Does Simpplr support DMARC (Domain-based Message Authentication, Reporting, and Conformance) and DKIM (DomainKeys Identified Mail) authentications?

Simpplr supports DMARC, DKIM, and SPF for authentication and validation of email for features like Employee Newsletter and Sentiment AI. Simpplr heavily uses AWS services such as Amazon Simple Email Service (SES) and Amazon Route 53 DNS Service. They store the domain details and manage the validation of the DNS records needed for DMARC.  

Additionally, we have enabled dedicated IP addresses in our production SES infrastructure from which mail is sent. This gives the client the ability to allow-list a small set of specific IPs.

Configuration overview: 

  • The customer's Application manager adds a custom sender address for emails, using the Simpplr UI.  
  • Simpplr configures SES and provides DNS records to the customer. We create a custom MAIL FROM domain and setup DKIM with an RSA 2048 bit key. 
    • MX record - so that bounce/non-delivery messages get routed to SES
    • SPF TXT record - to validate that the email originates from an authorized email server (IP/subnet).
    • DKIM CNAME record(s) - to help inbound servers verify the signature in email headers using public key of the signer. Help establish that the message was not tampered with on the way.
  • Customer IT adds the provided DNS records to DNS at their hosting provider. 
  • Customer IT adds DMARC TXT record to DNS. 
  • Amazon automatically verifies that DNS was updated and propagated. Once customer updates the DNS entries, it typically a few hours to verify.  However, it could take up to 72 hours.  

Once the required records are validated, we are able to send via the domain. SES automatically sets up the required headers, etc., on the email to pass validation when we send a message.

See the image below for examples of the DNS records provided.DNS_1.png

Note:

Salesforce has an entirely different method of setting up DKIM, SPF, & DMARC. For more instructions, check out the Salesforce documentation linked here. 

Salesforce Help: Email Security

Salesforce Help: SPF and DKIM FAQ

Salesforce SPF & DKIM Step-by-Step Setup Instructions

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

2 comments
  • I'm a bit confused by this article when I hit the bottom and saw the note:

    Salesforce has an entirely different method of setting up DKIM, SPF, & DMARC

    In relation to simpplr and setting up DKIM, SPF, & DMARC records to ensure my audience is receiving newsletters, am I configuring this in the Simpplr UI, inside Salesforce, or both?

    Thanks.

    2
    Comment actions Permalink
  • Hi Douglas. The Salesforce configurations settings aren't relevant to sending Employee Newsletters. If you have the DNS settings configured via Simpplr and your org's IT, that should be all you need. If your newsletters still aren't getting sent after that, submit a ticket to our Support team. 

    The Salesforce DKIM settings mentioned here are for other email notifications like 'must reads' in the platform. 

    0
    Comment actions Permalink

Please sign in to leave a comment.

Articles in this section

See more