Simpplr supports DMARC, DKIM, and SPF for authentication and validation of email for features like Employee Newsletter and Sentiment AI. Simpplr heavily uses AWS services such as Amazon Simple Email Service (SES) and Amazon Route 53 DNS Service. They store the domain details and manage the validation of the DNS records needed for DMARC.
Additionally, we have enabled dedicated IP addresses in our production SES infrastructure from which mail is sent. This gives the client the ability to allow-list a small set of specific IPs.
- The customer's Application manager adds a custom sender address for emails, using the Simpplr UI.
- Simpplr configures SES and provides DNS records to the customer. We create a custom MAIL FROM domain and setup DKIM with an RSA 2048 bit key.
- MX record - so that bounce/non-delivery messages get routed to SES
- SPF TXT record - to validate that the email originates from an authorized email server (IP/subnet).
- DKIM CNAME record(s) - to help inbound servers verify the signature in email headers using public key of the signer. Help establish that the message was not tampered with on the way.
- Customer IT adds the provided DNS records to DNS at their hosting provider.
- Customer IT adds DMARC TXT record to DNS.
- Amazon automatically verifies that DNS was updated and propagated. Once customer updates the DNS entries, it typically a few hours to verify. However, it could take up to 72 hours.
Once the required records are validated, we are able to send via the domain. SES automatically sets up the required headers, etc., on the email to pass validation when we send a message.
See the image below for examples of the DNS records provided.