Analytics (1)
3Captavi Release Notes
Captavi Release Notes (3)
2Captavi Support Tips
Captavi Support Tips (8)
7Data Science
Data Science (1)
5Email Marketing
Email Marketing (3)
6Marketing Automation
Marketing Automation (5)
8Marketing Technology TCO
Marketing Technology TCO (1)
Personas (2)
4Time-Saving Marketing Tips
Time-Saving Marketing Tips (3)


May 2018 (1)
December 2017 (2)
November 2017 (1)
October 2017 (1)
September 2017 (1)
August 2017 (1)
June 2017 (2)
April 2017 (1)
February 2017 (3)
January 2017 (1)
August 2016 (1)

Posted by: Poster Avatar Captavi Support   |    02/18/2017 09:55 AM

Setting up secured emails

Historically, the process for establishing a secured link between a domain name and an email provider has been pretty loose. In the past decade, the process has been refined and now we have a very clear path for establishing a connection between these two parties. The first thing you will to do is gain access to your domain provider or name server provider. We are going to need to update several DNS records to get everything into place. If you are uncomfortable with DNS records feel free to reach out to your support contact at Captavi to have this completed for you.


Sender Policy Framework (SPF) Records

Commonly referred to by their abbreviation the SPF record. Previously this was its own record type at the DNS level. This has since been deprecated. You will now utilize TXT records to store SPF data. A typical format for a TXT record containing SPF information would be the following:

v=spf1 ~all

If you use google mail as your email provider you'll need to merge the two TXT SPF records into one record.

This is as simple as adding a second "include:" to your string. An example could be: 

v=spf1  ~all

It is important to note that you will NOT wish to copy the above outlook example. Google and Outlook may have updated SPF requirements. It is always best to determine the latest requirements directly from their documentation. Be certain to have the following properly integrated into your record: 

DomainKeys Identified Mail (DKIM) Authorization

Each and every message that processes through the Captavi Platform is automatically signed with a DKIM signature that authenticates as the point of origin for your messages. This allows every message processing on our platform to properly authenticate at the major service providers. No action is required for DKIM authentication to occur, however, you have the option to customize DKIM signing with your own domain.

If you choose to utilize your own domain you'll need to create a CNAME entry at the DNS level. The CNAME entry for "" would be as follows: CNAME IN
Once you have this completed, you'll need to notify a member of our team via the support ticketing system. That team member will run our internal validation tools on the record to authorize our email domain to utilize your domain name when sending your emails to your customers.




DMARC Policy

Domain-based Message Authentication, Reporting, and Conformance for short DMARC is the pinnacle of security and authentication. It involves another layer of rigor for establishing this level of compliance. Adding a valid SPF record to your domain that includes the Captavi platform ( is a best practice. It is not enough to achieve a passing SPF result for DMARC. DMARC at the "relaxed" level requires that the organizational domain used in both of the two "From" addresses are matching. For example, the from address in the email marketing tool is [ ], then your reply address also needs to use an email address like [ ] or a subdomain such as [ ].

To help Captavi customers achieve passing SPF records that meet DMARC requirements we offer a feature called Custom Bounce Domains. This allows you to white-label the domain portion of the VERP address used in message delivery. If you would like to pursue DMARC Policy compliance please submit a ticket to the Captavi Support team for assistance.