IMPORTANT: Effective February, 2024, Google and Yahoo will have new requirements for bulk email senders on their platforms. Learn about the new requirements and what you have to do in New Bulk Sender Requirements.

This article describes some of the important aspects of sending mail via your Higher Logic Thrive Marketing Enterprise (Thrive Marketing Enterprise) account, such as:

• sender reputation and email authentication,
• the SPF anti-spoofing technology, and
• the DMARC policy that is designed to fight email-spoofing attempts.

Glossary

Below are some non-Higher Logic terms that you'll encounter in this article and with which you might not be familiar.

NOTE: Higher Logic provides these high-level descriptions in order to increase your understanding of these terms as you read this article.

• DNS - Domain Name System is a naming system for devices and other resources on the internet and Internet Protocol (IP) networks.
• DKIM - DomainKeys Identified Mail is an email-authentication method that is intended to detect forged sender addresses.
• SPF - Sender Policy Framework is an email-authentication protocol that is intended to prevent email spoofing.
• DMARC - Domain-based Message Authentication, Reporting and Conformance leverages DKIM and SPF to determine if the legitimacy of a mailing.

Authentication & DNS changes

Your digital marketing reputation is critical to the deliverability of your email-marketing messages. To preserve your sender reputation, you can take certain steps to mitigate those factors that could negatively affect your reputation.

It's important that recipients of your mailings know that mailings from your organization are actually coming from your organization. Email authentication is a way to protect your recipients from fraudulent email messages (e.g., phishing scams and other types of spam).

There are two important things that you should do to your DNS record.

• Authenticate your sending domain as described below
• Update your SPF record as described below in SPF

NOTE: These changes to your DNS record require the skills of an IT professional. Also, be aware that you must complete these steps for each of your sending domains used in Thrive Marketing Enterprise.

Authenticate your sending domain

1. Identify your sending domains; that is, the domains that you are going to use in order to send email messages through Thrive Marketing Enterprise.

NOTE: The sending domain is the portion to the right of the @ symbol in the “from" email address.

For example, in sender@myorganization.com, the sending domain is myorganization.com.

2. Use the examples below to create new DNS entries for your sending domains.
3. Replace all instances of MYNEWDOMAIN.COM with your sending domain. Do this individually for every domain you will use for sending email messages through Thrive Marketing Enterprise.

NOTE: These DNS entries are internet standard pointers that direct internet traffic to the correct server to handle those requests.

NOTE: Some DNS providers, such as GoDaddy, append the domain to the end of each entry. If your DNS provider does, do not include the .MYNEWDOMAIN.COM portion of the CNAME records.

DNS Records for Email Domain:   MYNEWDOMAIN.COM

SPF Authentication:
CNAME Record Entry:
    Name:                       send.MYNEWDOMAIN.COM
    Alias/points to/target:     client.rmsend.com

DKIM Authentication:
CNAME Record Entry # 1:
    Name:                       HLMAE1._domainkey.MYNEWDOMAIN.COM
    Alias/points to/target:     HLMAE1._domainkey.rmsend.com
CNAME Record Entry # 2:
    Name:                       HLMAE2._domainkey.MYNEWDOMAIN.COM
    Alias/points to/target:     HLMAE2._domainkey.rmsend.com
    

3. Provide the DNS entries to your IT staff so they can update the appropriate Name Server. The Name Server is the server that stores DNS entries and directs internet requests to the correct server.

NOTE: If your organization runs internal- and external-facing Name Servers, add the DNS entries to both servers.

4. Use Google Dig to verify that the CNAME entries are referring to the correct hostname and results in a successful TXT record. If you are experiencing issues, see CNAME Troubleshooting for DKIM.
5. After the updates have been made by your IT staff, create a case (include the domain setup) so that we can verify the DNS entries and complete the setup.
6. After we have completed our setup, we notify the team that your account is ready to be used.

CNAME configuration tips

Each DNS is different, so below are some DNS-specific tips for CNAME configuration.

• GoDaddy uses "Points to" in place of the "Alias" field
• SoftLayer uses "Points to" in place of "Alias" and requires a " . " at the end of the field
• Office 365 uses "Address" in place of "Alias" but does not require a " . " at the end of each field
• Network Solutions uses "Alias" in place of the "Name" field and the "other host" field is really the "Alias"

NOTE: The best solution may be to reach out to your DNS provider for proper instructions. If you're still having issues, create a case with Higher Logic Support.

Child accounts

If more than one account (child accounts) is being used to send email messages, you can either:

• make the parent account the default manager for DKIM entries or
• allow each child account to add and make changes to domains sent through their account.

If you make the parent account the default, then email authentication settings will be used across all child accounts and only the parent account will have the rights to make changes.

SPF

Sender Policy Framework (SPF) is an anti-spoofing technology that tells "receivers" (i.e., receiving mail servers, not your recipients) which servers are allowed to send mail on behalf of your sending domain. The sending domain could also referred to as: Return-Path, MAIL-FROM, Bounce address, or Envelope from.

The sending domain that is used when sending mail through the Higher Logic system is informz.net, which is configured with SPF authentication, so no additional configuration is not necessary on your part.

Learn about SPF

• What Is Sender Policy Framework (SPF)?: https://www.proofpoint.com/us/threat-reference/spf
• How to Protect Against Email Spoofing with SPF: https://easydmarc.com/blog/how-to-protect-against-email-spoofing-with-spf/

Sender ID

Some receivers still check something called Sender ID. The receiver looks up the SPF record on your visual "from" address. Despite this being obsolete, some older systems still check it.

If you have an SPF record on your sending domain, consider adding Higher Logic's servers to it in order to ensure delivery across all mail platforms.

To do so, add either:

• include:informz.net or
• the sending IPs associated with your account (found in the Mail is Sent From the Following IP Addresses section at the bottom of the Admin > System Settings page).

DMARC

You cannot use Yahoo, Hotmail, Gmail, and other major domains as your from address in Thrive Marketing Enterprise because these mail providers (and many others) have set a policy on unauthorized use of their sending domain. This policy is Domain-based Message Authentication, Reporting and Conformance (DMARC), and it's something that providers use to fight spam, phishing, and other means of email spoofing.

DMARC leverages SPF and DKIM (as authentication mechanisms) to determine if a mailing is legitimate. When senders use these major domains outside their authorized systems, mail is typically rejected, which results in a poor deliverability reputation.

With DMARC, domain owners can indicate how they want to handle mail coming from their domain that fails these specifications (and how they receive reporting on it). This may not be something you'll need to put in place at your organization, but it is important to understand.

How DMARC affects senders

DMARC can affect senders in two ways:

• The domain used as your "from" address - The sending domain (email address) that you use for your email marketing determines how receiving systems handle and classify the email you send. If you do not own the domain you are sending from, your mail may be rejected or classified as spam.
• The domain that is owned by you/your organization - Creating your own DMARC Policy provides added protection against fraudulent and harmful messages in the event that a spammer uses your domain without your permission.

Benefits

There are several benefits to DMARC, such as it:

• provides an easy way to identify an email message's legitimacy,
• protects against fraud,
• simplifies delivery, and
• builds a positive domain reputation.

All this can help your sending IP(s) too! Putting a DMARC policy in place can also guard against spammers and help prevent phishing attempts.

How DMARC is deployed

After SPF and DKIM authentication are completed, a domain owner may decide to create another TXT record for DMARC. When a policy has been established, the domain owner receives reporting on all mail sources using that domain, as well as SPF and DKIM results.

Mail receivers see the DMARC record and treat the mail accordingly. However, if you are not ready to set a strict policy (which would affect mail delivery), you can set the record to reporting mode, which provides data on how your domain is being used on the internet.

Thrive Marketing Enterprise domains

Thrive Marketing Enterprise currently has DMARC records set to reporting mode only. However, Thrive Marketing Enterprise has plans to enforce a strict policy that prohibits any unauthorized senders from using our domains.