As we approach Spring 2024, it’s crucial to address a significant change in email policies that could impact your communications for the upcoming commencement. Google, Yahoo, and Microsoft have recently announced stricter email policies aimed at combating spam and spoofing.
This change mandates the authentication of every domain using SPF, DKIM, and DMARC protocols, directly affecting how emails from MarchingOrder reach your student body. If your domain isn’t fully verified, this could significantly hinder your email deliverability ahead of Spring 2024 commencements.
To avoid any communication disruptions, please follow our step-by-step domain verification guide below before the deadline of February 1, 2024:
Requirements for Ensuring Email Deliverability:
If email will be sent from the MarchingOrder system using an @marchingorder.com email
address, no action is necessary, other than ensuring nothing within your system will block
emails from @marchingorder.com or send them to spam.
Traditional SPF/DKIM records:
If your school would like the emails to come from an @<your_domain>.edu address, you will need to complete the following steps:
Step 1: Add or modify DNS records for the domain you will be sending emails from. For example, if you are sending emails from grads@marchingorder.com, the domain would be “marchingorder.com”.
Sender Policy Framework (SPF) Record
Our Email Service Provider (ESP) has assigned us a dedicated IP address, 176.31.145.254. All email sent from the MarchingOrder site will originate from this IP Address.
If there is already an SPF record for your sending domain (<your_domain>.edu)
Please add: ip4:176.31.145.254 to the existing SPF record.
Also add include (optional):_spf.elasticemail.com to the existing SPF record.
If your SPF Record is full, you may choose to use a subdomain. More information available below
If there is not already an SPF record for the sending domain, please add the following SPF record. For this example, we are using a subdomain, as most primary domains will already have an SPF record:
Name: subdomain.<your_domain>.edu
Value: v=spf1 ip4:176.31.145.254
(optional) include: _spf.elasticemail.com ~ALL
DomainKeys Identified Mail (DKIM)
Add a DKIM record (TXT record) of the public key so that the From domain can sign emails with DKIM for security and deliverability purposes. The d= domain would be the From domain. The selector will be “api._domainkey” in all cases.
Name (if using primary domain): api._domainkey.<your_domain>.edu
Or, if using a subdomain: api._domainkey.subdomain.<your_domain>.edu
Value: when you are ready, email techsupport@marchingorder.com for the DKIM key.
Domain-based Message Authentication Reporting & Conformance(DMARC)
Option A
Setup your DMARC policy with a simple, most common DMARC record. You will not receive any reports with this setup.
Host/Name:_dmarc
Value: v=DMARC1;p=none;
Option B
This setup will include reports. The DMARC Reports will come to the email you specify in ruf= and rua= parameters. If you do not wish to receive them anymore, remove these parameters (Similar to Option 1).
When you no longer receive negative reports, change your DMARC policy to quarantine which will not necessarily bounce email, but indicate to the recipient server they should consider quarantining it (junk or spam folder).
Host/Name:_dmarc
Value: v=DMARC1; p=quarantine; ruf=mailto:youremail@yourdomain.com; rua=mailto:youremail@yourdomain.com
ruf – Forensic (failure) reports
rua – Aggregate reports
Option C
Another option with reports included. When you are satisfied that you are validating all the email from your domain(s) with SPF and DKIM, change the policy to reject which will bounce the emails that do not pass SPF and DKIM validation.
Host/Name:_dmarc
Value: v=DMARC1; p=reject; ruf=mailto:youremail@yourdomain.com; rua=mailto:youremail@yourdomain.com
Please click here to view a list of the most popular tags available for your DMARC policy as above are only examples.
Step 2 (Optional): Setting up CNAME
Elastic Email “tracks” opens, clicks, unsubscribes, etc on sent emails. This tracking will also show on email records in your MarchingOrder Assistant.
To do this, Elastic must rewrite links and use web pages. Setting up a “tracking domain” brands these rewritten links and pages with your own domain.
Create a CNAME record. Enter:
Host/Name: tracking
Value: api.elasticemail.com
Step 3: Notify MarchingOrder of the sending domain so that it may be added and verified in the system.
Send the sending domain (your_domain.edu) to your CSM for verification. Your CSM will let you know if verification was successful.
Please note that once an SPF/DKIM record has been updated, it may take up to 48 hours for the settings to propagate.
If your SPF Record is Full:
If your SPF record is full, you may opt to use a subdomain to add a new SPF record as listed above, any replies back to that email address (e.g. commencement@subdomain.<your_domain>.edu) will need to be received by the sending, party, such as the Commencement Office.
One option to achieve this would be for local IT departments to set up forwarding from the subdomain to the email inbox of the primary domain. Another would be for the affected office to be given an inbox where they can send and receive mail using the subdomain email address.
Using an SPF Macro
Using an SPF Macro to complete the above DNS record changes is currently not recommended. While an SPF Marco can be verified, it may take up to 10 business days to complete verification. MarchingOrder highly recommends completing the DNS settings as instructed above with either your main or subdomain.
If you are unable to add SPF/DKIM Records
If you are unable to add these records to your system, or the setup is taking additional time, you may use <your_domain>@marchingorder.com as the permanent or temporary sending address. If you use an @marchingorder.com address to send messages, please the sending address you would like to use to your CSM so they can verify that it is available and setup forwarding to a local email address.
Note Regarding DMARC compliance
Our objective is to follow best practices for email security and delivery and be in full compliance with the DMARC standards. To ensure that your setup complies with the updated DMARC policies enacted by Google and Yahoo on February 1, 2024, the above steps must be completed.