Verify your from address and use a custom domain

For example, if you are going to send emails from [email protected] the domain oxfordstones.co.uk must be verified. Verification is done by applying Maxemail's DKIM configuration to the domain.

Verification is important because email inherently allows the ability to choose any From Address. This permits senders to spoof their From Address. For example, anyone could set the From Address to [email protected] and send out marketing email. Maxemail uses verification to ensure you are authorised to use the domain, and DKIM then authenticates the email when Maxemail delivers it to your recipients.

📘

DNS records

Configuration of domains is done by adding DNS records. Typically a DNS administrator would be responsible for this. Larger organisations may have their own in-house IT person responsible for this, whereas smaller organisations may rely on their web-hosting provider or other outsourced administrator.

From address vs. Sender

As noted above, an email's From Address can be set to any value, allowing it to be easily spoofed. This is the problem that DKIM solves.

But email has a second address, known by several names: sender, return-path, mail-from, envelope-from. They all refer to the sender of the email, which for emails sent by Maxemail, is always Maxemail. This address is where bounces are sent, so the Send Address domain (which can be customised) must always point to Maxemail.

SPF

A quick note on SPF: don't worry about it!

The 'S' stands for 'sender' (Sender Policy Framework) and as established above, the sender is always Maxemail, which has correctly configured SPF records. There is no need for any special SPF configuration for Maxemail.

DKIM

DomainKeys Identified Mail is used to create a unique digital signature of your email using an encryption key tied to the domain of the from address. This means that DKIM proves the sender has permission to use the From Address, and also proves the content of the email has not been maliciously altered in transit.

For each From Address that you are going to use in Maxemail, the DNS CNAME record must be added for DKIM. This record is independent to Maxemail and cannot conflict with any other records.

For example, if the From Address is [email protected] then a record must be added to authenticate email.oxfordstones.co.uk for Maxemail:

mxm._domainkey.email.oxfordstones.co.uk. IN CNAME dkim.mxmfb.com.

You must replace email.oxfordstones.co.uk with your own domain. Email the Maxemail Support Team once the DNS entry has been added.

Custom domain

Because Maxemail is the Sender, the return-path email address (which is used by Maxemail to track bounces) uses a default domain mxm.mxmfb.com.

For improved deliverability, the From Address and Sender Address should be aligned. Alignment means that they use the same domain or a sub-domain variation.

For example, the From Address might be [email protected] but if the Sender Address is mxm.mxmfb.com these are not aligned.

Setting up a custom domain would change the Sender Address for example to email.oxfordstones.co.uk which now aligns with the From Address.

The chosen custom domain should be set up with a DNS CNAME record:

email.oxfordstones.co.uk. IN CNAME mxm.mxmfb.com.

Only one custom domain can be configured per customer space. The domain will also be used for tracking links for Email Campaigns and Triggered Emails so that these match your brand. Email the Maxemail Support Team once the DNS entry has been added.

Domain email server blocking

The business email server responsible for the chosen from address domain will typically block emails using its from address that arrive externally from other senders. This means that even though Xtremepush has all authentications in place, you cannot receive your own emails.

Using the above example for choosing oxfordstones.co.uk as the from address domain, the email server for Oxford Stones will automatically block any emails sent from @oxfordstones.co.uk.

You can prevent this by adding the Xtremepush sending IPs to the list of allowed senders for the corporate domain. This is a configuration setting on the email server. The IPs that you need to allow are: 109.68.64.0/21.

Google Workspace

To set the IP in Google Workspace, in the Admin Console navigate to Apps > Google Workspace > Gmail > Spam, phishing and malware > Email allowlist. For more information please see this Google Workspace help article.

Resellers

If you are a Maxemail reseller, the instructions you give to your clients will follow the same requirements, however the domains for the DNS entries will be different. This is discussed in Reseller setup.