If you've enabled the email features of DMARC or DKIM on your domain, emails sent using Arbor may not be delivered, or they may go straight into the intended recipients' junk folders.
This guide will help you to minimise the chances of emails not being delivered as expected.
DMARC and DKIM
Domain-based Message Authentication, Reporting, and Conformance (DMARC) and DomainKeys Identified Mail (DKIM) are both security protocols for email. DKIM tries to verify whether an email is legitimate and DMARC suggests what to do with an email that isn’t legitimate.
We recommend using DMARC, and adding CNAME and TXT DNS records to your DNS hosting provider.
NOTE: Since February 2024 some of the larger email providers have introduced a new set of requirements that senders must meet in order for mail to be delivered as expected to their subscribers. This includes the requirement that senders have a TXT DMARC record in their DNS zone.
SPF
Sender Policy Framework (SPF), is a DNS-based mechanism for authorising IPs to send from a domain.
This article also includes details of the SPF record you can create to flag Arbor as a valid sender.
Setting up DMARC and adding an SPF record
Step 1 - If you haven’t already, add a DMARC policy (including setting up DKIM and SPF records)
The process for doing this differs depending on your DNS provider. For example:
If you aren't sure whether you’ve set up a DMARC policy, use MxToolbox to check:
- Type your domain into the ’Look up anything…’ box
- Select ‘MX Lookup’ from the dropdown
- Click on the ‘MX Lookup’ button to run the test
If the DMARC policy is showing as ‘Not enabled’, you will need to set it up. See below:
Step 2 - Let your support team know the email domains you are using
Let us know all the domains you want to send emails from within Arbor. Typically, for a trust, there will be a central domain which may be used by central staff, and a sub-domain for each school.
- If you're supported by a partner, send the details directly to your support partner
- If Arbor supported, send the details to dmarc.request@arbor-education.com
Please include:
- Your name
- Your email
- The name and email of your IT manager/support - this will be the person we contact with your CNAME records.
- Your Domain(s), e.g. 'arbor-education.com'
We’ll generate some domain-specific DNS records for you to add.
Step 3 - Add DNS records to your hosting provider
Once you've sent us the email domains that are in use, for each domain we'll provide you with a set of three CNAME records and a suggested TXT record to add to your provider. These will specify that Arbor is a valid sender for your specific domains.
NOTE: If you already have a DMARC TXT record, do not add the suggested TXT record. You should keep your original TXT record as it is.
See below for an example of what the DNS record details would look like:
| Type | Host | Value |
| CNAME | em6789.yourdomain.org.uk | u123456.wl345.sendgrid.net |
| CNAME | s1._domainkey.yourdomain.org.uk | s1.domainkey.u123456.wl345.sendgrid.net |
| CNAME | s2._domainkey.yourdomain.org.uk | s2.domainkey.u123456.wl345.sendgrid.net |
| TXT | _dmarc.yourdomain.org.uk | v=DMARC1; p=none; |
To add a new record:
- Go to your domain’s DNS records
- Add each record to your DNS zone, selecting whether you’re adding a CNAME or TXT record type
- Check whether your provider will automatically add the domain to the Host field. If this is the case, you will need to just add the Host field excluding the domain (e.g. add ‘em6789’ instead of ‘em6789.yourdomain.org.uk’)
- Create each record with the given Host field and the corresponding Value field
- Save your record
See below for how this might look in your provider as you add your records:
Step 4 - Check you’ve added the records correctly
Once you have added the records we've provided, you can check that they’ve been added correctly using MxToolbox.
You will need to check each DNS record individually.
To check each of the CNAME records, use ‘CNAME Lookup’. See below:
To check your TXT record, use the ‘TXT Lookup’. See below:
Step 5 - Let us know you're ready to go
Once you've added the records we've provided, let us know so we can verify everything is working. After that, you should be able to safely send emails from Arbor via your domains!
You can add an SPF record to your email policy to state that Arbor is a valid sender.
The data to add to your SPF record for to identify Arbor as a valid sender is:
ip4:167.89.0.0/17 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:198.37.144.0/20 ip4:198.21.0.0/21 ip4:192.254.112.0/20 ip4:168.245.0.0/17 ip4:149.72.0.0/16 ip4:223.165.113.0/24 ip4:223.165.115.0/24 ip4:223.165.118.0/23 ip4:223.165.120.0/23
NOTE: this example does not include other SPF records that you may already have, and need to include, for other services such as Microsoft O365 or Google Workspace. For instance, a complete SPF record for O365 may look something like:
v=spf1 include:spf.protection.outlook.com ip4:167.89.0.0/17 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:198.37.144.0/20 ip4:198.21.0.0/21 ip4:192.254.112.0/20 ip4:168.245.0.0/17 ip4:149.72.0.0/16 ip4:223.165.113.0/24 ip4:223.165.115.0/24 ip4:223.165.118.0/23 ip4:223.165.120.0/23 -all
Comments
Article is closed for comments.