DKIM & SPF Validation for Partner Emails

Overview

The DKIM & SPF Validation feature assists partners with the automated emails the gateway sends on behalf of partners (e.g. password reset emails, settlement reports, etc.). Properly configured DKIM and SPF records play a crucial role in ensuring the reliable delivery of emails to their recipients. This tool is designed to provide our partners and merchants with the confidence that their email domain is correctly configured.

Merchants can use DKIM & SPF Validation for gateway emails sent to their customers. To view this on the merchant portal go to our DKIM & SPF Validation for Merchant Emails section.

What is a DKIM Record?

DKIM, also known as DomainKeys Identified Mail, is a security protocol designed to enhance the trust and security of email communications. It achieves this by adding a digital signature to outgoing emails from a domain, which can be verified using a public key retrieved from DNS records by the recipient's server. This verification process confirms the authenticity and integrity of the email, thus helping to prevent email spoofing and phishing. The DKIM record, which forms part of a domain's DNS settings, contains the public key used for this important verification process.

What is an SPF Record?

SPF, which stands for Sender Policy Framework, is an e-mail anti-spoofing control that uses public DNS TXT records to verify the sending mail server’s authority to send mail on a domain’s behalf. An SPF record is a DNS TXT record with a specific format, which lists authorized IPs or Hostnames permitted to send mail on the sending domain’s behalf.

Why use DKIM & SPF Records?

USAePAY uses a method to send automated emails from the gateway that makes them appear as if they are sent by you or your merchant. While this is a valuable feature for all parties involved, it also creates an opportunity for bad actors to deceive recipients into thinking that an email comes from a legitimate source when it does not. As a result, email services like Gmail and Outlook may mistakenly flag our emails as fraudulent at times.

The recommended way to authenticate these messages and confirm their legitimacy is by verifying specific DNS records on a user’s domain. This validation ensures that the displayed email matches the actual source. These essential DNS record types are known as DKIM records (Domain Keys Identified Mail) and SPF records (Sender Policy Framework), which can be set up by anyone who owns a domain (e.g., nmi.com) through their domain registrar (such as GoDaddy, Hover, DreamHost, etc.).

Note: Since addresses ending in @gmail.com, @outlook.com, and @yahoo.com are domains owned by Google, Microsoft, and Yahoo, an email address like partner@gmail.com will remain unverifiable because only Google can access their domain settings.

Domain Validation Status

When you add your email address to your Partner Portal, this tool checks with your domain registrar to confirm whether the DKIM and SPF records are properly configured for that domain. For example, if your domain is domain.com and your email address is support@domain.com, the tool would check domain.com to confirm you have added the proper DKIM/SPF records to your domain.

To add an email address, log in to your Partner Portal, go to Settings → Console Branding.

The email fields will show one of the following statuses depending on the domain you enter for your email address:

  • DOMAIN VALIDATED - When a domain's DKIM/SPF records are correctly set up, the field displays a green “OK” status, indicating that DKIM/SPF is functioning correctly.
  • UNABLE TO VALIDATE - If the domain’s DKIM/SPF records are not set up correctly (or either record is missing), the field displays a yellow “warning” status.
    • The user will still be able to save their email, they will just be warned about possible delivery issues.
  • INVALID EMAIL ADDRESS - If the email address is invalid, the field displays red and will not allow the email address to be saved.

The warnings are in the Partner Portal as shown below:

Partner Portal

For more information on adding SPF and DKIM records, see Adding SPF & DKIM Records To Help Emails Get To Recipients