■
Simpplr supports DMARC, DKIM, and SPF for authentication and validation of email for features like Employee Newsletter and Sentiment AI. Simpplr heavily uses AWS services such as Amazon Simple Email Service (SES) and Amazon Route 53 DNS Service. They store the domain details and manage the validation of the DNS records needed for DMARC.
Additionally, we have enabled dedicated IP addresses in our production SES infrastructure from which mail is sent. This gives the client the ability to allow-list a small set of specific IPs.
Configuration overview:
- The customer's Application manager adds a custom sender address for emails, using the Simpplr UI.
- Simpplr configures SES and provides DNS records to the customer. We create a custom MAIL FROM domain and setup DKIM with an RSA 2048 bit key.
- MX record - so that bounce/non-delivery messages get routed to SES
- SPF TXT record - to validate that the email originates from an authorized email server (IP/subnet).
- DKIM CNAME record(s) - to help inbound servers verify the signature in email headers using public key of the signer. Help establish that the message was not tampered with on the way.
- Customer IT adds the provided DNS records to DNS at their hosting provider.
- Customer IT adds DMARC TXT record to DNS.
- Amazon automatically verifies that DNS was updated and propagated. Once customer updates the DNS entries, it typically a few hours to verify. However, it could take up to 72 hours.
Once the required records are validated, we are able to send via the domain. SES automatically sets up the required headers, etc., on the email to pass validation when we send a message.
See the image below for examples of the DNS records provided.
Note:
Salesforce has an entirely different method of setting up DKIM, SPF, & DMARC. For more instructions, check out the Salesforce documentation linked here.Salesforce Help: Email Security
Comments
I'm a bit confused by this article when I hit the bottom and saw the note:
In relation to simpplr and setting up DKIM, SPF, & DMARC records to ensure my audience is receiving newsletters, am I configuring this in the Simpplr UI, inside Salesforce, or both?
Thanks.
Hi Douglas. The Salesforce configurations settings aren't relevant to sending Employee Newsletters. If you have the DNS settings configured via Simpplr and your org's IT, that should be all you need. If your newsletters still aren't getting sent after that, submit a ticket to our Support team.
The Salesforce DKIM settings mentioned here are for other email notifications like 'must reads' in the platform.
Please sign in to leave a comment.