IMPORTANT: Effective February, 2024, Google and Yahoo have new requirements for bulk email senders on their platforms. Learn about the new requirements and what you have to do in New Bulk Sender Requirements.

This article describes some of the important aspects of sending mail via your Higher Logic Thrive Marketing Professional (Thrive Marketing Professional) account, such as:

• sender reputation and email authentication,
• the SPF anti-spoofing technology, and
• the DMARC policy that is designed to fight email-spoofing attempts.

Glossary

Below are some non-Higher Logic terms that you'll encounter in this article and with which you might not be familiar.

NOTE: Higher Logic provides these high-level descriptions in order to increase your understanding of these terms as you read this article.

• DNS - Domain Name System is a naming system for devices and other resources on the internet and Internet Protocol (IP) networks.
• DKIM - DomainKeys Identified Mail is an email-authentication method that is intended to detect forged sender addresses.
• SPF - Sender Policy Framework is an email-authentication protocol that is intended to prevent email spoofing.
• DMARC - Domain-based Message Authentication, Reporting and Conformance leverages DKIM and SPF to determine if the legitimacy of a mailing.

Authentication & DNS changes

Your digital marketing reputation is critical to the deliverability of your email-marketing messages. To preserve your sender reputation, you can take certain steps to mitigate those factors that could negatively affect your reputation.

It's important that recipients of your mailings know that mailings from your organization are actually coming from your organization. Email authentication is a way to protect your recipients from fraudulent email messages (e.g., phishing scams and other types of spam).

There are two important things that you should do to your DNS record.

• Authenticate your sending domain as described below
• Update your SPF record as described below in SPF

NOTE: These changes to your DNS record require the skills of an IT professional. Also, be aware that you must complete these steps for each of your sending domains used in Thrive Marketing Professional.

Authenticate your sending domain

To authenticate your sending domain via DKIM:

1. Access the Admin interface.
2. Navigate to Settings > Setup > Email Authentication.

TIP: Domains in your account that have already been authenticated are listed; you can manage (retest, delete) them here.

3. Specify your sending domain in the text field and click GET INSTRUCTIONS.

• • The page refreshes and displays How to set up a new domain with DKIM authentication instructions.
  • The set up, which involves creating CNAME records, should be completed by your DNS admin or IT professional. Share the instructions with that person and make sure that they have valid log-in credentials for Thrive Marketing Professional.

4. After the CNAME records set up is complete, return to this page to run a test.

NOTE: The configuration is not "complete" until it passes the authentication test on this page.

5. Click TEST to test the domain authentication.

Repeat the steps above for any additional domains that will be used to send email messages through your Thrive Marketing Professional account.

If the domain-authentication test passes, a message indicates the success and the domain is added to the list and can be deleted or retested.

Authentication test fails

If the domain-authentication test fails, a message indicates the failed test. Review this section for possible causes and things to check.

• Your DNS change might require more time to propagate. Check your DNS settings to see how long it will take for your record to be live.
• The "Alias" field might require a dot/period character at the end (e.g., s01a.informz.net.).
• The "Name" field might require a dot/period character at the end (e.g., "s01a._domainkey." or, if your domain is not assumed, you might need "s01a._domainkey.<your-domain-name.>")
• Make sure that your domain is pointing to the informz.net domain. For example, "s01a._domainkey.yourdomain" points to "s01a.informz.net".
• Make sure that the fields are in the correct order when creating your CNAME record.
• Make sure that the second CNAME record is properly configured (e.g., s01b). This record is needed in case the DKIM keys are rotated in the future.

CNAME configuration tips

Each DNS is different, so below are some DNS-specific tips for CNAME configuration.

• GoDaddy uses "Points to" in place of the "Alias" field
• SoftLayer uses "Points to" in place of "Alias" and requires a " . " at the end of the field
• Office 365 uses "Address" in place of "Alias" but does not require a " . " at the end of each field
• Network Solutions uses "Alias" in place of the "Name" field and the "other host" field is really the "Alias"

NOTE: The best solution may be to reach out to your DNS provider for proper instructions. If you're still having issues, create a case with Higher Logic Support.

Child accounts

If more than one account (child accounts) is being used to send email messages, you can either:

• make the parent account the default manager for DKIM entries or
• allow each child account to add and make changes to domains sent through their account.

If you make the parent account the default, then email authentication settings will be used across all child accounts and only the parent account will have the rights to make changes.

SPF

Sender Policy Framework (SPF) is an anti-spoofing technology that tells "receivers" (i.e., receiving mail servers, not your recipients) which servers are allowed to send mail on behalf of your sending domain. The sending domain could also referred to as: Return-Path, MAIL-FROM, Bounce address, or Envelope from.

The sending domain that is used when sending mail through the Higher Logic system is informz.net, which is configured with SPF authentication, so no additional configuration is not necessary on your part.

Learn about SPF

• What Is Sender Policy Framework (SPF)?: https://www.proofpoint.com/us/threat-reference/spf
• How to Protect Against Email Spoofing with SPF: https://easydmarc.com/blog/how-to-protect-against-email-spoofing-with-spf/

Sender ID

Some receivers still check something called Sender ID. The receiver looks up the SPF record on your visual "from" address. Despite this being obsolete, some older systems still check it.

If you have an SPF record on your sending domain, consider adding Higher Logic's servers to it in order to ensure delivery across all mail platforms.

To do so, add either:

• include:informz.net or
• the sending IPs associated with your account (found in the Mail is Sent From the Following IP Addresses section at the bottom of the Admin > System Settings page).

DMARC

You cannot use Yahoo, Hotmail, Gmail, and other major domains as your from address in Thrive Marketing Professional because these mail providers (and many others) have set a policy on unauthorized use of their sending domain. This policy is Domain-based Message Authentication, Reporting and Conformance (DMARC), and it's something that providers use to fight spam, phishing, and other means of email spoofing.

DMARC leverages SPF and DKIM (as authentication mechanisms) to determine if a mailing is legitimate. When senders use these major domains outside their authorized systems, mail is typically rejected, which results in a poor deliverability reputation.

With DMARC, domain owners can indicate how they want to handle mail coming from their domain that fails these specifications (and how they receive reporting on it). This may not be something you'll need to put in place at your organization, but it is important to understand.

How DMARC affects senders

DMARC can affect senders in two ways:

• The domain used as your "from" address - The sending domain (email address) that you use for your email marketing determines how receiving systems handle and classify the email you send. If you do not own the domain you are sending from, your mail may be rejected or classified as spam.
• The domain that is owned by you/your organization - Creating your own DMARC Policy provides added protection against fraudulent and harmful messages in the event that a spammer uses your domain without your permission.

Benefits

There are several benefits to DMARC, such as it:

• provides an easy way to identify an email message's legitimacy,
• protects against fraud,
• simplifies delivery, and
• builds a positive domain reputation.

All this can help your sending IP(s) too! Putting a DMARC policy in place can also guard against spammers and help prevent phishing attempts.

How DMARC is deployed

After SPF and DKIM authentication are completed, a domain owner may decide to create another TXT record for DMARC. When a policy has been established, the domain owner receives reporting on all mail sources using that domain, as well as SPF and DKIM results.

Mail receivers see the DMARC record and treat the mail accordingly. However, if you are not ready to set a strict policy (which would affect mail delivery), you can set the record to reporting mode, which provides data on how your domain is being used on the internet.

Thrive Marketing Professional domains

Thrive Marketing Professional currently has DMARC records set to reporting mode only. However, Thrive Marketing Professional has plans to enforce a strict policy that prohibits any unauthorized senders from using our domains.