Setting up Custom Domains for secure email delivery using Pendula
For marketers looking to authenticate their brand and to boost credibility in their client communication, sending emails from a custom domain is imperative. In this guide, we'll walk you through the process of sending emails from your company’s domain. We’ll also cover important topics like SPF, DKIM, and DMARC, all critical to fortifying your domain’s email security.
Defining SPF, DKIM, and DMARC
Before we delve into the actual set-up, it's important to understand some key terms:
Sender Policy Framework (SPF): This is an email authentication method that verifies that incoming mail from a domain comes from a host authorised by that domain's administrators.
DomainKeys Identified Mail (DKIM): This email authentication method uses public-key cryptography so sign an email with a private key. This process verifies that parts of the email have not been modified during transit.
Domain-based Message Authentication, Reporting, and Conformance (DMARC): This works in tandem with SPF and DKIM as an email-validation system designed to detect and prevent email spoofing. DMARC tells a destination mail server what action to take if an email fails SPF or DKIM checks.
Setting Up Your Custom Domain with Pendula
To send emails from your custom domain using Pendula, you first need to provide us with your desired domain. After you’ve done this, the next step is creating DNS records to authenticate your email with DKIM. Finally, you’ll need to create a DNS record to configure DMARC for your domain.
Implementing SPF, DKIM, and DMARC Records
While creating DNS records for DKIM is mandatory for sending email from a custom domain with Pendula, we also strongly recommend that you set up a DMARC record too. These steps will increase your email credibility and significantly reduce the likelihood of your emails being marked as spam.
SPF is setup out of the box in Pendula so there’s no action required.
When you provide us with your desired domain, we will provide you with a set of CNAME records that you will add to your domain's DNS settings. This effectively links your domain with Pendula, allowing for authenticated email sending. These values will mention Amazon SES because that’s what we use to send email by default.
An explanation of DMARC is beyond the scope of this article, however, there is plenty of information available online. Your DMARC configuration will be specific to your organisation and its unique requirements. The absolute minimum to setup DMARC is a record that requests email servers to take no action if an email fails SPF or DKIM checks. This configuration is provided as an example but is not recommended as spoofed emails from your domain are just as likely to be delivered as legitimate emails from Pendula.
Create a TXT record names _dmarc.[example.com](<http://example.com>)
is the name of your actual domain. The value of the TXT record can be set to v=DMARC1; p=none;