SMTP Relay set up. Technical team

Similar documents
Forward set up. Technical team

Report API v1.0 Splio Customer Platform

Trigger SMS API. API Documentation SPLIO - SPRING Contact and Campaign Trigger SMS API - EN v4.0.docx

Account Customer Portal Manual

Factors that Impact Deliverability

Technical Brief: DYN DELIVERY

Communicator. Branded Sending Domain July Branded Sending Domain

Step 2 - Deploy Advanced Security for Exchange Server

Instructions Microsoft Outlook 2010 Page 1

Instructions Microsoft Outlook 2007 Page 1

Mail Assure Quick Start Guide

s and Anti-spam

Instructions Microsoft Outlook 2013 Page 1

Marketing 201. March, Craig Stouffer, Pinpointe Marketing (408) x125

AWEBDESK MARKETER

Synology MailPlus Server Administrator's Guide. Based on MailPlus Server 1.4.0

Using Trustwave SEG Cloud with Exchange Online

Securing, Protecting, and Managing the Flow of Corporate Communications

Managing Spam. To access the spam settings in admin panel: 1. Login to the admin panel by entering valid login credentials.

Office 365: Secure configuration

Anti-Spoofing. Inbound SPF Settings

Mail Assure. Quick Start Guide

Instructions Microsoft Outlook 2003 Page 1

Optimization of your deliverability: set up & best practices. Jonathan Wuurman, ACTITO Evangelist

Instructions Eudora OSE Page 1

Office 365 Standalone Security

October 4, 2000 Expires in six months. SMTP Service Extension for Secure SMTP over TLS. Status of this Memo

anti-spam techniques beyond Bayesian filters

Best Practices. Kevin Chege

Pardot Setup Implementation Guide

SMS Relay. API Documentation SPLIO - SPRING Contact and Campaign SMS Relay API - EN v1.2.docx

On the Surface. Security Datasheet. Security Datasheet

Using Trustwave SEG Cloud with Cloud-Based Solutions

HOW-TO GUIDE. How to Optimize Your s for Deliverability

Teach Me How: B2B Deliverability in a B2C World

KantanMT.com. Security & Infra-Structure Overview

How to Configure Office 365 for Inbound and Outbound Mail

DomainKeys Identified Mail Overview (-01) Eric Allman Sendmail, Inc.

Mail Assure. User Guide - Admin, Domain and Level

A Federal Agency Guide to Complying with Binding Operational Directive (BOD) 18-01

Deliverability 2016: It s beyond just reaching the inbox

Version SurfControl RiskFilter - Administrator's Guide

vbulletin and VerticalResponse

DNS Management with Blue Cat Networks at PSU

Table of content. Authentication Domain Subscribers Content Sending practices Conclusion...

Introduction to Antispam Practices

Based on material produced by among others: Sanjay Pol, Ashok Ramaswami, Jim Fenton and Eric Allman

How to Configure Esva for Office365

========================================================================= Symantec Messaging Gateway (formerly Symantec Brightmail Gateway) version

Configuring Gmail (G Suite) with Cisco Cloud Security

Comendo mail- & spamfence

Digital Messaging Center Feature List

Deliverability Terms


Ciphermail Webmail Messenger Administration Guide

Automatic Delivery Setup Guide

2016 Infoblox Inc. All rights reserved. Implementing AWS Route 53 Synchronization Infoblox-DG January 2016 Page 1 of 8

Authentication GUIDE. Frequently Asked QUES T ION S T OGETHER STRONGER

To create a few test accounts during the evaluation period, use the Manually Add Users steps.

Administration. STILOG IST, all rights reserved

WeCloud Security. Administrator's Guide

Important Information

Marketing Best Practices that Maximize Deliverability

Guide To Navigating POPI

SMTP Settings for Magento 2

McAfee Gateway Appliance Patch 7.5.3

Office 365 Inbound and Outbound SMX configuration. 4 th January 2018

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Contents. Limitations. Prerequisites. Configuration

Security and Privacy

Defining Which Hosts Are Allowed to Connect Using the Host Access Table

Comodo Dome Antispam Software Version 6.0

My The guide.

Building a Scalable, Service-Centric Sender Policy Framework (SPF) System

Defining Which Hosts Are Allowed to Connect Using the Host Access Table

WHITEPAPER Rewrite Services. Power365 Integration Pro

Domain Name Service. Product Description. Issue 03 Date HUAWEI TECHNOLOGIES CO., LTD.

Overview... 3 Provisioning Sites for Security Awareness Training... 3 Understanding Phishing Simulations... 6 Understanding Types...

April 24, 1998 Expires in six months. SMTP Service Extension for Secure SMTP over TLS. Status of this memo

i-mscp OpenDKIM plugin

Top 10 Deliverability Best Practices. #ActOnSW

Advanced Marketing Certification Training

Setting Up in Daycare Works Help. Version: 06/25/2013

Mail Reporting. User Guide - Table of Contents. Overview. Use Case(s) Accessing the Tool. Mail Reporting Tools. Sent s.

Fortinet.Certdumps.FCESP.v by.Zocki.81q. Exam Code: FCESP. Exam Name: Fortinet Certified Security Professional

DKIM Implementation How

G-Lock EasyMail7. Startup Guide. Client-Server Marketing Solution for Windows. To learn more about G-Lock EasyMail7, visit

Certification. Standards and Requirements. December Return Path, Inc.

Deliverability Webinar: Factors that Impact Deliverability Hosted by the emarketing Learning ebizitpa

Single Sign-On. Introduction

DKIM Implementation. Messaging Anti-Abuse Working Group. Segment 3 of 4 on DomainKeys Identified Mail. MAAWG Training Series

SafeConsole On-Prem Install Guide

Comodo Dome Antispam Software Version 6.0

Error Sending Mail Message To Smtp Server. Return Code 552

Category: Standards Track January 1999

Data API v1.2. SPRING Contact & Campaign SPLIO - SPRING Contact and Campaign DATA API EN v1.3.

CompSci 356: Computer Network Architectures. Lecture 23: Application Layer Protocols Chapter 9.1. Xiaowei Yang

Web Hosting Control Panel

Sophos Appliance Configuration Guide. Product Version 4.3 Sophos Limited 2017

TrendMicro Hosted Security. Best Practice Guide

Transcription:

Technical team 09/08/2016

Summary Introduction... 3 SMTP Relay service description... 3 Presentation of our service... 4 Service set-up... 5 Infrastructure... 5 Set-up... 5 Customer sending authentication... 5 Tracking... 6 Details on returned information... 6 Datas feeds... 7 Customer data feeds... 7 Send set-up... 8 Message header... 8 MX records set-up... 9 SPF/DKIM set-up... 9 Usage... 9 Identification and authentication... 9 Qualification... 9 Integrity... 9 Used standard policies... 9 SPF (Sender Policy Framework)... 9 Sender ID... 11 DKIM (DomainKeys Identified Mail)... 11 DNS set-up... 12 Case 1: Customer ensures the domains management... 12 Case 2: Customer delegates sub-domain management to SPLIO... 14 Case 3: SPLIO manages your DNS... 14 Google postmaster management... 14 2

Introduction SMTP Relay service description This document intends to provide technical information on SMTP Relay (Forward formerly) service, in order to facilitate the set up and launch. Some functional aspects are mentioned for a better understanding of the flow. smtp RELAY++ 3

Presentation of our service Services covered The SMTP Relay service is dedicated to outsource the email delivery optimization, and returning the hard-bounces in synchronous mode, and also, as optional features, tracking and reporting in asynchronous mode. The SMTP Relay service cannot remove the sender responsibilities regarding the privacy policies and local laws. SMTP Relay can manage delegated functionalities such as: SMTP transaction procedures Spam complaints management Hard-bounces management Unsubscriptions through feed-back loops (FBL type list-unsubscribe) Immediate blacklist preventing recipient to receive a Newsletter after unsubscription Campaign events (Hard-bounces, Unsub, clicks,..) can be delivered» Through an asynchronous mode (flat file through FTP or FTP TLS)» Through a synchronous mode (SMTP or HTTP requests) (optional) Authentications» Messages can be signed with DomainKey/DKIM» SPF/Sender ID management» Sub-domain delegation (optional) Additional services :» IP reputation Monitoring ReturnPath SenderScore Certification (optional) Easy and intuitive monitoring and reporting tools Advanced reporting facilities (optional) The set-up is designed to be quick. 4

Service set-up Infrastructure Set-up Customer sending authentication Option 1: The SPLIO customer is identified by a set of IP addresses. host : forward-in.splio.fr Protocol : SMTP Port: 25 (or 587) Note: If your network configuration does not allow port 25 nor port 487, please use 2525 if you are confronted to this case. 5

Option 2: The SPLIO customer is identified by username/password, the authorization protocol is AUTH LOGIN host : forward-auth.splio.fr Protocol : SMTP over SSL Port: 465 username : created on request to your contact at SPLIO password : created on request to your contact at SPLIO Notes: This mechanism is recommended when the IPs of your servers are subject to change, like it might be the case for Cloud. Google Cloud is not allowing port 465 to be used, please use 25465 if you are confronted to this case. Once the credentials are communicated to the customer, the service is open only between customer and SPLIO, but the first messages are not relayed until further checks done by SPLIO. The first messages are blocked until checks are ok. Then SPLIO notifies the customer of the real availability of the service. Tracking Details on returned information Returned information can be set from basic to advanced, depending on customer requirements:» No tracking In such case, the MIME content is not modified by SPLIO's scripts» Opening rate A web bug is added to the HTML message to monitor the opening rate. The basic set up doesn't capture personal details on openers.» Openers 6

Through optional set up, Openers details can be captured and reported. (Email address / IDuser).» Clickers rate Through optional set up, Clickers rate can be monitored (aggregated to the contact, with no link details)» Advanced tracking and reporting Trough optional set up, advanced monitoring on behavior can be captured and reported (with personal details and links used)» DualTrack As additional feature, our DualTrack can replay through an asynchronous mode the campaign activity captured in real time by SPLIO. DualTrack requires advanced tracking. This functionality requires a prior technical analysis and validation by SPLIO consultants. The tracking URL can be in https or http depending on the type or tracking. Datas feeds Customer data feeds As mentioned previously, the data captured by SPLIO tools can be delivered through various options:» Flat files (through FTP) A file can be periodically delivered (by default, on a daily basis) this frequency can be increased or decreased. The file is available on FTP (secured FTP TLS is also available). The flat file structure must be agreed between customer and SPLIO. Usual informations are: Soft bounces Hard bounces Unsubscribes (through List-Unsubscribe) Spam complaints Usual identifiers are: CampaignID or Campaign caption RecipientID or email address 7

Action (hard/soft/spam/open/click/unsub) Data (/ IP address/used link/..) Default format is as below (separator is tab): Recipientid campaignid ext chanel from status dest1@mail.com campaign1 1001 normal newsletter@company.com done dest2@mail.com campaign1 1002 normal newsletter@company.com hard dest3@mail.com campaign1 1003 normal newsletter@company.com soft dest4@mail.com campaign1 1004 vip newsletter-vip@company.com done Send set-up Message header The SPLIO relay behavior and reports can be adjusted through some additional tags within the messages header. The naming convention for the tags to be monitored by SPLIO tools is to begin with: x-splio- 3 tags to allow post-campaign reports split: x-splio-ref : campaign identifier x-splio-extid : recipient id x-splio-canal : channel x-splio-filteroff: Y/N : Optional disabling of the SPLIO blacklist. This option is dedicated to transactional messages such as ecommerce order confirmation, logistic information, etc.. It is not supposed to be used with a marketing campaign. Using this option implies a strong integration of Unsubscriptions and spam complaint management at the customer side. *Requires activation on SPLIO s side. Based on the presence of these tags and agreed values, the behavior of our SMTP relay can be adjusted (priority/rate/dedicated IP/header recording/tracking/billing ref/reporting aggregates/mime changes/email sender) or be retrieved while producing the data feed to the customer. 8

MX records set-up The MX record can be updated to set mail exchanger= mail.splio.fr, depending on customer case. SPF/DKIM set-up Usage Depending of ISP internal policies, the SPF, SenderID and DKIM can be optional or mandatory to ensure the deliverability of emails. SPLIO strongly recommends implementing the DKIM and SPF/SenderID so that the email deliverability will be secured. Identification and authentication Identification is the sender value such as «user@domaine.com». The authentication stage checks that the sender name used is corresponding to the declared information accessible from a reverse lookup. Qualification Qualification assessment intends to verify the sender is accredited to send a mail. This stage comes after authentication. Integrity This last stage occurs to check the message has been routed directly with alteration. Used standard policies SPF (Sender Policy Framework) SPF is the standard policy to which SPLIO complies. The SPF record information allows declaring regular IP addresses to be accepted to send emails and recognized at the "MAIL FROM:" assessment (during the transaction SMTP hand check). 9

Trying 77.238.177.9... Connected to mx1.mail.eu.yahoo.com. Escape character is '^]'. 220 mta1043.mail.ird.yahoo.com ESMTP YSmtp service ready EHLO mail.splio.fr 250-mta1043.mail.ird.yahoo.com 250-8BITMIME 250-SIZE 41943040 250 PIPELINING MAIL FROM: <exemple@splio.fr> 250 sender <exemple@splio.fr> ok Table 1 - Transaction SMTP initial hand check mydomain.com 3600 IN TXT "v=spf1 ip4:91.190.168.0/21 ~all" mydomain.com 3600 IN SPF "v=spf1 ip4:91.190.168.0/21 ~all" Table 2 - SPF/TXT record splio.fr for a dedicated setting Table 2 returns the following credentials: Any server with an IP belonging to the range 91.190.168.0/21 is allowed to use the domain splio.fr in the MAIL FROM: section Using a range of IPs exposes to potential change in the future. As a consequence, SPLIO is requesting to use "v=spf1 include:spf.splio.com mx a ~all" instead. The all or ~all are discussed at a later stage. Any other server is not allowed to use the domain splio.fr in the MAIL FROM: section Further information on SPF options is available on the public domain. The ISPs use SPF records to define if a message should be rejected; not setting SPF would be considered as a bad behavior. A SPF record properly set will foster the successful message delivery. Advantages SPF check-in allows rejecting from the very first step of the process Inconveniences Some ISP may accept emails even if the sender IP address is not compliant. 10

Sender ID Sender ID is a Microsoft specific policy, it derivates from SPF. As the behavior is quite different, SPLIO recommends complying with Microsoft policy. mydomain.com 600 IN TXT "spf2.0/pra include:spf2.splio.com ~all" Table 3 - Sender ID set up for mydomain.com Sender ID checks occur at "MAIL FROM:" assessment, similarly to SPF, but also evaluated later on the process on other fields like From:, the Sender:, etc. based on Purported Responsible Address (PRA) algorithm. Sender ID was required for Hotmail recipients, and is now obsolete, but Exchange mail servers may still require the SenderID. As a consequence, SPLIO is requesting to create the corresponding DNS records. Advantages It allows the email router to use Sender as an alternate trusted identifier. Inconveniences If the MAIL FROM: check in allows the ISP to notify the rejection from the very first step of the SMTP transaction, the deny based on SenderID is notified later in the process. DKIM (DomainKeys Identified Mail) DKIM allows a technical signature within the messages, independent from the Sender, From, Return-Path domain values. The Sender delivers the message with a private encrypted key, The ISP receiver server controls with the public key, published at the DNS record and certifies the authentication of the sender. The regular entry into the DNS should be splio._domainkey.mydomain.com 43200 IN TXT "k=rsa; p= MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFG63OUQU+COcURv/5/rD5MLkAh 3mS8c2JqskStBgMJiPTfQaxIc+qqtZAVkiud4jO5SQ5plnvRYtMnfSe+VoyGiz1j/3x5i4PUjiFKL KiGnTpvW7LcrpWwVgeRnUAqeIvACnlTc9uXv30moMvPNq4qPe1bD05oDvpxJHa12lqlwIDA QAB" In order to simplify the DNS entry, SPLIO is recommending to use CNAME instead of the full declarative key: splio._domainkey.mydomain.com. CNAME splio.dkim.splio.com. 11

Table 4 - Display of public key for DKIM signature on mydomain.com DKIM is used to establish trust between recognized sender and receiver and can shunt further filtering procedures doing so, the workload is lighter and the delivery of messages is simplified The DKIM signature is strongly recommended by Yahoo! to allow the FeedBack Loop to work. Gmail is requesting this signature. Hotmail usage of DKIM is less important. Advantages It allows consolidating the sender reputation on one domain whatever the sender (From) uses. Inconveniences Encrypted key analysis requires more calculation resources. DNS set-up In order to ensure the authentication phases success, SPF, Sender ID and DKIM require from customer domain administrator actions on TXT records within the impacted DNS. Action can be either an insert or a change, depending if the records already exist. Warning: a new MX record might be also added, beside the SPF/SENDER ID/DKIM actions described below, depending if the subdomain dedicated to the emails routed by SPLIO SMTP Relay is already existing or not, and well configured for abuse@ address. Case 1: Customer ensures the domains management SPF» Add «include:spf.splio.com» to the existing records or create them if missing. 12

Note: TTL value is to be set by yourself, depending on your requirements (3600 in the example below) Example: mydomain.com 3600 IN TXT "v=spf1 include:spf.splio.com mx a ~all" The example above means SPLIO is the dedicated router. So, for combination of several routers, please insert the include into the existing string mydomain.com TXT "v=spf1 ip4:xxx.xx.xxx.x/xx ip4:xxx.x.xxx.x/xx include:spf.splio.com include:spf.myotherrouter.com a mx ~all" Sender ID => Add «include:spf2.splio.com» to the existing records or create them if missing. Note: TTL value is to be set by yourself, depending on your requirements (3600 in the example below) Example: mydomain.com 3600 IN TXT "spf2.0/pra include:spf2.splio.com ~all" The example above means SPLIO is the dedicated router. So, for combination of several routers, please insert the include into the existing string mydomain.com TXT "spf2.0/pra include:spf2.splio.com include:sp2.myotherrouter.com a mx ~all" DKIM Add to your public keys, associated to your domain, a reference to our zone «splio._domainkey» with the following values: splio._domainkey.your.domain.tld. CNAME splio.dkim.splio.com. Example: splio._domainkey.mydomain.com. CNAME splio.dkim.splio.com. Notes: The underscore character used by SPLIO may be an issue depending on your domain service provider. If you already have a DKIM private key in use, please communicate this to us. 13

After all changes, the new DNS setting should be like this mydomain.com. TXT "v=spf1 include:spf.splio.com a mx ~all " mydomain.com. TXT "spf2.0/pra include:spf2.splio.com a mx ~all " splio._domainkey.mydomain.com. CNAME splio.dkim.splio.com. Notes: the ~all may be replaced by -all to inform the Internet Service Providers (ISPs) that no other sender than the declared ones into the DNS should be accepted for the given domain. Case 2: Customer delegates sub-domain management to SPLIO This option is billable, check this with your SPLIO sales contact. The DNS admin of your domains needs to set these additional values: IN NS ns1.splio.fr. IN NS ns2.splio.fr. IN NS ns3.splio.fr. SPLIO can then do the additional set up on its side. Case 3: SPLIO manages your DNS This option is billable, check this with your SPLIO sales contact. Google postmaster management Google is providing a tools suite in order to monitor the reputation of your domain, for the Gmail recipients. You may consider allowing SPLIO to monitor your domain reputation associated to SPLIO IPs. In such case, please liaise with your contact at SPLIO so that the access will be created. SPLIO is expected from you to add a TXT record with a key value provided by Google Postmater suite. Example: google-site-verification=v7wf1ynt5vch7z9thriuekgl7_zpclne_pvtyrspf8i 14

SPLIO, French independent group created in 2001, is software provider of Customer Experience Management in Saas mode and specialized in the retail industry. SPLIO, whose R&D is located in France, has a presence in three continents with offices in Paris, Barcelona, Warsaw, Beijing, Shanghai and Sao Paulo. SPLIO offers solutions that can easily be integrated and have the ability to meet the creative needs of marketers. 103 boulevard Haussmann - 75008 Paris Tel. : +33 (0)1 84 73 11 11 www.splio.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback