Blackbaud SPF and DKIM Configuration: Step by Step

This instructional article will demonstrate the Blackbaud configuration process of Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures to ensure Blackbaud passes the DMARC alignment check and eliminate spam from your domain and increase security.

The SPF record identifies the mail servers and domains that are allowed to send email on behalf of your domain. The DKIM record, on the other hand, is a specially formatted DNS TXT record that stores the public key the receiving mail server will use to verify a message’s signature. These email authentication methods will be used to prove to ISPs and mail services that senders are truly authorized to send email from a particular domain and, are a way of verifying your email sending server is sending emails through your domain.

The process of setting up the SPF Record

To ensure the emails from Blackbaud are sent on behalf of your domain, we need to create or update your existing SPF record by including the following information.

Important Note: The included mechanism that you need to incorporate in your SPF record in order to specify Blackbaud as an authentic sending source is dependent on the product you use.

Please find yours from the list given below:

1. Altru, BBNC, BBIS, eTapestry Basic Mass Email, Education Management, OLX, and Raiser’s Edge NXT: include:outboundmail.blackbaud.net
2. Luminate Online: include:outboundmail.convio.net
3. Blackbaud Award Management and Blackbaud Stewardship Management: include:_spf.academicworks.com
4. Tapestry Advanced Mass Email: include:ne16.com

You can authenticate it easily by using our SPF Generator Tool and following the steps below:

1. Navigate to SPF Record Generator
2. Add the required include in the include:__ section.
3. Choose the Policy (The options are : Fail (Not Compliant will be rejected), SoftFail (Not Compliant will be accepted but marked) and Neutral (Mails will be probably accepted)).
4. When you have made followed the steps, click on the “Generate”

Copy the provided Blackbaud SPF record and navigate to your DNS provider (CloudFlare, Godaddy, etc.) and create a TXT Record. We’ll be using CloudFlare for this example.

Note: please note that the above include is an example, please make sure you have included the correct include based on your platform.

6. Click on “Save”

7. Wait up to 72 hours to allow your DNS to process the changes.

Important Note: Each domain must have only one SPF TXT Record. If you have multiple SPF Records, SPF will return a PermError. 

If you are using multiple IPs, ESPs, Third-Party services for your various email strategies, you should include them in a single SPF Record.
E.g v=spf1 ip4:18.57.156.221 include:outboundmail.blackbaud.net include:thirdpartyservice.com ~all 

Blackbaud DKIM Configuration

Important Note: Depending on the application you use, you need to make sure if the generic DKIM is supported for your platform. You can also request a custom DKIM signature for your domain. To learn about DKIM for your application, refer to the table below.

Important Note:eTapestry Basic Mass Email is not currently compatible with DKIM. If your organization requires DKIM, use Advanced Mass Email. If you send from Financial Aid Management or Tuition Management, verify you are using the blackbaud.school domain which already includes a DKIM signature from Blackbaud.

Depending on the application you are using, please contact BlackBaud support to help you with the process, so they can give you the proper DKIM keys.

If you have gotten your DKIM, please follow the steps below:

1. Navigate to the DNS records section for your individual domains
2. Create a TXT or CNAME record depending on the type of DKIM record provided to you
3. and paste the hostname and value
4. Save changes to your record and wait for 48-72 hours for your DNS to process these changes.

Congratulations, you now successfully authenticated your outgoing mail stream from HappyFox with SPF and DKIM.