterwards with https://mxtoolbox.com/dmarc.aspx: it shouldn't include any errors (i.e. anything flagged with 
). Please also read https://support.google.com/a/answer/10032473 to progressively improve your DMARC record.