Digital Signature Configuration
Domain digital signatures are a technology that ensures a message has not been altered or tampered with during transmission. Two main mechanisms are used for this:
- DKIM (DomainKeys Identified Mail) allows senders to sign emails with a private key and recipients — to verify the authenticity of the signatures using a public key stored in the DNS.
- SPF (Sender Policy Framework) checks whether the email comes from an authorized server specified in the domain's DNS record.
Both mechanisms increase the trust of email services in your messages and reduce the likelihood of them being identified as spam.
Follow this link to find answers to frequently asked questions about digital signatures.
Configuration Methods
Reteno offers three configuration methods:
- Full: The signature is applied to all emails sent from any mailbox of the main domain (for example,
@yourdomain.com
). - Full +: This option adds the ability to sign emails sent from subdomains (for example,
@sub.yourdomain.com
), providing the highest level of protection, including subdomains. - Subdomain: The digital signature is applied only to emails sent from a specific subdomain (for example,
@sub.yourdomain.com
), which is convenient when protecting only certain subdomains.
Note
We recommend setting up the Full + method. If this is impossible due to certain restrictions, choose the Subdomain method.
Next, we will review each configuration option.
Full
- Go to Settings → Domain verification and click the New domain button.
- Click Complex server configuration.
The Full configuration method is selected by default.
- Click Next.
- Specify a domain and click Start verification.
Note
Use your domain name instead of
yourdomain.com
.
Next, the system will check your domain's DNS records and suggest creating new ones or modifying the existing ones.
- Copy and paste each value from the Name and Data fields into the corresponding record types for your domain.
- Set up automatic forwarding for all emails sent to the
bounce+*
address in your domain to our[email protected]
address.
The“asterisk” term indicates that any number of valid characters can be placed in its position.
The easiest way to set up such redirection is if your domain's mail is located on Google servers — this service discards the suffix following the plus sign in the address bar. In this case, you just need to create a “bounce” mailbox and configure the forwarding of all incoming emails to [email protected]
.
If your mail is on any service that does not support dropping the suffix after the “plus” symbol, set up a mailbox to store all mail coming to your domain for all non-existent mailboxes. In this mailbox, set up a filter — if the email comes to an address starting with bounce+
, send it to [email protected]
; otherwise, delete it.
The functionality of the forwarding mechanism is checked during the verification stage.
Note
We also recommend that you set up forwarding copies of emails sent to the abuse address in your domain to our
[email protected]
address. Then we will be able to respond to complaints promptly.
- Return to your Reteno account and click Verify domain.
After this, the domain status should change to Domain verified.
Note
Some DNS servers need up to 48 hours to apply all changes.
Example of email headers in Gmail after domain verification:
The email is signed using the DKIM of both our domain and your domain.
Full +
- Go to Settings → Domain verification and click the New domain button.
- Specify the domain name and an unused name for the technical domain. For example, email, promo, support, or any other. For clarity, let's assume you chose the name sub.
- Click Start verification.
Next, the system will check your domain's DNS records and suggest creating new ones or modifying the existing ones.
- Copy and paste each value from the Name and Data fields into the corresponding record types for your domain.
- Return to your Reteno account and click Verify domain.
After this, the domain status should change to Domain verified.
Example of email headers in Gmail after domain verification:
The email is signed using the DKIM of both our domain and your domain.
Subdomain
Essentially, this is the same option as Full, but on a dedicated subdomain with automatic handling of spam complaints and errors.
This option is also suitable for situations where you want to separate the reputation of your marketing campaigns from transactional and other communications.
- Go to Settings → Domain verification and click the New domain button.
- Click Complex server configuration.
- Select Subdomain and click Next.
- Specify a subdomain and click Start configuration.
Next, the system will check your domain's DNS records and suggest creating new ones or modifying the existing ones.
- Copy and paste each value from the Name and Data fields into the corresponding record types for your domain.
- Return to your Reteno account and click Verify domain.
After this, the domain status should change to Domain verified.
Example of email headers in Gmail after domain verification:
The email is signed using the DKIM of our domain and your subdomain.
Note
- In this option, all mail for the subdomain you select will arrive at our mail servers and be forwarded to your address, which must be specified in the reply field.
- Your address indicated in the reply field must be valid; you must regularly review it and respond to emails arriving at it.
- Recipients can respond to emails and express their desire to unsubscribe from your campaigns. You must immediately unsubscribe such recipients.
See the example of how to set up digital signatures on Cloudflare >
Additional DNS Settings
If necessary, you can grant us access to Postmaster Tools analytics. To do this, we will provide a TXT or CNAME record that needs to be added to the DNS. More details >
Checking the Settings Correctness
Reteno has a built-in tool for checking domain settings. If the records are entered in a way that does not meet our recommendations, a warning will appear next to the verification status.
Click on the warning to see a list of recommendations in the pop-up window.
Make the recommended changes, and then click Refresh.
Any service that allows DNS queries, such as DNS Record Query, can check the availability of your published DNS records to mail servers.
We recommend a free online tool, SPF Policy Tester, to check that your SPF record is generated correctly and meets the standard's limitations.
Checking Settings During Operation
Reteno regularly checks to make sure your DNS settings are ok.
If the settings break, we will notify you by email. Until the issue is resolved, key signing for your domain will be suspended.
Please carefully read emails automatically generated by our service for you. If you receive at least one message about any problem, do not put off solving it for later; immediately contact our support team for help.
Deleting Domains
Click the trash can icon in the right column to delete a domain and confirm the action.
Updated 12 days ago