Product: Nexternal
It's important to ensure that your customers and your employees receive their order confirmation, order notification, order shipped, password reset, and other Nexternal platform-generated emails that are being sent from Nexternal servers under your Company's name. There are three methods you can employ to preclude the receiving email systems from incorrectly blocking these legitimate emails as "spoofing" emails (emails with forged headers pretending to be from someone they aren't really from, for the purpose of phishing or spam campaigns). Each of the following three methods can be used alone or in any combination with each other:
1. SPF (Sender Policy Framework) Content. (easiest and most commonly used method)
Sender Policy Framework (SPF) is an email validation system that verifies the source IP address of the email against a DNS TXT record which contains SPF content. SPF indicates which mail servers are authorized to send email for a domain. It is the easiest and most commonly used way to ensure that email originating from Nexternal's servers properly validates with your SPF record, and is therefore delivered. SPF is handled entirely in your DNS records and not in the Nexternal Order Management System (OMS). To effect SPF validation simply reference Nexternal in your own SPF record. To do so, you should use the "include" mechanism in your SPF record:
βinclude:nexternal.com
If, for example, your e-mail is hosted by Google, the recommended SPF record is:
βv=spf1 include:_spf.google.com ~all
Adding the recommended mechanism for Nexternal thus gives:
βv=spf1 include:nexternal.com include:_spf.google.com ~all
Nexternal recommends that DNS records be created and modified by experienced professionals only. Syntax must be precise.
2. DKIM (DomainKeys Identified Mail)
DKIM EMail Authentication adds a digital signature to emails sent by Nexternal on your behalf, authenticating that the emails are legitimate. If you wish to use DKIM, you must first generate a set of 1024-bit private and public encryption keys. Next, add a DNS (Domain Name System) record to your domain, using a _domainkey TXT record with the generated public key and "nexternal" as the selector (e.g. nexternal._domainkey.firstfairway.com IN TXT "v=dkim1; p=MIGf0gdA4G..."). You may then verify that your DKIM key works using one of the many online tools available. Finally, enter your DKIM Private Key and DKIM Domain (e.g. firstfairway.com) in the OMS fields provided (Settings/ Edit Site Options/ DKIM E-Mail Authentication), to activate DKIM for all e-mails sent by Nexternal from the DKIM Domain.
If you wish to employ DKIM, be sure to read the full ? tooltip near the above-referenced DKIM fields in the OMS for all setup and syntax information.*
3. DMARC (Domain-based Message Authentication, Reporting and Conformance)
DMARC defines how email that fails SPF and DKIM tests ought to be handled, to make it difficult or impossible for spammers to successfully send emails that use your domain in the From field. For more information about DMARC, please visit the official DMARC site.*
*IMPORTANT: Generating keys and adding DNS records are tasks best performed by experienced professionals only. Improper use of SPF, DKIM, and DMARC can seriously reduce the likelihood of your emails being successfully transmitted.
rev: 6/7/21