I am a Zivver admin
Configure and manage Zivver
Send Zivver mails from your own domain
Introduction
How to configure the DNS records so that the recipient sees your Zivver messages as sent from your organization?
By default, the Zivver notification message appear to come from noreply@zivver.com. To decrease the chance that the recipient sees the message as spam, you can change noreply@zivver.com to your own address. To change, you must configure your DNS.
Zivver does checks whether your domain records are correct. The features that are correctly set-up are visible under Enabled features on the Domains page.
Prerequisites
- You have access to the DNS of your domain.
- You have administrator permissions in Zivver.
Add domain
Add only the domains that send emails. If a mailbox can send regular emails and the user has a Zivver account, the mailbox can also send Zivver emails. Domains in your organization that only receive emails do not need the DNS settings.
- Go to the Domains page.
- Log in with your administrator credentials.
- Optional: If the domain is not claimed yet, claim the domain first.
- Click on the button next to the domain you want to add the DNS settings for.
Under the Send from own domain section, you can see the DNS settings that you need to add to your DNS. The settings are divided into three sections: CNAME, DKIM and SPF.
Behind every setting you will see a gray label off or a green lable on, depending on whether the setting is already correctly added to your DNS.
- Examine the settings of the DNS records for your domain.
- Open your DNS administrator panel.
- Add these settings to your DNS. The next sections tell how to add the settings to your DNS.
Returnpath CNAME
The Returnpath CNAME points the Returnpath of Zivver emails back to Zivver. These are the consequences:
- Zivver receives non-delivery reports ("bounce") and other email feedback that receiving mail servers sent.
- Zivver can pass this feedback to the Zivver user. For example, Zivver tells the user whether a Zivver message caused a non-delivery report.
- The email passes the SPF alignment test. This is a part of DMARC.
When you create a CNAME record, you create a subdomain (zivverbounce.yourdomain) and point it to returnpath.zivver.com. With this, email providers can route emails back to Zivver.
Procedure
- Create a CNAME record in your DNS.
- Give it the name `zivverbounce.yourdomain` and the value `returnpath.zivver.com`.
| Action | Create |
|---|---|
| DNS record type | CNAME |
| Name | zivverbounce. |
| Value | returnpath.zivver.com or |
returnpath.zivver.com. |
NoteDKIM
With Domain Keys Identified Mail (DKIM) Zivver can take responsibility for a message. In this process, a recipient can verify that message. Zivver generates a public key in the Zivver DNS settings in the admin portal. Then, Zivver signs the emails with a private key so that the receiving mail servers can verify the email.
Procedure
- Create a TXT record in your DNS.
- Copy the value from the Zivver admin portal into your DNS.
| Action | Create |
|---|---|
| DNS record type | TXT |
| Name | zivver._domainkey. |
| Value | Refer to Domains > Send from own domain > DKIM |
TipNo, it is not necessary to implement DKIM on your domain to use DKIM for Zivver emails. You can implement DKIM for Zivver emails first. Then, you can implement DKIM for the rest of your domain later.
SPF
The Zivver Sender Policy Framework (SPF) entry shows that Zivver is allowed to send email on behalf of your organization.
Procedure
- Update the already existing TXT record for SPF in your DNS.
Add `include:_spf.zivver.com` to the value string that is your SPF record.
| Action | Update the current SPF record |
|---|---|
| DNS record type | TXT |
| Name | left empty or @1 |
| Value | include:_spf.zivver.com |
1 Refer to the documentation of your hosting provider to know whether you must leave the name empty or use @.
Do not exceed the limit of 10 DNS lookups. The content of your SPF record depends on other mail servers or service providers that send email on your behalf. This example shows an SPF record if you use Google, Microsoft Office 365 and Zivver to send email on your behalf:
v=spf1 include:_spf.google.com include:spf.protection.outlook.com include:_spf.zivver.com ~all
Can a Zivver message be strict SPF aligned?
No, Zivver emails are not strict SPF aligned after you added the Zivver CNAME record. Zivver messages cannot be strict SPF aligned because the returnpath belongs to a subdomain (returnpath.zivver.com).
DNS lookup limits
Your SPF record can contain a maximum of 10 mechanisms and modifiers. This is the DNS lookup limit. The DNS lookup limit prevents a too high DNS load during SPF evaluation.
If you configure SPF for Zivver, you need two DNS lookups from the total of 10 available DNS lookups.
Examine your SPF record
Use an SPF record tool to find whether you can add the Zivver SPF record and stay in the limit of 10 DNS lookups limit. Examples are Dmarcian and MXTOOLBOX
My SPF record contains too many lookups
When the receiving email server finds that the DNS Lookup Limit exceeds the limit, the email server shows “SPF PermError: too many DNS lookups”. This results in a fail for an SPF check by a DMARC policy. Thus, too many DNS lookups can negatively affect your email deliverability. Dmarcian gives examples to overcome the SPF challenge if you have too many DNS lookups.
Why does Zivver use two DNS lookups?
Zivver uses two DNS lookups because Zivver uses zivver.com to send emails from Zivver on behalf of your organization. Zivver does not recommend to flatten the SPF record because the underlying server IP addresses will change in the future and Zivver does not update customers when IP addresses of email servers change.
How do you know that it worked?
Wait for 24 hours maximum for the results to show in the Domains page.
Refresh the page if the results do not shown after 24 hours. Zivver shows a green on lable for every DNS setting that is successfully implemented in your DNS.