📩

Optimize the deliverability of your emails

We send your emails via Amazon's Simple Email Service (SES) in the EU, which offers one of the highest delivery rates worldwide. Here is why we (still) use Amazon for sending:

Why do we (still) send emails through Amazon AWS?

In order for us to deliver your emails as well as possible, you need to make a few technical settings in your email domain. If you send emails e.g. from name@example.ch, example.ch is your email domain.

With these technical settings, the mail servers of the recipients of your emails can verify that an email really comes from you and that we are allowed to send emails on your behalf.

If you don't make these settings, your emails should still arrive at most recipients - but not all. And it may be that some email programs add the note "sent via amazonses.com" to your emails. This hint disappears as soon as you have made the "DKIM entries".

So we strongly recommend you to implement the following recommendations:

DKIM records

💡
DKIM stands for "DomainKeys". DomainKeys is based on asymmetric encryption. The e-mail is provided with a digital signature, which the receiving server can verify using the public key available in the Domain Name System (DNS) of the domain. If this fails, the receiving server or the receiving application program has the option of rejecting or sorting out the e-mail.

a) Get your unique DKIM records from us

To enable DKIM for your emails, you would need to add three entries to your DNS. The entries are specific to your domain.

If you have not received DKIM entries from us yet, please contact us. We will be happy to send them to you.

Your DKIM entries look like this, for example:

image

b) Create the entries in the DNS of your domain

Please go to the DNS management of your domain.

With the provider Metanet for example you can find it here in the settings of the domain:

image

The layout is different for each provider. If you can't find the DNS settings for your domain, please check with the provider where you registered the domain.

To set up the DKIM records, please create a "CNAME" entry for each of the three entries.

Here we show you how to set up the entries with different hosting providers:

Cloudflare

image

Godaddy

image

Namecheap

image

c) Check if the entries work

It takes up to 24 hours for new DNS records to be accessible from everywhere on the Internet. With a free service like the DNS Checker you can check yourself if the setup was successful.

d) Get in touch with us

If the entries work, please contact us. Then we can activate the signing of your emails.

SPF record

💡
SPF is short for "Sender Policy Framework". This prevents emails under your domain from being sent from email servers that are not authorized by you.

In our case, you specify that e-mails under your domain may be sent with our mail server (Amazon SES). These entries are not specific to your domain, but the same for all our customers.

a) Create the entry in the DNS of your domain

To set it up, please create the following entry in your DNS:

  • Type: TXT (Not SPF, even if it is offered)
  • Host / domain: your hostname, like example.com (often referred to as "@" in the DNS)
  • Text / Content / Value: v=spf1 include:amazonses.com ~all

If there is already a TXT entry that starts with "v=spf1 a mx", you should not overwrite it, but add "include:amazonses.com". This could look like this

v=spf1 include:existingdomain.com include:amazonses.com ~all

This is how it looks in Godaddy for example:

image

b) Check if the entry works

It takes up to 24 hours for new DNS records to be accessible from everywhere on the Internet. With a free service like the DNS Checker you can check yourself if the setup was successful.

When the entry in DNS Checker is confirmed, the SPF is automatically active. You do not need to do anything else.

DMARC record

💡
DMARC stands for "Domain-based Message Authentication, Reporting and Conformance" and supplements DKIM and SPF. It defines for a sender domain how the recipient should authenticate e-mails and how to proceed in case of an authentication failure.

a) Create the entry in the DNS of your domain

With the following entry we specify that an email should be rejected if the DKIM and SPF check fails:

  • Type: TXT
  • Host: _dmarc (_dmarc.yourdomain.com)
  • Text / Content / Value: v=DMARC1; p=none
💡
"v=DMARC1; p=reject; p=none" would be the best setting, because we prevent that someone could send spam emails with your domain as sender. These e-mails would then be rejected by most mail servers.

However, you would need to make sure that all mails in your company are sent by services that have correct DKIM and SPF entries. Otherwise, some of your own emails will not be delivered. So only set it to “reject” if you really know what you are doing.

This is how the creation of a DMARC record looks in Cloudflare:

image

b) Check if the entry works

It takes up to 24 hours for new DNS records to be accessible from everywhere on the Internet. With a free service like the DNS Checker you can check yourself if the setup was successful.

When the entry in DNS Checker is confirmed, the DMARC is automatically active. You do not need to do anything else.

Custom MAIL FROM domain

💡
When an email is sent, it has two addresses that indicate its source:
  • From: this is the sender address that will be displayed to the recipient of the message. (Your email address).
  • MAIL FROM: this address indicates where the message originated.

The MAIL FROM address is sometimes called the envelope senderenvelope frombounce address, or Return Path address. Mail servers use the MAIL FROM address to return bounce messages and other error notifications. The MAIL FROM address is usually only viewable by recipients if they view the source code for the message.

By default, the MAIL FROM of our emails is the domain amazonses.com. However, you can also use a custom MAIL FROM domain. This can give you a small improvement in the deliverability of your emails. To do so, please proceed as follows:

a) Decide how to name your custom MAIL-FROM domain

A custom MAIL FROM domain should be a subdomain of the domain from which you send your emails. So if you send emails as name@example.ch, your MAIL-FROM domain should be a subdomain of example.ch - e.g.

  • mail.example.ch
  • mail-friendly.example.ch
  • etc.

In the end, it doesn't matter what exactly the subdomain is - the main thing is that it is a subdomain of the sending domain and is not used elsewhere yet.

⚠️
If you already use a custom domain for hosting Friendly Automate, please take a different subdomain for the custom MAIL-FROM domain. For technical reasons, it must not be the same domain.

b) Create an MX record in the DNS of your domain

Please go to the DNS management of your domain and create an "MX" record for the desired custom MAIL FROM domain.

  • Name: this is your chosen subdomain. For example, if you want to use mail.example.ch, enter "mail" here.
  • Type: MX
  • Value: feedback-smtp.eu-west-1.amazonses.com
  • Priority: 10

With Cloudflare, it would look something like this:

image

c) Create a TXT record in the DNS of your domain

Next, you would need to create a TXT record for the same subdomain.

  • Name: this is your chosen subdomain. For example, if you want to use mail.example.ch, enter "mail" here
  • Type: TXT
  • Text / Content / Value: v=spf1 include:amazonses.com ~all

With Cloudflare, it would look something like this:

image

d) Check if the MX and TXT entries work

It takes up to 24 hours for new DNS records to be accessible from everywhere on the Internet. With a free service like the DNS Checker you can check yourself if the setup was successful.

d) Get in touch with us

If the entries work, please contact us. After that, we can enable sending via the custom MAIL-FROM domain.

Do you have any questions? We are happy to help you via 📧 email, ☎️ phone and 👩‍💻 video calls.

Click here to go back to the main help page:

Friendly AutomateFriendly Automate