This instructional article will demonstrate the Episerver configuration process of Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures to ensure Episerver passes the DMARC alignment check and eliminates spam from your domain, and increase security.
The SPF record identifies the mail servers and domains that are allowed to send email on behalf of your domain. The DKIM record, on the other hand, is a specially formatted DNS TXT record that stores the public key the receiving mail server will use to verify a message’s signature. These email authentication methods will be used to prove to ISPs and mail services that senders are truly authorized to send email from a particular domain and are a way of verifying your email-sending server is sending emails through your domain.
The process of configuring SPF
In order to authenticate Episerver on SPF, please follow these steps:
- Login and head to your DNS Zone provider
- Create a new TXT record
- Input the DNS name as @ or your domain name
- Input the DNS value as v=spf1 include:spf.srv2.de ~all
- Save the record
- Wait up to 72 hours to allow your DNS to process the changes
The screenshot below will show you an example of the SPF record. We’ll be using CloudFlare for this example.
Important Note: Each domain must have only one SPF TXT Record. If you have multiple SPF Records, SPF will return a PermError.
If you are using multiple IPs, ESPs, Third-Party services for your various email strategies, you should include them in a single SPF Record.
E.g v=spf1 ip4:18.57.156.221 include:spf.srv2.de include:thirdpartyservice.com ~all
The process of configuring DKIM
To set up DKIM authentication for Episerver, you’ll need to create two CNAME records. One should be associated with your root domain (e.g., domain.com), and the other with a subdomain (e.g., example.domain.com).
Follow these steps:
- Login and head to your DNS Zone provider
- Create a new CNAME record
- Input the DNS name as mailing._domainkey
- Input the DNS value as dkim.srv2.de
- Save the record
The screenshots below will show you an example of the DKIM records. We’ll be using CloudFlare for this example.
Important Note: Please make sure to disable the Proxy Status and let it remain on DNS Only.
To create the 2nd CNAME record on your subdomain, first follow the steps below:
- Create a new CNAME record
- Input the DNS name as mailing._domainkey.<subdomain name>
- Input the DNS value as dkim.srv2.de
- Save the record
In our screenshot below, our subdomain name is “example” which is shown.
For your information, Episerver (Optimizely Campaign) sends emails with a from address like “example.com”. If your recipient clicks a link in an email (e.g. https://www.example.com/special-offers), Episerver converts the link to a tracking link based on the technical subdomain (e.g.https://newsletter.example.com/trackingcode). The recipient is forwarded to Episerver’s tracking servers to register action data and then forwarded to the original landing page.
Congratulations, you have now successfully authenticated your outgoing mail stream from Episerver with SPF and DKIM.