Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs2.zenskar.com/llms.txt

Use this file to discover all available pages before exploring further.

Add and authenticate senders who can send emails and notifications to your customers.

โ€‹
Definitions

Sender: a user authorized to send emails and notifications to your customers.
๐Ÿ•โ€This guide will help you to:
  • set up senders who are authorized to send emails and notifications to your customers
  • verify your domain ownership.

โ€‹
๐Ÿšง Critical background information

๐Ÿ“– Learn about email authentication, DKIM, DNS, and more. Sending emails and notifications to your customers is a sensitive activity. Cyber adversaries can impersonate organizations and forge emails to target unsuspecting victims. Email forgery is also known as email spoofing.

โ€‹
๐Ÿค” What is email authentication?

Email authentication is a collection of techniques used to ascertain that the emails sent from a specific server are not forged. It eliminates the possibility of a malicious actor impersonating an organization to send spam or phishing emails. Zenskar takes the threat of email forgery seriously and employs DomainKeys Identified Mail (DKIM) email authentication standard to defend against email forgery. The other commonly used email authentication standards are SPF and DMARC.

โ€‹
๐Ÿค” How does DKIM work?

DKIM authentication uses public-key cryptography , also called asymmetric cryptography, to secure emails. DKIM leverages the following:
  • Private keys: secret keys visible only to the domain owner. These keys are used by the sending email server to digitally sign an email.
  • Public keys: keys published in Domain Name System (DNS) records for the receiver. These are retrieved by the receiving email server to verify the authenticity of the email.

โ€‹
Your private keys

Zenskar, on your behalf, sends emails and notifications to your customers. To make this possible, we store and handle your private keys. We employ enterprise-grade security mechanisms to secure the private keys we handle.

โ€‹
Your public keys

Zenskar will provide you all the necessary records to be updated in your DNS. These records will make it possible for the receiving email servers to retrieve the necessary public keys for verification.
The following diagram shows an easy-to-understand depiction of the DKIM mechanism:

โ€‹
๐Ÿค” Adding DKIM records to DNS

A DNS record for DKIM can be:
  • CNAME: used if the DNS record is a pointer to a key.
  • TXT: used if the DNS record contains a key.
Zenskar uses Amazon SES email service. Amazon SES uses pointers to keys. Therefore, CNAME records must be added to your DNS to enable DKIM. For example, to enable DKIM for example.com domain, the following records will be required:
TypeNameValue
CNAME<selector 1>._domainkey.example.com<prefix 1>.dkim.amazonses.com
CNAME<selector 2>._domainkey.example.com<prefix 2>.dkim.amazonses.com
CNAME<selector 3>._domainkey.example.com<prefix 3>.dkim.amazonses.com

โ€‹
Caution

<selector X> and <prefix X> used in the example above are placeholders. The DKIM records you download from Zenskar will have real data. Caution must be exercised while copying and pasting the data to your DNS. Any change in the data will result in verification failure and wasted time.

โ€‹
Add a new sender

โ€‹
โš™๏ธ Step 1: Add a sender

  1. Navigate to Communications > Senders and click on the + ADD NEW SENDER button.
  2. In the ADD NEW SENDER page, enter the sender name and email Id.
  3. Click on SAVE & VERIFY SENDER button.
  4. An email with a verification link will be sent to the email ID supplied.

โ€‹
Sender email verification

The sender will receive an email with a verification link. Clicking on the link will complete the verification process.
The verification link in the email expires 24 hours after your verification request. If a link expires, go to Edit Sender page and click on RESEND VERIFICATION EMAIL .

โ€‹
Verifying status of a sender

  1. Navigate to Communications > Senders.
  2. Each sender in the sender list displayed will have one of the following tags:
    • PENDING: if the email verification is pending.
    • VERIFIED: if the email verification has been completed successfully.

โ€‹
โš™๏ธ Step 2: Domain ownership verification

After the completion of Step 1, you will be automatically taken to the EDIT SENDER page. If you did not download the DKIM records, you may navigate to the Edit Sender page.
  1. Download the DKIM records by clicking the DOWNLOAD DKIM RECORD button.
  2. Add the DKIM records to your DNS.

โ€‹
Important

You must possess administrator access to your domain registrar web portal to add DKIM records to DNS. If you do not have such access, ask the web administrator of your organization to complete this action.

โ€‹
Domain ownership verification is critical

Domain ownership verification can take 24 hours or more. The verification can fail, and the process may need to be started again. This can cause significant delays.Senders can send emails even when your domain ownership has not been verified. However, it is highly likely that your emails may end up in your customerโ€™s spam folder.Therefore, it is critical to get your domain ownership verified with the slightest delay.
The procedure to update DKIM records in DNS will vary depending on your domain registrar:

โ€‹
GoDaddy quirks

GoDaddy automatically appends the domain to the host value.
TypeNameValue
CNAME<selector 1>._domainkey.example.com<prefix 1>.dkim.amazonses.com
Therefore, while adding the above record, enter only <selector 1>._domainkey in the Host field.

โ€‹
Edit sender details

To edit the details of an existing sender, navigate to Communications > Senders. Click on the row corresponding to the sender whose details you wish to edit.

โ€‹
What can be edited?

Currently, only the name of the sender can be edited.