Skip to content

How can I have more control over the delivery of mails sent from applications on Dropsolid Platform

Configuring your domain to send out mails only from servers and services you want to, can be a fairly complex task.
A misconfiguration can result in mails falsely being marked as spam.
Therefore it's good practice to get this configured correctly.

Depending on the level of security you want to achieve for mails sent from your domains, Dropsolid can offer one of the solutions / integrations below:

Some recommendations:

  • If you have DMARC configured for your domains, we strongly recommend to have a complete and correct DKIM setup too.
    This is recommended to prevent issues with mail hosts that have a very strict interpretation of the DMARC configuration.

Possible solutions

Dropsolid general mail service

Dropsolid Experience Platform provides a general mail service for all projects hosted on the platform.
This service is included in the hosting subscription and has a FUP regarding the number of mails sent from your domain(s).

This setup uses a dedicated IP address used for all projects hosted on the platform.
this way we have more control over the reputation and the mail delivery.
Dropsolid monitors this mail service to ensure it's health.

With the general mail service you should configure the SPF record of your domains, to improve the deliverability of mails sent from your domain(s) via Dropsoolid Platform.

With the general mail service it is not possible to add DKIM validation for your domain(s).
You can use our dedicated mail service if you want DKIM authorization.

What do I need to configure?

My domain is managed by Dropsolid

If your domain is managed by Dropsolid, we will add the SPF record for you.
No actions are required on your end.

SPF record

Add following TXT record to the DNS records of your domain names.

v=spf1 include:_spf.dropsolid.com ~all

Change the existing TXT record to contain following part

include:_spf.dropsolid.com

For example, if your record looks like this:

v=spf1 a mx include:_spf.google.com include:spf.protection.outlook.com ~all

You would just need to add our lookup at the end of the string, before the ~all mechanism, like so:

v=spf1 a mx include:_spf.google.com include:spf.protection.outlook.com include:_spf.dropsolid.com ~all
You don't want to include another hostname lookup? (not recommended)

If you would rather not include Dropsolid's SPF hostname lookup in your record, or perhaps you just have too many already, you can also choose to give permission to a specific IP address to send mail for your domain.

This is accomplished using the ip4 mechanism.

instead of adding following snippet

include:_spf.dropsolid.com

add

ip4:167.89.47.88

be aware that this is not recommended, as the IP addresses used for our general mail service may change over time.

Always check the SPF end result to ensure a non-broken state

SPF has some (security) limitations, like the number of DNS lookups.

Section 10.1, "Processing Limits" of the SPF RFC specifies the following in regards to DNS lookups:

SPF implementations MUST limit the number of mechanisms and modifiers that do DNS lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier.
If this number is exceeded during a check, a PermError MUST be returned. The "include", "a", "mx", "ptr", and "exists" mechanisms as well as the "redirect" modifier do count against this limit.
The "all", "ip4", and "ip6" mechanisms do not require DNS lookups and therefore do not count against this limit. The "exp" modifier does not count against this limit because the DNS lookup to fetch the explanation string occurs after the SPF record has been evaluated.

Therefore it's recommended to always check the end result with online tools like MX toolbox or Kitterman SPF validator.

Dropsolid dedicated mail service

If you require a more advanced setup with DKIM and DMARC authentication and validation, but don't want to configure and maintain it yourself, than a dedicated mail service can help you.

This service provides:

  • Fully managed and maintained by Dropsolid
  • Dedicated IP address only used for your application(s) and domain(s)
  • DKIM validation of the domain names of your application
  • 30 days retention of mail logs

What do I need to do?

Please get in contact with your contact person at Dropsolid, or get in contact via support@dropsolid.com.
They will guide you through the next steps and how to proceed.

My own mail service

You already have a mail service configured following the needs and requirements of your company? No problem.
Applications hosted on Dropsolid Platform can connect to your own mail service.

What do I need to do?

Please get in contact with your contact person at Dropsolid, or get in contact via support@dropsolid.com.
They will guide you through the next steps and how to proceed.

Terminology and background info

SPF

The Sender Policy Framework (SPF) is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain. With SPF an organisation can publish authorized mail servers.

DKIM

DKIM (Domain Keys Identified Mail) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain. This is done by giving the email a digital signature. This DKIM signature is a header that is added to the message and is secured with encryption.

DMARC

DMARC (Domain-based Message Authentication Reporting and Conformance) is an email validation system designed to protect your company’s email domain from being used for email spoofing, phishing scams and other cybercrimes. DMARC leverages the existing email authentication techniques SPF and DKIM.

For more information on DMARC, check out dmarc.org

3rd Party Tools

These are some tools that might be useful to you. We do not own or support these tools, so use them at your own risk. However, we hope that they are helpful.

Record Flattening

There is an experimental tool called the dmarcian SPF Record Flattener, which should be considered experimental. From their site: "[this tool] rewrites this record by removing duplicate netblocks, collapsing any overlapping netblocks, and using 0 DNS-querying mechanisms/modifiers."

If you choose to use this functionality, we suggest that you test it extensively to make sure that your customers will receive your emails and their servers can look up your records properly.

SPF Wizard

The SPF Wizard is a browser based SPF record generation tool. Fill out the form and the site generates an SPF record for you.

Easy DMARC tools

Easy DMARC provides some tools to check your SPF, DKIM and DMARC setup.