You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Email is an essential tool in our lives, as well as being one of Evicertia's primary methods of communication, but it is also a common target for spam and fraud. To counter this, there are three important defences: SPF, DKIM and DMARC. These technologies work together to ensure that emails are authentic and secure. From verifying senders to digital signatures and security policies, these solutions are essential to protect our electronic communications and strengthen our email security.


Brief Introduction to SPF and DKIM

The first step in this help is to explain these email security measures in order to understand how they work.



What is SPF?

SPF (Sender Policy Framework) is a technique that helps prevent spam or fraudulent e-mail by verifying whether the mail server sending a message is authorised to do so on behalf of a specific domain. 

Step-by-step explanation:

  1. An e-mail server receives a message from a sender, e.g. "usuario@midominio.com".
  2. The recipient's server queries the SPF records for the domain "mydomain.com".
  3. SPF records contain a list of mail servers that are authorised to send mail on behalf of "mydomain.com".
  4. The destination server checks if the server sending the mail is on that list.
  5. If it matches, the mail is considered legitimate and is delivered. If it does not match, it may be treated as spam or rejected.

Flowchart of a domain verified by SPF

(Flowchart of a domain verified by SPF)

What is DKIM?

DKIM (DomainKeys Identified Mail): is another technique that helps to guarantee the authenticity of emails by adding a digital signature to the message. 

Step-by-step explanation:

  1. When a mail server sends a message, it creates a unique digital signature for that message using a private key.
  2. The mail server adds this signature to the message header.
  3. The destination server, which has the corresponding public key, can verify the signature.
  4. If the signature is valid, the message is considered authentic and has not been altered in transit.

Flowchart of a domain verified by DKIM

(Flowchart of a domain verified by DKIM)

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is like an email supervisor for a domain (such as "mydomain.com"). Think of it as a set of rules that the domain owner sets up to tell other mail servers how to handle emails that appear to come from their domain.

  1. Rules Configuration: The domain owner (such as a company) configures specific rules in the DNS records of their domain. These rules indicate how emails impersonating your domain should be treated.
  2. Receiving an Email: When a mail server receives an email claiming to be from that domain (such as "usuario@midominio.com"), it checks the DMARC rules that the domain owner has configured.
  3. DMARC-based actions: DMARC tells the receiving mail server what to do with the email. You can do one of three options:
    1. Accept Email: If the email complies with DMARC rules (such as having the correct SPF and DKIM signatures), the server delivers it to the inbox.
    2. Mark as spam: If the mail does not comply with DMARC rules, the server may mark it as spam or put it in the junk mail folder.
    3. Reject Email: In extreme cases, if the mail does not comply with DMARC rules, the server may reject it completely, preventing it from reaching the recipient.

How to set up a Forwarding Domain?

A verified forwarding domain allows you to send EviMails with an email account from that domain with the security of delivery as the SPF and DKIM settings are verified.

To set up a forwarding domain, it must be registered on your site with an Administrator user. Only Site Administrators will be able to register domains. 

The registration and configuration of domains is done from the "Management of sender e-mail addresses" screen, which can be accessed from the top menu "My Data".

Grid of forwarding domains

This screen shows the domains that have been configured on a given site. These domains appear in a Grid divided into 7 columns

  1. State : State in which the domain is located
    1. Verified: The domain has been verified by the system.
    2. Not verified: The domain could not be verified by the system.
  2. Domain: This is the name of the domain that has been configured.
  3. Description: Brief description of the domain.
  4. Creation date: Date on which the domain was created.
  5. Details button: Allows you to view the details of the domain configuration and manually perform a verification.
  6. Edit button: Allows you to make changes to the domain configuration.
  7. Remove button: Allows you to remove the configuration of a domain on a given site.

Registration of a referral domain

By clicking on the "Add domain" button, a modal screen is displayed to start the configuration of a new domain.

In this first step, the user is reminded that he/she must have access to the DNS settings of the domain he/she intends to configure, and the recommendation to use subdomains.


Verifying the domain

This is the next step in the domain registration process. In this step the user is shown the necessary configurations that must be made in the DNS of his domain so that it can be verified.

These configurations are customised with the domain entered in the previous step. To make it easier for the user to enter data into their systems.

Once the user has made the necessary modifications to the DNS file of his domain, he has the option to verify the domain by clicking on the "Verify domain" button or Exit the process by clicking on "Cancel".

The user is also given the option to create his own DKIM selector for that domain, by clicking on the button "Add custom key" a popup window will open to generate the selector and the pair of keys (private and public) this option will be detailed further on.

SPF configuration

The SPF record of the client's domain server must contain the mention of our server _spf.evicertia.com, for example as follows:

example.com text = “v=spf1 mx ip4:130.21.85.0/24 ip4:200.140.104.10/22 include:_spf.evicertia.com ~all”

DKIM configuration

The DKIM record must contain one of the following settings. Depending on whether you have set your own selector or the two Evicertia shared selectors.

  1. Default Selectors: from Evicertia

    The DNS must have two CNAME entries configured with the default Evicertia.com selectors.

    Selector

    registro

    Valor

    herma-a

    herma-a._domainkey.<dominio_configurado>

    CNAME:herma-a._domainkey.evicertia.com.

    herma-b

    herma-b._domainkey.<dominio_configurado>

    CNAME:herma-b._domainkey.evicertia.com.

    Example with domain "acmedomain.com""
    herma._domainkey.acmedomain.com: CNAME: CNAME:herma._domainkey.evicertia.com.
herma2._domainkey.acmedomain.com: CNAME: CNAME:herma2._domainkey.evicertia.com.

  2. Custom selector (Custom key):

    Users can create their own DKIM selectors associated with the domain

    Selector DKIM

    registro

    k (Key type)

    p  (Public key)

    Nombre del selector 

    <selector_configurado>._domainkey.<dominio_configurado>

    rsa

    Clave pública generada al crear el selector y añadirlo al dominio

    Example with domain "acmedomain.com" and selector "acmeselector""
    acmeselector._domainkey.acmedomain.com: TXT: "v=DKIM1; k=rsa;p=XVVVCSsdss45DSADAUAA4GNADCBiQKBgQDBcTgrPyLzZThYDTcuguHXPNBe+NaZqPqfnwKhNEAmfMdF4FmHByeFeqkWkxQ5zhbiui0iyxiDE7DsW/V2SgOampuwy8pnmkcZaF1UU0a/Dg/GUYip+EB2sPkdTgdBq7gDPSSY6MnoFeOVunLYyYVZaPs+AfF4g6iuxJfdfdfsferB"

How to set up a sender email account?

User with "Sender" emission permissions, will be able to manage the e-mail addresses from which to send EviMails. This screen can be accessed from My Data >> "Management of sender e-mail addresses".  From this screen the user can register, edit and delete email addresses.

For new sites and those registered before this change, the email address used for registration on the platform will appear as registered. 

Grid of sender email addresses

It is accessed from the menu "My data" >> "Management of sender e-mail addresses". When accessing a grid divided into 6 columns is displayed.

  1. Main (default): A checkbox control appears to select the default email address. Only one can be checked.
  2. Email address: Configured email address.
  3. Display Name: Name to be displayed next to the FROM of the email.
  4. Creation date: Date on which the e-mail address was created.
  5. Edit button: Allows changes to be made to the selected record.
  6. Remove button: Allows you to remove the created e-mail address.
  7. Legacy Icon (Legacy): The legacy iono appears in those email addresses of sites created before this change. Allowing for the moment to send with this account.

Registration of a new e-mail address

This is accessed by clicking on the "Add e-mail address" button, after which a modal screen opens on the "Management of sender e-mail addresses" Grid. The user can read some notes to take into account when registering "E-mail addresses".

  1. The user is advised that they must have access to the address they are trying to register as they will be sent a PIN code to verify.
  2. You are also advised that the address will be active as soon as the domain associated with it is verified. 

The next thing the user has to do is to fill in the fields provided:

  1. Display name : Text to be displayed next to the e-mail address in the FROM. Maximum 100 characters
  2. Email Address: Address to be configured. Maximum 150 characters.

Clicking "Send PIN" opens a pop-up window where the user is told that a PIN has been sent to the e-mail address he/she is registering, and he/she must enter the PIN received in the text box that appears on the screen. Once the PIN has been entered, the PIN is validated and if everything is correct the e-mail address is added to the user's account, and a check is made to see if the associated domain has been verified.

Once the PIN has been validated, a screen is displayed showing the user whether the e-mail address is activated or deactivated.

The Most Common Domains on the Web

In the following list you will find instructions on how to modify DNS records in the most commonly used domain providers. In case the service you are looking for does not appear in this list, I suggest you visit your provider's website and look for information in their help section. In addition, you can always contact their technical support team for personalised guidance.


Amazon Web Services: DNS settings

Dreamhost: DNS information

GoDaddy: How to add a CNAME record

Google Domains: DNS Basics

Hostgator: Manage DNS records

Hover: DNS Settings

IONOS: How to add a CNAME record

Namecheap: Configure SPF and DKIM

Squarespace: DNS settings

Wordpress: DNS Settings

Siteground: How to add a CNAME record

Wix: How to add a CNAME record

From the New EviMail screen. The FROM section appears first, from which you can now configure the sender. 

In the "Email to use as sender" field, the user may select any of the email addresses configured. Also by clicking on the icon you can edit the text that is displayed as the sender in the e-mail that is sent.

In the call to EviMailSubmit a new text parameter FROM is added, this parameter is optional, if not specified the default email account will be used.


From (text) Opcional : E-mail address with which the FROM of the EviMail e-mail will be configured. The submit will validate that the address is configured in the sending user's account and that the domain is verified. 

API
POST /api/EviMail/Submit HTTP/1.1
Host: app.evicertia.com
Authorization: Basic xxxxx9jZWJlcg==
Content-Type: application/json 
 
{
    "LookupKey": "234234",
    "Subject": "this is the subject of the email",
    "Body": "This is the Body of the email",
    "From":"user01@newcompany.com",
    "Recipient": {
        "LegalName": "LegalName",
        "EmailAddress": "recipient@testmail.com"
    },
    "Options": {
        "AffidavitKinds": [
            "DeliveryResult"
        ],
        "CertificationLevel": "Advanced",
        "TimeToLive": 365,
        "HideBanners": true,
        "NotaryRetentionPeriod": 0,
        "OnlineRetentionPeriod": 1
    }
}
  • No labels