Email verification

In order to send emails from Xtremepush, you must verify the from address domain that you're going to use.

πŸ“˜

Xtremepush email delivery platform

This guide only applies to projects using Xtremepush's email delivery platform.

If your project is using Amazon SES, please follow our Email verification for Amazon SES dedicated guide.

πŸ‘

Quick start

This guide explains all the necessary details for email verification, which is done in four steps:

  1. Choose your from address and its domain.
  2. Add the DKIM DNS record for the chosen domain.
  3. Choose a sub-domain for the custom send domain and add the DNS record.
  4. Give the support team these details.

The support team will verify the correct DNS records and authentications are in place, and add the necessary configuration on your Xtremepush project to enable the chosen from address to help you test the integration end-to-end.

Verification is important because email inherently allows the ability to choose any from address. This allows senders to spoof their from address. Verification is done by applying Xtremepush's DKIM configuration to the domain. Xtremepush also requires verification to ensure that you are authorised to use that domain.

πŸ“˜

Configuration of domains is done by adding DNS records. Typically a DNS administrator would be responsible for this. Larger organisations may have their own in-house IT person responsible for this, whereas smaller organisations may rely on their web-hosting provider or other outsourced administrator.

From address vs. sender

As noted above, an email's from address can be set to any value, allowing it to be easily spoofed. This is the problem that DKIM solves.

But email has a second address, known by several names: sender, return-path, mail-from, mailed-by, envelope-from. They all refer to the sender of the email, which for emails sent by Xtremepush, is always Xtremepush. This address is where bounces are sent, so the send address domain (which can be customised) must always point to Xtremepush.

πŸ‘

Choosing a from address

You may choose your from address to be a mailbox at your company domain, for example [email protected], or instead using a sub-domain, for example [email protected].
If using a sub-domain or if the mailbox on your corporate domain doesn't exist, it's important to use a reply address when sending your email campaigns, so that replies sent by your customers can be handled.
Out-of-office auto-responders are sent to the from address, not the reply address.

453453

From address as a sub-domain and a monitored reply address.

DKIM

DKIM stands for DomainKeys Identified Mail. It is used to create a unique digital signature of your email using an encryption key tied to the domain of the from address. This means that DKIM proves the sender has permission to use the from address, and also proves the content of the email has not been maliciously altered in transit.

For each from address that you are going to use in Xtremepush, the DNS CNAME record must be added for DKIM. This record is independent from Xtremepush and cannot conflict with any other records.

For example, if the from address is [email protected], then a record must be added to authenticate oxfordstones.co.uk for Xtremepush:

xp._domainkey.oxfordstones.co.uk. IN CNAME dkim.xtremepush.com.

πŸ‘

This would be achieved by adding a record named xp._domainkey to the DNS records for your domain as a CNAME to dkim.xtremepush.com..

If using a sub-domain, for example email, then you would add the record xp._domainkey.email to the DNS record for your domain.

Custom send domain

Since Xtremepush is the sender, the return-path email address (which is used by Xtremepush to track bounces) uses a default domain mail.eu.xtremepush.com.

For improved deliverability, the from address and sender address should be aligned. Alignment means that they use the same domain or a sub-domain variation.

Setting up a custom send domain would change the sender address, for example to email.oxfordstones.co.uk, which now aligns with the from address.

The chosen custom send domain should be set up with a DNS CNAME record:

email.oxfordstones.co.uk. IN CNAME mail.eu.xtremepush.com.

πŸ‘

This is usually done by adding a DNS record to your domain for just the desired sub-domain. As in the example above you would only add email to the domain.

πŸ“˜

Only one custom domain can be configured per project. The chosen send domain needs to be a domain that's solely used for this purpose.

SPF

SPF stands for Sender Policy Framework and as established above, the sender is always Xtremepush, which will already handle this, therefore there is no need for any special SPF configuration for Xtremepush.

DMARC

All emails sent from Xtremepush are fully DMARC compliant, as we make sure that DKIM is set up against the from address domain. DMARC is a policy set by the domain holder, and not directly related to email deliverability; it simply tells ISPs how to handle inbound emails which are not compliant.

Domain email server blocking

The business email server responsible for the chosen from address domain will typically block emails using its from address that arrive externally from other senders. This means that even though Xtremepush has all authentications in place, you cannot receive your own emails.

Using the above example for choosing oxfordstones.co.uk as the from address domain, the email server for Oxford Stones will automatically block any emails sent from @oxfordstones.co.uk.

You can prevent this by adding the Xtremepush sending IPs to the list of allowed senders for the corporate domain. This is a configuration setting on the email server. The IPs that you need to allow are: 109.68.64.0/21.

Google Workspace

To set the IP in Google Workspace, in the Admin Console navigate to Apps > Google Workspace > Gmail > Spam, phishing and malware > Email allowlist. For more information please see this Google Workspace help article.


What’s Next