Email Authentication Setup Guides

Why is this setup important?

The cornerstone of doing business on the internet is trust. The basic technology of the email medium doesn't provide the level of security, that is required for serious marketing nowadays. That's why we need to implement a few additional technologies to make sure your mail gets delivered properly into consumers inboxes. Furthermore, we need to setup reporting, monitoring and feedback technologies to be supplied with the information we need to help you keeping your lists clean. And last but not least, we need to attach your domain to Empower, so that we can actually send on behalf of your domain.

What technologies do we need?

CNAME Setup

Enables your links to be masked with your domain to ensure consistent branding throughout the email.

Email Authentication with SPF and DKIM

As a way to combat spoofing and phishing attacks (where senders with malicious intentions impersonate a brand to coax an action or sensitive information from the recipients), Internet Service Providers (ISPs) use Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) to verify that your email was sent from the domain it says it was sent from. Both of these are required when sending with Mapp. Without them, ISPs have no way of knowing if your message is legitimate or not.

Brand Protection with DMARC

Domain-based Message Authentication, Reporting, and Conformance (DMARC) has a reporting component, so ISPs can let brands know which messages sent from their domain name are compliant. This allows you to identify failing processes on your end as well as prevents the outside world to abuse your domain. DMARC enables you to set a policy, whether mails failing authentication should be accepted or rejected from ISPs. This item is optional, but highly recommended.

Google Postmaster Tools Setup

Allows our Deliverability Team insights, how Gmail values the IP and Domain reputation of your sendouts. The reputation influences, whether mails are delivered into the inbox, junk folder or even blocked.

Yahoo Feedback Loop (FBL)

Users clicking on spam are reported back to us, once the FBL is setup. While most FBLs are IP based (Mapp can take care of the setup), the Yahoo one is domain based. That's why a few steps are required on your end to set up the FBL.

DNS Setup

DNS Setup file

Please send the following information to the Mapp Deliverability team, via your Account Management contact:

1. Sending domain
2. A technical contact email address that will be used for the policy record

Once the above data is passed to Mapp’s Deliverability team, your individual DNS Setup file called "<domainname>.txt" will be created and passed back to you containing the required records. These entries will need to be added into your DNS zone file through your DNS provider. Upon completion of these entries, the Mapp Deliverability team will need to be notified to verify entries are complete and correct by sending an email to your Account Management or Deliverability contact. Mapp Deliverability will make the entry live, and your Account Manager contact will confirm back to you. The following explains the single entries for your reference.

CNAME Setup

1. Empower is attached to your sending domain via CNAME entry in your DNS.
2. Choose a subdomain name, that you use for your CNAME entry. (For example: The domain name is example.com, a possible CNAME would then be newsletter.example.com)

3. Enter the following entry into your DNS:
   
   location: your CNAME domain
type: CNAME
value: echo#.bluehornet.com (Where # is the schema your account is on)
   TTL: 3600

Propagation takes 24-48 hours on average.

Once the CNAME/DNS entry is set up, please confirm with your Mapp Support Team and they will update your Mapp Empower account.

SPF Setup

The following one line of code is entered into your Domain Name Server (DNS) zone file of the sending domain. This allows our IPs to send email in behalf of your domain.

location: <>

DNS Type: TXT

value: v=spf1 include:spf.bluehornet.com ~all

DKIM Setup

The public keys are required in DNS to verify that your mails have been sent by you and haven't been modified during transmission.

The DKIM key entries and policy records from the text file you received have to be entered into the Domain Name Server (DNS) zone file of the sending domain.

Once the DKIM/DNS entry is set up, please confirm with your Mapp Support Team and they will update your Mapp Empower account.

Google Postmaster Tools

Google requires us to prove Domain ownership with another CNAME in order to enable Postmaster Tools. This will allow us to access your Domain and IP-based reputation information.

The Google Postmaster Tools CNAME record from the text file you received has to be entered into the Domain Name Server (DNS) zone file of the sending domain.

Once the CNAME/DNS entry is set up, please confirm with your Mapp Support Team and they will update your Mapp Empower account.

DMARC Setup

You should start with a policy of "none" as a first step. This doesn't influence Deliverability, but you'll receive your first reports whether mails coming from domains can be validated by ISPs. Once we are confident to validate all outgoing mails correctly, we can enforce the policy to "reject".

All you need to start is a single DNS entry per domain:

location: _dmarc.

type: TXT

value: v=DMARC1; p=none; rua=mailto:postmaster@your_domain.com;

If you want DMARC to be managed by Mapp Deliverability and receive alerts, use this one: (please note, that this is a Premium Service causing additional cost - please contact your AM):

location: _dmarc.

type: TXT

value: v=DMARC1; p=none; rua=mailto:qdnjvmy6@ag.eu.dmarcadvisor.com

Propagation takes 24-48 hours on average.

Once the above DNS entries have been set up, please confirm with your Mapp Support Team and they will update your Mapp Empower account.

Yahoo Complaint Feedback Loop Setup

1. Ensure a postmaster address is set up for your sending domain i.e. postmaster@domain.com. This must be set up prior to continuing. Once you set it up, send a test message to it to make sure it’s functioning, and you can retrieve the message as this will be critical in setting up the CFL successfully.

2. Next, go to the CFL Sign up page.

3. Fill in the first set of fields as follows:
   
   Company Name: Mapp Digital
   Contact Name: Deliverability
   Contact Email: deliverability@mapp.com
   
   
4. The next several fields are specific to your Mapp emails that we’ve included below:
   1. Reporting email: fbl@fbl.bluehornet.com
   2. Selector: s1024-1.bh
   3. Request Type: Add
   4. Domain: <your sending domain>
      
5. Once you click on the Get Verification Code button, this will generate an email sent to the postmaster@SendingDomain.com you recently set up.
   
   
   
   The confirmation email should be coming from: yahoo-account-services-us@cc.yahoo-inc.com
   in case you need to whitelist it or check spam folders etc.
6. Check the postmaster email box for the verification email and enter the code into the Verification Code field that populated:
   

7. Once you’ve entered the code, click on Create Request and you should see the following page indicating you’ve completed this domain:
   

   

   Note: the verification codes usually expire after an hour, so if you get an error of an Invalid Code and it’s been over an hour since you triggered the verification, you’ll need to trigger another verification email or click on “try a new code”

8. If you have additional domains to set up, repeat the above steps until all your domains have been entered. If you do not have other domains, you are finished.

If you run into any issues or receive any error messages, please forward the message to your Mapp Account Manager for assistance.