In this article, you'll learn about the importance of sender authentication.
Authentication & DNS changes
Your digital marketing reputation is critical to the deliverability of your email-marketing messages. So there are some steps that you can take to mitigate factors that could negatively affect your reputation.
It's important to your reputation that your recipients know that mailings from your organization are actually coming from your organization. This sort of email authentication helps protect your recipients from fraudulent email (e.g., phishing scams or other types of spam).
There are two important things that you should do to your DNS record:
- Complete DKIM authentication. See Email Authentication below to learn more.
- Update your SPF record. See SPF & Sender ID below to learn more.
These DNS changes require the skills of an IT professional. Also, be aware that you will need to complete these steps for each of your sending domains used in Higher Logic Thrive Marketing Professional (Thrive Marketing Professional).
To begin the DKIM authentication process for your sending domain(s):
- Navigate to Admin > Setup > Email Authentication.
- Enter your sending domain into the text field and click GET INSTRUCTIONS for customized DNS instructions. These steps are typically completed by your DNS admin or IT professional, so it is recommend they have access to log in to Thrive Marketing Professional. After the CNAME records are added to your DNS, return to the Thrive Marketing Professional page to run a test. Keep in mind that the configuration will not be completed until the authentication test passes in your Thrive Marketing Professional account.
- Click TEST to see if the domain has passed authentication. If so, you will see a message that indicates the domain has passed the authentication test. The domain will then be added to the list on that page which can be deleted or retested if any changes need to be made.
NOTE: If the authentication test indicates that the domain has failed, try the troubleshooting steps below.
Each DNS is different, so we've included some troubleshooting tips below for CNAME configuration:
- GoDaddy uses "Points to" in place of the "Alias" field
- SoftLayer uses "Points to" in place of "Alias" and requires a " . " at the end of the field
- Office 365 uses "Address" in place of "Alias" and does not require a " . " at the end of each field
- Network Solutions uses "Alias" in place of the "Name" field and the "other host" field is really the "Alias"
NOTE: The best solution may be to reach out to your DNS provider for proper instructions. If you're still having issues, feel free to create a case.
You can follow the same steps above for any additional domains that will be used to send through Thrive Marketing Professional. You will see each of the active/authenticated domains listed in your authentication settings.
If there is more than one account (child accounts) being used to send mail, you have the option of either making the parent account the default manager for DKIM entries or allow each child account to add and make changes to domains sent through their account. If you check the box to make the parent account the default, then email authentication settings will be used across all child accounts and only the parent account will have the rights to make changes.
SPF is configured on the bounce address "informz.net", so no additional steps are needed. However, you could add "include:informz.net" to your existing SPF record for receivers still checking SPF on the "from" address (aka Sender-ID which is deprecated).
SPF & Sender ID
SPF is an anti-spoofing technology that tells receivers which servers are allowed to send mail on behalf of your "Mail From" domain (also known as: envelope address, bounce address, return path, RFC5321). The "Mail From" domain used when sending through our system is "informz.net" which is complete with SPF authentication. This means no configuration is necessary on your part.
However, you may find that some receivers are still checking something called "Sender ID" (this is obsolete, but some older systems still check). This is when the receiver looks up the SPF record on your visual "from" address.
If you have an existing SPF record on your sending domain, you may want to consider adding our servers to it to ensure delivery across all mail platforms. This can be done by adding "include:informz.net" or by adding the sending IPs associated with your account. These IPs can be found in Admin > System Settings > Scroll to the bottom of the page.
You may be wondering why you are unable to use Yahoo, Hotmail, Gmail, and other major domains as your from address in Thrive Marketing Professional. This is because these mail providers (and many others) have set a policy on unauthorized use of their sending domain. This policy is known as DMARC, and it's something that providers are using to help fight spam, phishing, and other means of email spoofing.
DMARC works by leveraging SPF and DKIM as authentication mechanisms to determine if the mailing is legitimate. When senders use these domains outside of authorized systems, mail is typically rejected. This results in poor deliverability.
With DMARC, domain owners can indicate how they want to handle mail coming from their domain that fails these specifications (and how they receive reporting on it). This may not be something you'll need to put in place at your organization, but it is important to understand.
How DMARC affects senders
DMARC can affect senders in two ways:
- The domain used as your "from" address - The sending domain (email address) that you use for your email marketing determines how receivers handle and classify the email you send. If you do not own the domain you are sending from, your mail may be rejected or classified as spam.
- The domain that is owned by you/your organization - Creating your own DMARC Policy allows added protection against fraudulent and harmful messages in the event that a spammer uses your domain without your permission.
DMARC provides an easy way to identify an email’s legitimacy, protects against fraud, simplifies delivery, and builds a positive domain reputation. In fact, all this can help your sending IP(s) too! Putting a DMARC policy in place can also guard against spammers and help prevent phishing attempts.
How DMARC is deployed
Once SPF and DKIM authentication are completed, a domain owner may decide to create another TXT record for DMARC. When a policy has been established, the domain owner receives reporting on all mail sources using that domain as well as SPF and DKIM results. Mail receivers see the DMARC record and treat the mail accordingly. However, if you are not ready to set a strict policy (which would affect mail delivery), you can set the record to reporting mode, which provides data on how your domain is being used on the internet.
Thrive Marketing Professional domains
Thrive Marketing Professional currently has DMARC records set to reporting mode only. However, Thrive Marketing Professional has plans to enforce a strict policy that disallows any unauthorized senders from using our domains.