Xtremepush email delivery platform
This guide only applies to projects using Xtremepush's email delivery platform.
If your project is using Amazon SES, please follow our Email verification for Amazon SES dedicated guide.
This guide explains all the necessary details for email verification, which is done in four steps:
- Choose your from address and its domain.
- Add the DKIM DNS record for the chosen domain.
- Choose a sub-domain for the custom send domain and add the DNS record.
- Give the support team these details.
The support team will verify the correct DNS records and authentications are in place, and add the necessary configuration on your Xtremepush project to enable the chosen from address to help you test the integration end-to-end.
Verification is important because email inherently allows the ability to choose any from address. This allows senders to spoof their from address. Verification is done by applying Xtremepush's DKIM configuration to the domain. Xtremepush also requires verification to ensure that you are authorised to use that domain.
Configuration of domains is done by adding DNS records. Typically a DNS administrator would be responsible for this. Larger organisations may have their own in-house IT person responsible for this, whereas smaller organisations may rely on their web-hosting provider or other outsourced administrator.
As noted above, an email's from address can be set to any value, allowing it to be easily spoofed. This is the problem that DKIM solves.
But email has a second address, known by several names: sender, return-path, mail-from, mailed-by, envelope-from. They all refer to the sender of the email, which for emails sent by Xtremepush, is always Xtremepush. This address is where bounces are sent, so the send address domain (which can be customised) must always point to Xtremepush.
Choosing a from address
You may choose your from address to be a mailbox at your company domain, for example
[email protected], or instead using a sub-domain, for example
If using a sub-domain or if the mailbox on your corporate domain doesn't exist, it's important to use a reply address when sending your email campaigns, so that replies sent by your customers can be handled.
Out-of-office auto-responders are sent to the from address, not the reply address.
DKIM stands for DomainKeys Identified Mail. It is used to create a unique digital signature of your email using an encryption key tied to the domain of the from address. This means that DKIM proves the sender has permission to use the from address, and also proves the content of the email has not been maliciously altered in transit.
For each from address that you are going to use in Xtremepush, the DNS CNAME record must be added for DKIM. This record is independent from Xtremepush and cannot conflict with any other records.
For example, if the from address is
[email protected], then a record must be added to authenticate
oxfordstones.co.uk for Xtremepush:
xp._domainkey.oxfordstones.co.uk. IN CNAME dkim.xtremepush.com.
This would be achieved by adding a record named
xp._domainkeyto the DNS records for your domain as a CNAME to
If using a sub-domain, for example
xp._domainkey.emailto the DNS record for your domain.
Since Xtremepush is the sender, the return-path email address (which is used by Xtremepush to track bounces) uses a default domain
For improved deliverability, the from address and sender address should be aligned. Alignment means that they use the same domain or a sub-domain variation.
Setting up a custom send domain would change the sender address, for example to
email.oxfordstones.co.uk, which now aligns with the from address.
The chosen custom send domain should be set up with a DNS CNAME record:
email.oxfordstones.co.uk. IN CNAME mail.eu.xtremepush.com.
This is usually done by adding a DNS record to your domain for just the desired sub-domain. As in the example above you would only add
Only one custom domain can be configured per project. The chosen send domain needs to be a domain that's solely used for this purpose.
SPF stands for Sender Policy Framework and as established above, the sender is always Xtremepush, which will already handle this, therefore there is no need for any special SPF configuration for Xtremepush.
All emails sent from Xtremepush are fully DMARC compliant, as we make sure that DKIM is set up against the from address domain. DMARC is a policy set by the domain holder, and not directly related to email deliverability; it simply tells ISPs how to handle inbound emails which are not compliant.
The business email server responsible for the chosen from address domain will typically block emails using its from address that arrive externally from other senders. This means that even though Xtremepush has all authentications in place, you cannot receive your own emails.
Using the above example for choosing
oxfordstones.co.uk as the from address domain, the email server for Oxford Stones will automatically block any emails sent from
You can prevent this by adding the Xtremepush sending IPs to the list of allowed senders for the corporate domain. This is a configuration setting on the email server. The IPs that you need to allow are:
To set the IP in Google Workspace, in the Admin Console navigate to Apps > Google Workspace > Gmail > Spam, phishing and malware > Email allowlist. For more information please see this Google Workspace help article.
Updated 5 months ago