SecuTix sends either technical (transaction ...) emails or "marketing" emails via SAM.
In both cases, reliability of delivery is very important.
Technical measures
1) set an SPF entry in your DNS:
> > > Eric to fill in
2) Set up DKIM
SecuTix, acting as software-as-a-service providers (SaaS), allows you to define DomainKeys identified mail (DKIM) for sent emails. This requires coordination with SecuTix to set up the corresponding DNS records.
The example below illustrates this DKIM configuration with the header of an email from a fictive institution "mosamuseum":
The procedure to be followed is:
- SecuTix provides a DKIM public key to the institution "mosamuseum"
- The "mosamuseum" institution publishes this DKIM public key in DNS records
- SecuTix signs all emails sent with the DKIM private key (corresponding to the public key sent to the institution "mosamuseum"). This signature is included in the header of the email.
All systems receiving emails can perform a verification of the authenticity of the issuer by verifying the signature included in the message against who claims to be the issuer ("from" clause of the message). In the example below the two values must match:
- sender@mosamuseum.com -> mosamuseum.com
- DKIM-signature: s = s1024; d =mosamuseum.com -> mosamuseum.com
3) use a sender email address that can really receive emails.
4) SecuTix ensures that the IP addresses used to send the emails are separated between transactional emails and marketing emails, and in both cases, IPs are "clean"