Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

SecuTix sends either technical (transaction ...) emails or "marketing" emails via SAM.

In both cases, reliability of delivery is very important.


Technical measures

Set an SPF entry in your DNS

Sender Policy Framework (SPF) is an email authentication method designed to detect forged sender addresses in emails.

SPF allows the receiver to check that an email claiming to come from a specific domain comes from an IP address authorized by that domain's administrators. The list of authorized sending hosts and IP addresses for a domain is published in the DNS records for that domain.

The procedure to be followed is:

  • SecuTix provides a list of IP address used to send emails on behalf of the institution "mosamuseum"
  • The "mosamuseum" institution publishes a corresponding SPF record in its DNS

DKIM – Introduction

SecuTix, acting as software-as-a-service providers (SaaS), allows you to define DomainKeys identified mail (DKIM) for sent emails. This requires coordination with SecuTix to set up the corresponding DNS records.
The example below illustrates this DKIM configuration with the header of an email from a fictive institution "mosamuseum":

Return-path:<communication@></communication@>Secutix.com>
From<sender@></sender@>mosamuseum.com>
DKIM-signature: s = s1024; d =mosamuseum.com
Subject: here is a message from SecuTix infrastructure, but with a DKIM signature authorized by mosamuseum.com



The procedure to be followed is:

  • SecuTix provides a DKIM public key to the institution "mosamuseum"
  • The "mosamuseum" institution publishes this DKIM public key in DNS records
  • SecuTix signs all emails sent with the DKIM private key (corresponding to the public key sent to the institution "mosamuseum"). This signature is included in the header of the email.

All systems receiving emails can perform a verification of the authenticity of the issuer by verifying the signature included in the message against who claims to be the issuer ("from" clause of the message). In the example below the two values must match:


For further reading, please refer to https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

DKIM - Description of the initial setup

  1.  The customer must create 2 dns records in their zone

    stxsel1._domainkey.mosamuseum.com.  IN CNAME sel1-mosa._domainkey.dkim.secutix.com.

    stxsel2._domainkey.mosamuseum.com.  IN CNAME sel2-mosa._domainkey.dkim.secutix.com.
    !!! Be careful to change "mosa" by the institution code. If any doubt, please open a support request for confirmation

  2. The customer must open a service support request in order to enable signature of outgoing emails


  • No labels