For optimal email delivery, DaySmart Vet recommends the following:
We recommend that you use an email address from a domain that you own and control - some email addresses cannot be used to send email - notably Yahoo, AOL, and Apple email addresses (in an effort to fight spam, they've chosen to deny anyone other than themselves the ability to send valid email using their domain). While email addresses from gmail and other public mail providers will work, you will be unable to DKIM verify those addresses and anti-spam software is more likely to mark your messages as spam than email sent from your own domain. Again... it's worth it to have your own domain and use email through that domain. Google makes all of this super simple - https://domains.google
We also recommend that you have one email address that is used for transactional emails (DaySmart Vet emails, bills, reminders, etc.) and one email address that is used for marketing emails. The one thing you do not want is for customers to mark your transactional email address as SPAM. If enough customers mark an email as spam, your address may get blacklisted and then you will not be able to deliver reminders and invoices! It's very hard to get an email address un-blacklisted.
Verify your email address with Amazon Simple Email Service - automatic in our app, but you need to click on the link that is sent from Amazon
After entering an email address with a domain you own, you should receive 3 keys from Amazon web services that need to be added to your domain's DNS records that tell mail servers that your domain allows DaySmart Vet to send email from Amazon Web Services using an email from your domain and that this is legitimate and not spam. This is called DomainKey Identified Mail (DKIM). It is important that you find the person who knows how to update your DNS records - if not the owner or technical person, could be your webmaster.
Add SPF entry that explicity says that you allow email from Amazon's mail service. This is also a DNS entry and can be made/checked/updated at the time of adding the above DKIM keys. It's important to note that a strict SPF entry without the proper contents can result in all of your email being rejected and not delivered to customers' inboxes.
Set up or check DMARC - Domain-based Message Authentication - this is also a TXT record in DNS, and if misconfigured it can cause email from DaySmart Vet to be rejected.
Here's a basic DMARC dns record with brief explanation:
hostname: _dmarc
type: TXT
value: "v=DMARC1; p=none; pct=100"
This says, "domain message authentication uses DMARC1 version and rejects no email sent from other domains and this policy applies to 100% of messages"
Email deliverability best practices change as time goes by. As spam email has increased, mail servers and mail providers continue to make it more challenging to deliver legitimate email. We want to ensure that you have the best email deliverability possible and will continue to work with and update you as rules change.
More details on SPF:
SPF - Sender Policy Framework
What is SPF? A way that owners of domains can add a line in their DNS records that whitelist email from specific mail servers
Why is it important? We know that all of our customers want the highest email deliverability possible, and due to the never-ending war between spammers and legitimate email services, it will continue to get harder to prove that email is legitimate. Addressing DKIM AND SPF is currently the best solution for our customers to ensure highest deliverability rates. There is no need for us to generate any keys to use SPF, just customer adding a whitelist for amazon's mail servers.
SUMMARY:
Customers are encouraged to add "include:amazonses.com" to their SPF txt record in their DNS so that email SPF validation will PASS for email sent out of Vetter to their customers. We still encourage customers to configure DKIM too.
Before:
mobilevet.vet text = "v=spf1 include:_spf.google.com ~all"
After adding support for email from Vetter:
mobilevet.vet text = "v=spf1 include:_spf.google.com include:amazonses.com ~all"
1. Navigate to DNS Management and select the record type as 'TXT'
2. Once the record type is selected as TXT, add the txt value in the field as shown below, ensure to add include include:amazonses.com before the all so that it look like include:amazonses.com -all
3. Click add to add the record.
Details:
Most domains have some non-hostname DNS records that store data. These are called 'text records' - TXT, for short. An SPF TXT entry is not a requirement, but many email services do look for it.
How to find the SPF records for a domain:
open a terminal/console/cmd window and type:
nslookup -type=txt domain.com
Look for a line like:
domain.com text = "v=spf1 include:_spf.google.com ~all"
What does it mean? v=spf1 = value for spf, include:foo.bar.com = explicitly confirm that email from this domain is allowed, all = soft enforcement, -all = strick enforcement. Having an SPF txt record like above says, "we confirm that email sent from google is valid. Anything else... we don't confirm". If the ending was "-all" instead of "~all", that means, "we confirm that email sent from google is valid. Anything else is INVALD and should NOT BE DELIEVERED".
Recently, we've seen some clinics add strict SPF rules because they were prompted to do so by a security audit or they believe they're improving security. If a clinic says, "suddenly, NONE of our emails are being delivered!!!!!" check their SPF record for a "-all" and no entry for amazonses.com which is what Vetter needs... The solution to this is for them to ADD include:amazonses.com in the middle of their txt record like so:
before:
domain.com text = "v=spf1 include:_spf.google.com -all"
after
domain.com text = "v=spf1 include:_spf.google.com include:amazonses.com -all"