...
The email itself will still be send via the Spacewell email server, but the email will look like it originated from the specified client email address. This can lead to the email being labeled as spam by a receiving mail server. This is most often the case if the receiving mail server is the same as the server the email pretends to be from. (So any email send via Workplace Management to the employees of the client)
There are several options that can be taken to prevent this problem.
1) Add an SPF (Sender Policy Framework) record to the clients DNS
By having the client add the necessary SPF record to there DNS, the receiving mailserver can verify that Workplace Management is allowed to send emails on behalf of your domain. The following inclusion needs to be done on the DNS:
...
If you want to test if the spf SFP record is added correctly, you can use free online tool to see if the spf record is available. Easy to use tools are:
2) DKIM (Domain Keys Identified Mail)
A second method, which can be used in conjunction with the previous, is DKIM. With DKIM, a key is generated within Workplace Management, which is in turn added to the DNS. For more in depth information about DKIM, please refer to the documentation that can be found online like this post from DMARCIAN.
...
Within Workplace Management, navigate to the Setup through the menu on the left or the ‘Setup’ client settings via the tile on the dashboard.
Navigate to the tab “Email” and press on the icon for “Signing domains”
Click on “new”
Fill in the following fields:
Domain name: the domain name for which the key applies (e.g. http://client.com )
Active: if the DKIM record is active
DKIM selector: This is used by the receiving agent or client to retrieve the public key from the DKIM DNS text record, which has the name: <selector>
._domainkey.<domainmame>
It is possible to configure multiple domains using the same specific selector for the DKIM record.
E.g. fill in ‘spacewell’ or ‘workplace-management’ so you can easily recognize that the DNS text record that you might requestClick on the top right icon with the key to generate a private and public key
If the private key was externally generated and is encrypted, fill in the password for this private key.
Copy the PUBLIC key and share this with your the customers IT department as they need to add this to their DNS. Make sure the DKIM setting is active once the record has been added to the DNS.
Send a test email from Axxerion Workplace management and validate that is signed correctly
Background information on the non-editable fields
HashingAlgorithmHash Algorithm:The hashing algorithm used for the DKIM signature. Currently only SHA-256 is allowed.
PublicKeyPublic Key in PEM format : The public key is extracted from the private key and is not editable.
PrivateKeyPrivate Key in PEM format : The private key must be in PEM format. For DKIM the private key must be a RSA key. Note that a new key pair can be generated with the page function 'Generate key pair'. It is also possible to enter a private key from an external source. Note that the private key is always stored in an encrypted format by a newly generated strong password.
LengthKey length (bits) : The length of the private key is the number of bits of the 'modulus' of the private key. Currently only value2048 is allowed.
...
Determine the sender domain name, for example "‘http://client.com "’
Check that the domain of mail headers "From:" and "Mail from:" is present in the Email Signing domains and that it is active (see chapter Configure DKIM mail signing above).
Make sure the DNS TXT record of the email signing domain is present in the DNS of the sending domain. You can use the following website to vailidate the DNS entry: DKIM Core
Send a mail from the axxerion Workplace Management client layer to you own mail account:
Contact -> Mailings -> Create new mailing
Add sender contact. The email of the sender contact must match one of the signing domains defined in this client layer, for example: testdkim@somedomain.com
Add one or more recipient contacts, this can be you own email address.
Click "Send message"l, note that it can take some time before the mail goes to status "sent". Use refresh to show the latest status.
Check if the mail is received in the mailbox.
Open the email message source and make sure the DKIM-Signature header is present, for example:
Code Block DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; t=1467293263; s=selector1; d=dkimtest.axxerion.com; h=From:To:Message-ID:Subject:MIME-Version:Content-Type:Date; bh=wgyYNgRSqIvawIOIl/ZZ4lB8xSDZ067gS0biO571JF4=; b=JLQRTJEQi6LcMRb8fBGPGjbh/j6GjL6vB+2BiHWXU9JIFjC6KgvuZwGXvCRMKb6V Rd/Qc6NHIBZ+Km24oyhAc02Tqs6f+zThfI9B3IEEt466TAIhg1OjrXNDtosUhivPul/ UntOyB6OZO0qVyywfKCwY7dMFTB1YltnGKTTXufut2p0StslDks/SOfGV4yBXsWf07N Mj4R480+2iBcYDISNumz4jiz5b2poU8Z0hpSSlMRDKzXzHzyig4ODcJ4yx2R75oJ2Vd ztTQ0voxEi7utmgFOeirP0XY9KEr9Y/NQG7GwfTtIFgCZUzHw/eOo2RtsKZchifx4HT x5j5v1HonA==
You can use the mail client 'thunderbird' with the 'DKIM Verifier' extention to validate the DKIM-Signature:
Download thunderbird from here
Configure you mail account:
Edit -> Account Settings -> Account Actions -> Add mail account
Fill in the pop3/imap server and you userid/password.
Install the DKIM Validator add-on:
Tools -> Add-ons -> Get Add-ons
Search for 'DKIM' -> install
You can configure the 'DKIM Verifier' in Tools -> Add-ons -> Extensions -> DKIM Verifier -> Preferences
To enable debugging: Advanced -> enable debugging and Show detailed errors
Open the mail with the DKIM Signature
Open the error console with: <ctrl> + <shift> + j Detailed info and error messages are now shown.
...
Allow the use of the clients own mailserver
If the above options are not sufficient or you the client would like allow to use your there own mailserver, that is also possible. Navigate to “Setup > “Client settings> Email”. Fill in the following fields (be aware: these values should be provided by your the clients IT department):
|  |
...