Send Zivver mails from your own domain

Introduction

How to configure the DNS records so that the recipient sees your Zivver messages as sent from your organization?

By default, the Zivver notification message appear to come from noreply@zivver.com. To decrease the chance that the recipient sees the message as spam, you can change noreply@zivver.com to your own address. To change, you must configure your DNS.

Zivver does checks whether your domain records are correct. The results show in a table at the bottom of the Zivver DNS Settings page.

Prerequisites

  • You have access to the DNS of your domain.
  • You have administrator permissions in Zivver.

Add domain

Add only the domains that send emails. If a mailbox can send regular emails and the user has a Zivver account, the mailbox can also send Zivver emails. Domains in your organization that only receive emails do not need the DNS settings.

  1. Go to the Zivver DNS Settings page.
  2. Log in with your administrator credentials.
  3. In the top right corner, click ADD DOMAIN.
  4. Enter your domain. Then, click ADD.
    Zivver automatically scans for the current DNS settings and shows one of the two:
    • a check mark done if the setting is there or
    • an exclamation mark report_problem if the setting is not there.
  5. Click the arrow down v= arrow_drop_down on the last row of the table.
    The DNS records show.
  6. Examine the settings of the DNS records for your domain.
  7. Open your DNS administrator panel.
  8. Add these settings to your DNS.
    The next sections tell how to add the settings to your DNS.

DANE and TRUSTED

They are not necessary for Zivver to send email from your domain. Now no action is necessary for DANE and TRUSTED.

Returnpath CNAME

The Return-Path CNAME points the Return-Path of Zivver emails back to Zivver. These are the consequences:

  • Zivver receives non-delivery reports (“bounce”) and other email feedback that receiving mail servers sent.
  • Zivver can pass this feedback to the Zivver user. For example, Zivver tells the user whether a Zivver message caused a non-delivery report.
  • The email passes the SPF alignment test. This is a part of DMARC.

When you create a CNAME record, you create a subdomain (zivverbounce.yourdomain) and point it to returnpath.zivver.com. With this, email providers can route emails back to Zivver.

Procedure

  1. Create a CNAME record in your DNS.
  2. Give it the name zivverbounce.yourdomain and the value returnpath.zivver.com.

Action Create
DNS record type CNAME
Name zivverbounce.
Value returnpath.zivver.com or
returnpath.zivver.com.
To know whether you must add a trailing dot (.), speak to your domain provider.

DKIM

With DomainKeys Identified Mail (DKIM) Zivver can take responsibility for a message. In this process, a recipient can verify that message. Zivver generates a public key in the Zivver DNS settings in the admin portal. Then, Zivver signs the emails with a private key so that the receiving mail servers can verify the email.

Procedure

  1. Create a TXT record in your DNS.
  2. Copy the value from the Zivver admin portal into your DNS.

Action Create
DNS record type TXT
Name zivver._domainkey.
Value Refer to DNS-Settings > DKIM
Do I need to implement DKIM on my domain to use DKIM for Zivver emails?
No, it is not necessary to implement DKIM on your domain to use DKIM for Zivver emails. You can implement DKIM for Zivver emails first. Then, you can implement DKIM for the rest of your domain later.

SPF

The Zivver Sender Policy Framework (SPF) entry shows that Zivver is allowed to send email on behalf of your organization.

Procedure

  • Update the already existing TXT record for SPF in your DNS.

    Add include:_spf.zivver.com to the value string that is your SPF record.

Action Update the current SPF record
DNS record type TXT
Name left empty or @ (1)
Value include:_spf.zivver.com

(1) Refer to the documentation of your hosting provider to know whether you must leave the name empty or use @.

Do not exceed the limit of 10 DNS lookups. The content of your SPF record depends on other mail servers or service providers that send email on your behalf. This example shows an SPF record if you use Google, Microsoft Office 365 and Zivver to send email on your behalf:

v=spf1 include:_spf.google.com include:spf.protection.outlook.com include:_spf.zivver.com ~all

Can a Zivver message be strict SPF aligned?

No, Zivver emails are not strict SPF aligned after you added the Zivver CNAME record. Zivver messages cannot be strict SPF aligned because the returnpath belongs to a subdomain (returnpath.zivver.com).

DNS lookup limits

Your SPF record can contain a maximum of 10 mechanisms and modifiers. This is the DNS lookup limit. The DNS lookup limit prevents a too high DNS load during SPF evaluation.

If you configure SPF for Zivver, you need two DNS lookups from the total of 10 available DNS lookups.

Examine your SPF record

Use an SPF record tool to find whether you can add the Zivver SPF record and stay in the limit of 10 DNS lookups limit. Examples are Dmarcian and MXTOOLBOX

My SPF record contains too many lookups

When the receiving email server finds that the DNS Lookup Limit exceeds the limit, the email server shows “SPF PermError: too many DNS lookups”. This results in a fail for an SPF check by a DMARC policy. Thus, too many DNS lookups can negatively affect your email deliverability. Dmarcian gives examples to overcome the SPF challenge if you have too many DNS lookups.

Why does Zivver use two DNS lookups?

Zivver uses two DNS lookups because Zivver uses zivver.com to send emails from Zivver on behalf of your organization. Zivver does not recommend to flatten the SPF record because the underlying server IP addresses will change in the future and Zivver does not update customers when IP addresses of email servers change.

DANE and TRUSTED

DANE and TRUSTED are not required for Zivver to send email from your domain instead of noreply@zivver.com and comply with modern anti-span techniques.

How do you know that it worked?

Wait for 24 hours maximum for the results to show in the Zivver DNS Settings Refresh the page if the results do not shown after 24 hours. Zivver shows a check mark for each DNS record that is successfully implemented in your DNS.

DANE and TRUSTED are not required for Zivver to send email from your domain.