de en


Sender domains and DKIM

In the following, you will discover what sender domains which are required for sending mailings are, how they are used in Shared Services - Graubünden Ferien, what DKIM is all about, and what advantages this procedure brings with it. 

Sender domains

Sender domains are part of the sender address. Specifically, this is the part after the '@'. For example, if a sender address is 'info@my-domain.com', 'my-domain.com' is the sender domain. If you want to send e-mails with Shared Services - Graubünden Ferien, you must set up at least one sender domain.

What are DKIM, SPF and MX?

  • DKIM ("DomainKeys Identified Mail") describes a procedure in which the authenticity of the domain of the e-mail sender address is checked to ensure that the content of this e-mail has not been modified. This ensures that an e-mail has not been tampered with by a third party and that the sender is legitimate. For this purpose, the header of the e-mail is provided with a tamper-proof signature, which is verified by the receiving server. This authentication prevents sender addresses from being forged for sending phishing or spam mails and recipients from being deceived.

  • SPF ("Sender Policy Framework") determines that the sender IP is authorized to send the e-mail. For this purpose, the SPF record is used to configure all servers that are authorized to send the mail, and sending via non-legitimate mail servers is prevented.
  • The MX ("Mail Exchange") record consists of two values: (1) The domain name of the mail server that is responsible for the sender domain and (2) the priority to use if multiple mail servers are specified.

So much for the theory, but...

… is DKIM necessary?

To achieve the best possible security for your mailings, it is essential to send them via CSA (Certified Senders Alliance)-certified servers. For us as a CSA certificate holder, DKIM is mandatory, so all mailings must have a valid DKIM entry. That being said, DKIM has numerous benefits, including:

  • Your recipients know they have received an unaltered email. This authenticates you as a reputable sender and you enjoy a higher reputation as a sender.
  • Your e-mails do not end up falsely in the SPAM checks of e-mail services and are not classified as a risk in the worst case. This way, your open rates remain stable.
  • Some e-mail services (e.g. GMX or Gmail) already require a DKIM signature and more services will follow.

For these reasons, it is necessary that all your sender domains have a valid DKIM entry. How this works exactly is described step by step below.

Manage sender domains in the 'DKIM and sender domains' menu

In the menu 'DKIM and sender domains' under 'Administration' you will find an overview of your sender domains. It is not bound to any extra rights or requirements, the menu can be found in all accounts.You will find the following information:

 

  • Column 'Default': The sender domain selected as default is marked with an icon.

  • Column 'DNS check': Here you can see whether a sender domain has been set up correctly. If it is valid (✓), you can send the domain for sending your e-mails. "✘"indicates that it has not been configured correctly.
  • Column 'Forwarding': Here, you can see the selected forwarding of the sender domain, adjustable when creating and editing a domain. If the column is empty, the option 'No forwarding' has been selected. A red ✘ symbolizes that the forwarding is not yet active on our mail server. The reason for this is that a valid DNS check is a prerequisite. It is regularly checked whether the DNS record of the sender domain has become valid. Should this occur, you will now see a green ✓ in the column. This shows that forwarding is active. The advantage of this is that forwarding can be selected during creation and the sender domain does not have to be edited subsequently, but it still only takes effect when the DNS entry is valid.
  • Action ‘DNS entry‘: Here you will find the DNS entries (DKIM, SPF as well as MX).
  • Action 'Edit'
  • Action 'Delete': Sender domains can be deleted. Please not that before deleting, it will not be checked whether sender domains are currently used for mailings or not. Please conider carefully, if the sender domain really should be deleted.

Create sender domain

You create a new sender domain by clicking on 'Create'. Required entries are: 

  • URL of sender domain: Enter the URL of the sender domain. Once created, the URL cannot be changed.
  • Default setting: A sender domain can be selected as the default sender domain. This will be displayed as default in the basic email settings of your emails after successful configuration, saving you a few clicks. The selection is optional.

Furthermore, there are two settings for the DKIM configuration:

  • Selector: A DKIM selector is a unique identifier to identify a DKIM signature. This allows organizations to use multiple DKIM signatures for different purposes in an email domain. Selectors do not allow special characters (except underscore "_") or umlauts. Once the domain has been created, the selector cannot be changed.
  • Key Length: The key length of the DKIM can be 1024 bits or 2048 bits. We recommend 2048 bits because this value provides more security. On the other hand, 1024 bits are suitable for domain providers that only allow shorter DKIM keys. Once the domain has been created, the key length cannot be changed.

Save to create the sender domain. You will now find it together with the DNS entry in the overview, which must now be stored in the correct place.

Edit sender domain

After creating the sender domain, it can be edited at any time. However, not all fields can be adjusted afterwards: The domain itself as well as the DKIM settings (selector and keylength) can no longer be changed.

The following fields can be customized:

  • Default setting: Changes the default sender domain of your account. If you choose a new domain as default, the previous default domain will be replaced by it as default.
  • Mailfilter: Here you specify to which address the newsletter recipient's reply should be delivered. There are three options for this. (1) Original sender address: Replies go to the sender address you selected in the basic settings of a mailing. (2) Parent domain address: Replies go to a domain level higher up. For example, if you have sent via absender@news.domain.de, replies will go to absender@domain.de, and (3) Custom address: Replies go to an address you have selected. Clicking on the radio button opens an input field in which you can enter the address. The mailfilter can only be changed for domains with a valid DKIM entry.

Configure DKIM entry

Click on the gear icon to open the DNS record. This contains the DKIM, the SPF1.0 and the MX record. These entries are needed to authenticate the domain. You do not store them with Shared Services - Graubünden Ferien, but with your website provider. Since this procedure is slightly different for all providers, there are no universal instructions. If you have any questions, it is best to contact your website administrator or the provider itself. However, the necessary steps are usually similar:

  • Log in to your website provider or domain hosting platform and open the administration area. With many providers you will find a menu for 'domain administration' or something similar

  • Search for the DNS settings there.
  • Follow the instructions and deposit your DKIM entry in the right place.
  • To avoid unnecessary error messages, please specify a priority for the MX record.
  • Also, be sure to set the SPF record. If an SPF record already exists, extend it.

You can see whether the entries have been stored correctly by the 'DNS check' column in the sender domain overview. ✓' means that the domain entry is valid and can be used for sending. ✘', on the other hand, symbolizes that the configuration has not yet been completed successfully.

Sender domains in client systems

As of 03/06/2023, as the owner of a client system with multiple sub-accounts that use the same sender domain, you have the option to release this sender domain for selected sub-accounts from the admin account. After sharing, the sender domain is listed in the overview in these accounts and can be selected for sending when editing an email, but cannot be edited or deleted.

To perform the sharing, the following steps are required:

  • Step 1: In the admin account, open the 'DKIM and Sender Domains' overview and edit the sender domain to be shared. At the lowest option 'Release sender domain for subaccounts', you can perform the release.
  • Step 2: To share the sender domain, click on 'Select accounts' to open the account overview. On the left side, you will find a list of all sub-accounts of the client system, while on the right side, you will see the sub-accounts for which the sender domain has been shared. By clicking on a sub-account, it will be moved to the right side and the sender domain will be released. As soon as you confirm the changes with 'Save', you will be redirected back to the window for editing the sender domain, where above the button all subaccounts were listed, for which the sender domain was released.

Using sender domains in e-mails

If at least one sender domain has been set up in the account, this can be used for all future sendings.

To do this, open or create an e-mail and go to the 'Basic settings' tab. There you will see two fields for the sender address:

  • Local part: Enter the part before the @ of your sender address. For example, if the address is 'localpart@senderdomain.com', enter 'localpart' here.
  • Sender domain: In the dropdown, you will find all the sender domains that have been created in your account. The default sender domain is automatically selected. Choose the desired sender domain to complete the sender address.

If there are already e-mails in your account with an entered sender address which were created before the creation of a sender domain, the system will check whether the sender address matches the subsequently created sender domains when opening this e-mail. This results in the following possibilities:

  • The sender domain in the e-mail matches a subsequently created sender domain: It automatically detects that the sender domain already exists and displays the select. You do not have to change anything manually.
  • The sender domain in the email does not match a subsequently created sender domain: In this case, nothing will be replaced automatically and you will see the old interface with the 'Sender address' input field and a note that the sender domain does not yet exist in the account. The next possible steps are: (1) You manually enter a sender domain that already exists in the account. After saving, the system checks again whether the sender domain exists and automatically switches to Select. (2) You create the missing sender domain in the 'DKIM and sender domains' menu and reopen the email after successfully depositing the DKIM entry. The check will determine that the sender domain now exists and the select will be displayed.

Please note that all sender domains of your account are displayed in the dropdown. It is not checked whether the sender domains have a valid DKIM entry. Therefore, please double-check that a sender domain with a valid DKIM is used before sending, so that your sending always benefits from a safe sender address.

Tags: