Mandatory Email Domain Authorization
Every journalist and every influencer receives hundreds of emails daily. Some of these are legitimate and critical—yours! But many are just spam or scam emails just like the ones you can receive in your own inbox.
To improve security, a few safeguards were taken to better identify an email as legitimate. In particular, there is increased attention on verifying that the sender, in this case Cision, is allowed to send email on behalf of your organization.
While this might be obvious and not a concern when you send email from your own domain, additional steps are required to make sure email sent by Cision on your behalf will be correctly delivered. This document explains the necessary steps to improve email deliverability from Cision.
Email Security Checklist:
1. Cision will provide you with the necessary technical configurations: SPF, DKIM, and DMARC information
2. Ask your IT team to add DNS entries for SPF, DKIM, and DMARC to make sure emails sent by Cision on your behalf will be delivered
You can also do this yourself if you have access to your DNS records (please refer to your domain host)
3. Check with Cision that everything is working (our Customer Domain team is available to help you)
Depending on the solution applicable to you, they can provide you with any missing information including IP address(es) and DKIM keys. You can reach them at email@example.com
4. Now that you’ve taken the steps to ensure your recipients will receive your messages—increase your distribution performance!
Best Practices for Enhanced Email Security
If you do not have the IP address or domain to add to the SPF and/or the DKIM keys generated for your domain name, please send a request to firstname.lastname@example.org . This information must be shared with your IT department or to the service provider host responsible for your internet domain.
SPF (Sender Policy Framework)
The SPF protocol allows the owner of a domain name to specify which servers are authorized to send emails from that domain, which prevents spammers from sending unauthorized messages that appear to be from your domain. When a server receives an incoming email, it checks whether the IP address of the sending server is on the list of allowed domain(s) or IP address(es) according to the sender's SPF record.
Create a new SPF record or update your existing SPF record on your domain
A domain's SPF policy is defined using a TXT record. For verification to be completed correctly, each domain can only have one SPF record.
If you do not have the IP address(es) to add to the SPF record, please reach out to us as it differs by platform.
DKIM (DomainKeys Identified Mail)
The DKIM allows a user to authenticate emails using an electronic signature. The server will determine if the signature and key in the record match, this ensures that the message is authentic and has not been altered during sending. Receiving servers use DKIM to verify that the domain owner actually sent the message.
Add DKIM keys to your DNS* servers for the domain you are using to get replies from journalists
It must be at the domain level; the subdomain will not work.
If you do not have the DKIM keys, please reach out to us as it defers by platform.
*DNS: Domain Name System (“Internet directory”) turns domain names into IP addresses, which browsers use to load internet pages. Every device connected to the internet has its own IP address, which is used by other devices to locate it and to search for information (e.g. SPF record, DKIM keys) within domains. Note: the domain owner controls the DNS data
Best Practices for Enhanced Email Security
If you do not have the IP address or domain to add to the SPF and/or the DKIM keys generated for your domain name, please send a request to email@example.com. This information must be shared with your IT department or to the service provider host responsible for your internet domain.
DMARC (Domain-based Message Authentication, Reporting, & Conformance)
The DMARC is a protocol that unifies SPF and DKIM. The instructions contained in a domain name's DMARC record tell the receiving server what to do with an incoming email that fails the SPF and/or DKIM check. DMARC ensures that your domain gets the deliverability it deserves based on the sending practices you follow through the domain’s use in all phases of email authentication for your messages.
Enable the DMARC policy and depending on your preference, set “p=none” (or “p=quarantine”, or “p=reject” depending on your organization’s security policy)
You can enable once DKIM records have been successfully added and verified in the email service provider.
Starting February 2024, Gmail and Yahoo! will require the following for senders who send 5,000 or more messages a day to Gmail/Yahoo!accounts: authenticate outgoing email, avoid sending unwanted or unsolicited email, and make it easy for recipients to unsubscribe.
Use a domain that you own (@company.com) to send emails
Do NOT use gmail.com, hotmail.com or yahoo.com (or a domain you do not own) as the “From” address.
When DKIM is properly setup and DMARC policy has been enabled, and you are sending emails from your own domain, the cap should no longer be a concern.