Email Settings

Authorize FL3XX's Email Servers to Avoid Spam Filter Issues

Introduction

The FL3XX application sends emails on behalf of your business. To do so, the FL3XX email servers send on behalf of your own email servers. Correctly (but unfortunate for us), such activity is categorized as SPAM. For your customers and partners to receive your emails from FL3XX servers, you must authorize FL3XX’s email servers for sending on your behalf.
To do so, you need to put a flag in the public DNS record of your domain (e.g. mycompany.com). When someone receives an email, their server will check that the sending server is authorized for that domain and if they find the flag, it will consider the message legitimate. Of course, setting up flags in your domain is protected, and only you (or your IT manager) can access the record. If you remove the flag, the emails sent by FL3XX's servers will be detected as SPAM.
This document helps the users to set up all the necessary configurations to allow FL3XX’s email servers to send on your behalf.
The email protocol relies on DNS to send and receive emails. For a server to be authenticated as a legitimate sender, it’s important for your business to add or update 3 specific DNS records. 

SPF 

The SPF is a special record that allows a list of authorized servers that can send an email on behalf of your business. It’s important to add FL3XX’s email server to this record or to create one in case you don’t have one.

DKIM

The DKIM is like an encryption key that says yes this email is really coming from this email address. It’s important to add FL3XX’s public DKIM key into your DNS to ensure that your clients properly receive the emails from the FL3XX application. 

DMARC 

The DMARC allows the owner of a domain to publish a policy on which mechanism (DKIM, SPF, or both) is employed when sending email from that domain and how the receiver should deal with failures. Additionally, it provides a reporting mechanism for actions performed under those policies. It thus coordinates the results of DKIM and SPF and specifies under which circumstances the email should be considered legitimate.

How to Configure SPF?

Set-up will be slightly different depending on which environment your FL3XX is in:

  • FL3XX International (you log in to app.fl3xx.com) 🔷
  • FL3XX North America (you log in to app.fl3xx.us) 🔶

1. Configure SPF

There are two potential pathways to configuring SPF:
    1a. We don’t have an already-configured TXT record for our domain
    1b. We already have a TXT record for our domain

Please navigate to either FL3XX International or FL3XX North America below and follow the steps: 

FL3XX International (app.fl3xx.com)

🔷 1a. We don’t have a TXT record yet 
Simply add a new TXT record. There are 4 fields that are important to configure.

  1. Type: You need to choose the type TXT. The list should contain other types like A, AAAA, CNAME, MX, etc
  2. Name: The name should be the name of your domain. It usually is the last part of your email address after the @
  3. Value: The value is a special field where we define all the authorized email servers. Add exactly this without the double-quotes “v=spf1 include:mail.fl3xx.com ~all”
    1. “v=spf1” means that the SPF version is 1. It’s always like this
    2. “include:mail.fl3xx.com” means that we allow fl3xx.com to send emails on our behalf
    3. “~all” means that if the email comes from anything else, it should be flagged as SPAM

      🔷 Example:  SPF
  4. TTL: This value specifies how long the internet servers should cache this record. If you are configuring this record for the first time, we recommend 300 seconds or 5 minutes.  

🔷 1b. We already have a TXT record 

This procedure is easier than creating a new record. For this to work properly, simply add include:mail.fl3xx.com after the v=spf1. Make sure you keep all the information in this record and do not change anything else! It should look like this “v=spf1 include:mail.fl3xx.com …”

🔷 Example: 

SPF1

 

FL3XX North America (app.fl3xx.us)

🔶 1a. We don’t have a TXT record yet 
Simply add a new TXT record. There are 4 fields that are important to configure.

  1. Type: You need to choose the type TXT. The list should contain other types like A, AAAA, CNAME, MX, etc
  2. Name: The name should be the name of your domain. It usually is the last part of your email address after the @
  3. Value: The value is a special field where we define all the authorized email servers. Add exactly this without the double-quotes “v=spf1 include:mail.fl3xx.us ~all”
    1. “v=spf1” means that the SPF version is 1. It’s always like this
    2. “include:mail.fl3xx.us” means that we allow fl3xx.us to send emails on our behalf
    3. “~all” means that if the email comes from anything else, it should be flagged as SPAM

      🔶 Example:  SPF US-1
  4. TTL: This value specifies how long the internet servers should cache this record. If you are configuring this record for the first time, we recommend 300 seconds or 5 minutes.  

🔶 1b. We already have a TXT record 

This procedure is easier than creating a new record. For this to work properly, simply add include:mail.fl3xx.us after the v=spf1. Make sure you keep all the information in this record and do not change anything else! It should look like this “v=spf1 include:mail.fl3xx.us …”

🔶 Example: 

SPF US2

2. Test SPF configuration

After configuration, please make sure that the SPF record is correct. Please note that changes to the DNS can take several minutes up to hours to take effect!
You can verify the SPF configuration with for example DMARC Analyzer

FL3XX International 

🔷 Domain to Verify = <your domain, e.g. abc.com>. You should see "include:mail.fl3xx.com" in the results.

FL3XX North America 

🔶 Domain to Verify = <your domain, e.g. abc.com>. You should see "include:mail.fl3xx.us" in the results.

You can also use a tool called Dig using the following command: dig +short [your domain, e.g. cbs.com] TXT 

How to Configure DKIM?

You can have several DKIM entries for different providers sending emails on your behalf of you. Hence if you already have one, just ignore it and create an additional one for FL3XX.  DKIM configuration will be the same across both environments, FL3XX International and FL3XX North America. 

1. DKIM Configuration

The DKIM configuration is similar to the SPF. This means that we will need to add a TXT record but with different values.  
  1. Type: You need to choose the type TXT. The list should contain another type like A, AAAA, CNAME, MX, etc.
  2. Name: The name should always be this and pay attention to the underline: fl3xx2._domainkey
  3. Value: The value contains three things: a “v-tag” specifying the version, a “k-tag” specifying the type of encryption key used, and a “p-tag” containing the public key of the message signature. The exact value you need to add is displayed below:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzO4/puhH+25v3T2iHQJJSxDbTmxe1mv8Z2CTF+vF70q1Qvhl0fNkLIH5BhRUKacOuql3u4paeufmL8zRqNCT8ge7w3mnJmcieKGeNRX5/o6MvO04Hfmmt7UWOjO7JFlPskTL12UINVXKyVsSjaSQH2bg3ZaS6SlGCxEf9qcB/+LlMu4SwNRQ+JFmw7GvQ4njIuE+/S4H0zGDB6qu7hj2mgYLox9oH3m4E4+yKuR5a6MmOuE0pGIDCz4yp8i5p7Bq0dbnqF4wQbbYD99JoXm8iPr4DGsliaWO4xpTGr3ziH/0zn2Roxxim+aOwaQRvFLjlyPaKq8AVBtZKenKrCfGhQIDAQAB;
Note: remove all line breaks and spaces. You can copy and paste the key from the attached file DKIM.txt to ensure no breaks and spaces. 
Example:
DKIM2
4.   TTL: This value specifies how long the internet servers should cache this record. If you are configuring this record for the first time, we recommend 300 seconds or 5 minutes.

2. Test DKIM configuration

After configuration, please make sure that the DKIM record is correct. Please note that changes to the DNS can take several minutes up to hours to take effect! 
You can verify the DKIM configuration with for example DMARC Analyzer
DKIM Selector to verify = fl3xx2. Domain to Verify = <your domain, e.g. abc.com>. The tool should say that all is good. 
You can also use a tool called Dig using the following command: dig +short fl3xx2._domainkey.[your domain, e.g. cbs.com] TXT

How to Configure DMARC?

DMARC is a very powerful system, that gives you full control over how the receiving party processes your emails. You can read more here.

In this tutorial, we’re not going into detail, but we show you how to initialize your DMARC entry, which for most SPAM filters is already enough to increase your score.

1. DMARC Configuration

The DMARC configuration is similar to the SPF. This means that we will need to add a TXT record but with different values.

  1. Type: You need to choose the type TXT. The list should contain another type like A, AAAA, CNAME, MX, etc
  2. Name: The name should always be this and pay attention to the underline: _dmarc
  3. Value: In our basic version the value contains two things: a “v-tag” specifying the version, and a “p-tag” specifying the policy deployed by the receiving party. The exact value you need to add is displayed below:
  4. “v=DMARC1; p=none”
  5. TTL: This value specifies how long the internet servers should cache this record. If you are configuring this record for the first time, we recommend 300 seconds or 5 minutes.

2. Test DMARC configuration

After configuration, please make sure that the DMARC record is correct. Please note that changes to the DNS can take several minutes up to hours to take effect!

You can verify the DMARC configuration with for example DMARC Analyzer.                    

Domain to Verify = <your domain, e.g. abc.com>. Good if you see anything here. However, DMARC is an optional thing and has way less impact than the other two (SPF and DKIM).

You can also use a tool called Dig using the following command: dig +short _dmarc.[your domain, e.g. cbs.com] TXT

SMIME Certificate

In addition to the DNS improvements described above, FL3XX offers the option to sign outgoing emails with an SMIME certificate.

Mail Relay

If required by the customer, FL3XX can relay outgoing emails via the mail server of the customer.

FL3XX International

🔷 Authentication is possible based on hostname (Staging IP: 3.71.154.121 / 2a05:d014:8af:3400:355b:500e:8d68:2ca3, Production IP: 52.29.179.130 / 2a05:d014:9a:1801:9304:ce7a:d7c6:3440 )or login credentials.

FL3XX North America

🔶 Authentication is possible based on whitelisting (Staging IP: 184.169.249.43 / 2600:1f1c:974:8700:5af9:9397:4188:c911, Production IP: 54.193.219.134 / 2600:1f1c:b07:4400:78a2:1bb:9150:3772) or login credentials.

Please contact FL3XX Support with your Mail-Server URL/IP-Address and authentication details to set this up.

Conclusion

After setting up the SPF, DKIM, and DMARC records, FL3XX will be able to send emails on your behalf to your customer with a better reputation score. You can test the score online with MailTester. You can create a dedicated email address there and send an email directly from FL3XX to this email. Currently, our score should be in the area of 9, which is an excellent result.

This will ensure those emails won’t end up in the SPAM folder. In any case, if you are not sure what you are doing, we can assist you in the configuration of those settings.

Signing emails with an SMIME Certificate aims to increase the trustworthiness of outgoing emails.

Implementing one's own mail relay is not recommended for standard users.

You can also download the PDF files here:

International

North America