Set up the customer email sender

Emails sent from Sitecore Content Hub are signed using a DomainKeys Identified Mail (DKIM) record, which verifies that the sender is authorized to send emails on behalf of your domain.

We use a sender policy framework (SPF) record to whitelist the email sender. This record also instructs spam filters on how to handle emails from unauthorized senders.

Domain-based message authentication, reporting, and conformance (DMARC) records define rules and report unauthorized senders trying to send emails on behalf of the your domain. By notifying the sender that an email is authorized, it is not blocked or listed as spam.

This walkthrough describes how to:

  1. Create a service request

  2. Configure SPF, DKIM, and DMARC on the customer side

  3. Validate the configuration

Create a service request

To create a service request:

  1. Go to support.sitecore.com and log in to the Sitecore Support and Self-Service Portal.

  2. Click Create Service Requests.

  3. In the left pane, in the Catalogs drop-down list, select Content Hub and, in the Categories drop-down list, select Configuration Changes.

  4. On the Configuration Changes page, click Custom DNS Setup.

Ensure your request contains the:

  • SPF record

  • DKIM record

  • DMARC record

  • Domain name system (DNS)

The service request must also contain the following information.

Field

Value

Title

Email configuration request that provides SPF, DKIM, DMARC, and DNS records.

Description

Description of the ticket.

Email

Email of the sender, for example, [email protected].

Sender’s name

Name of the sender, for example, Sitecore Content Hub.

Configure the customer's side

The following must be configured on the customer's side:

  • DMARC

  • SPF

  • DKIM

There are four variables that impact the configuration.

Variable

Description

Domain name

The name of the domain. For example, if the sender's email is [email protected], the domain name is mycompany.com.

Subdomain (optional)

The name of the subdomain (if applicable). For example, if the sender's email is [email protected], the subdomain is mysubdomain.

DMARC admin email address

The admin email address used to send information on blocked emails (for example, [email protected]).

DKIM Config

The required DKIM configuration, which is provided as a response on the service request ticket.

Here are some examples:

CNAME: em400.mydomain.com pointing to u2222.wl240.sendgrid.net

CNAME: 016._domainkey.mydomain.com pointing to 016.domainkey.u2222.wl240.sendgrid.net

CNAME: 0162._domainkey.mydomain.com pointing to 0162.domainkey.u2222.wl240.sendgrid.net

Configure DMARC

Make sure that there is a DMARC record configured on your domain. You can configure DMARC by adding policies to your domain’s TXT records:

Options

Description

Option 1 - Without subdomain

TXT: \_dmarc pointing to v=DMARC1; p=reject; pct=100; rua=mailto:[email protected]

Option 2 - With subdomain

TXT: \_dmarc.subdomain pointing to v=DMARC1; p=reject; pct=100; rua=mailto:[email protected]

Configure SPF

SPF is an email authentication method designed to detect forged sender addresses during the email delivery. An SPF record is a TXT record part of a domain's DNS. An SPF record lists all authorized host names and IP addresses permitted to send an email on behalf of your domain.

Options

Description

Option 1 - There is an existing SPF record

Add sendgrid.net to the existing SPF record.

Option 2a - No SPF record exists (without subdomain)

Create a new SPF record with the following details: TXT: @ pointing to mycompany.com.600 IN TXT"v=spf1 include:sendgrid.net ~all"

Option 2b - No SPF record exists (with subdomain)

Create a new SPF record with the following details: TXT: subdomain pointing to subdomain.mycompany.com. 600 IN TXT "v=spf1 include:sendgrid.net ~all"

Configure DKIM

DKIM is a method to validate the authenticity of email messages. When each email message is sent, it is signed using a private key and then validated on the receiving mail server (or ISP) using a public key in DNS.

Create a DKIM record following the configuration provided as part of your service request.

Here are some examples:

  • CNAME: em400.mydomain.com pointing to u2222.wl240.sendgrid.net

  • CNAME: 016._domainkey.mydomain.com pointing to 016.domainkey.u2222.wl240.sendgrid.net

  • CNAME: 0162._domainkey.mydomain.com pointing to 0162.domainkey.u2222.wl240.sendgrid.net

Validate the configuration

When the support request and configuration are completed, you can verify the configuration on the DNS side. To do this, open a tool such as Dmarcian to validate your domain entries.

Validate DKIM

If the DKIM authentication is not found, insert the selector value created when configuring the DKIM text field into the Enter selector field and validate the DKIM record again.

Important

Dmarcian is an external website not owned or managed by Sitecore. Dmarcian is used as an example. We do not provide support for products that are not owned by Sitecore.

Do you have some feedback for us?

If you have suggestions for improving this article,