By default, OpenForms sends notification, reminder and other emails from the address firstname.lastname@example.org using Amazon SES.
OpenForms has taken best-practice anti-spoofing measures to authenticate emails sent from this address.
As a result, recipients’ automated email security systems can be confident that emails sent from email@example.com have legitimately originated from OpenForms, rather than an unauthorized or malicious third party.
If you choose to send OpenForms emails from a domain matching your organization details instead of openforms.com, it is important to take your own anti-spoofing measures to authenticate the legitimacy of that domain. In some regions, you may be legally obliged to do so.
Authenticate outgoing emails (Anti-spoofing)
OpenForms supports the following anti-spoofing methods when sending emails on behalf of custom domains:
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM)
- Domain-based Messaging Authentication, Reporting and Conformance (DMARC)
Here’s how to implement each measure.
We recommend following security best practice and implementing DMARC on top of both SPF and DKIM.
Sender Policy Framework (SPF)
Instruct your domain name administrator or IT staff to add the following Amazon SES entries to your SPF record:
Example: v=spf1 ip4:22.214.171.124 include:_spf.example.com ~all
These network addresses are allocated to OpenForms for the sole purpose of delivering messages for our OpenForms platform.
DomainKeys Identified Mail (DKIM)
Submit a support request or send us an email letting us know you’d like to update your DKIM configuration, including the details of your domain name.
For example, if you’d like OpenForms to send notification, reminder, and other emails from firstname.lastname@example.org, you’ll need to specify exampledomain.com.
We will provide DNS records to be updated by your domain name administrator.
Domain-based Messaging Authentication, Reporting and Conformance (DMARC)
DMARC authentication leverages DKIM and SPF, so you must also be using those anti spoofing meaures to configure DMARC. Your DMARC configuration must also be using a “relaxed” policy
Submit a support request or send us an email letting us know you’d like to update your DMARC configuration.
You will need to provide a subdomain of the domain name used for your DKIM authentication.
For example, if the domain name you’ve specified for DKIM is exampledomain.com, you might specify mail.exampledomain.com
Your DMARC sub-domain cannot be used for any other purpose, including sending or receiving emails.
We will provide additional DNS records to be updated by your domain name administrator.
Prevent OpenForms emails being filtered as SPAM
OpenForms attempts to send emails in a reliable and timely manner. You can help ensure that you receive OpenForms emails in the following ways:
- Ensure you have verified all email addresses associated with your forms.
- Check your Junk Mail settings. Your email software or service will have features for managing SPAM or unsolicited email senders.