Digital Signature Configuration

Domain digital signatures are a technology that ensures a message has not been altered or tampered with during transmission. Two main mechanisms are used for this:

  • DKIM (DomainKeys Identified Mail) allows senders to sign emails with a private key and recipients — to verify the authenticity of the signatures using a public key stored in the DNS.
  • SPF (Sender Policy Framework) checks whether the email comes from an authorized server specified in the domain's DNS record.

Both mechanisms increase the trust of email services in your messages and reduce the likelihood of them being identified as spam.

Follow this link to find answers to frequently asked questions about digital signatures.

Configuration Methods

Reteno offers three configuration methods:

  1. Full: The signature is applied to all emails sent from any mailbox of the main domain (for example, @yourdomain.com).
  2. Full +: This option adds the ability to sign emails sent from subdomains (for example, @sub.yourdomain.com), providing the highest level of protection, including subdomains.
  3. Subdomain: The digital signature is applied only to emails sent from a specific subdomain (for example, @sub.yourdomain.com), which is convenient when protecting only certain subdomains.

📘

Note

We recommend setting up the Full + method. If this is impossible due to certain restrictions, choose the Subdomain method.

Next, we will review each configuration option.

Full

  1. Go to Settings  → Domain verification and click the New domain button.
New domain
  1. Click Complex server configuration.
Complex server configuration

The Full configuration method is selected by default.

  1. Click Next.
Full configuration
  1. Specify a domain and click Start verification.

📘

Note

Use your domain name instead of yourdomain.com.

Start verification

Next, the system will check your domain's DNS records and suggest creating new ones or modifying the existing ones.

  1. Copy and paste each value from the Name and Data fields into the corresponding record types for your domain.
Copy and paste each value
  1. Set up automatic forwarding for all emails sent to the bounce+* address in your domain to our [email protected] address.

The“asterisk” term indicates that any number of valid characters can be placed in its position.

The easiest way to set up such redirection is if your domain's mail is located on Google servers — this service discards the suffix following the plus sign in the address bar. In this case, you just need to create a “bounce” mailbox and configure the forwarding of all incoming emails to [email protected].

If your mail is on any service that does not support dropping the suffix after the “plus” symbol, set up a mailbox to store all mail coming to your domain for all non-existent mailboxes. In this mailbox, set up a filter — if the email comes to an address starting with bounce+, send it to [email protected]; otherwise, delete it.

The functionality of the forwarding mechanism is checked during the verification stage.

📘

Note

We also recommend that you set up forwarding copies of emails sent to the abuse address in your domain to our [email protected] address. Then we will be able to respond to complaints promptly.

  1. Return to your Reteno account and click Verify domain.
Verify domain

After this, the domain status should change to Domain verified.

Domain verified

📘

Note

Some DNS servers need up to 48 hours to apply all changes.

Example of email headers in Gmail after domain verification:

Example of email headers

The email is signed using the DKIM of both our domain and your domain.

Full +

  1. Go to Settings  → Domain verification and click the New domain button.
New domain
  1. Specify the domain name and an unused name for the technical domain. For example, email, promo, support, or any other. For clarity, let's assume you chose the name sub.
  2. Click Start verification.
Start verification

Next, the system will check your domain's DNS records and suggest creating new ones or modifying the existing ones.

  1. Copy and paste each value from the Name and Data fields into the corresponding record types for your domain.
Copy and paste each value
  1. Return to your Reteno account and click Verify domain.
Verify domain

After this, the domain status should change to Domain verified.

Domain verified

Example of email headers in Gmail after domain verification:

Example of email headers

The email is signed using the DKIM of both our domain and your domain.

Subdomain

Essentially, this is the same option as Full, but on a dedicated subdomain with automatic handling of spam complaints and errors.

This option is also suitable for situations where you want to separate the reputation of your marketing campaigns from transactional and other communications.

  1. Go to Settings  → Domain verification and click the New domain button.
 New domain
  1. Click Complex server configuration.
Complex server configuration
  1. Select Subdomain and click Next.
Select Subdomain
  1. Specify a subdomain and click Start configuration.
Start configuration

Next, the system will check your domain's DNS records and suggest creating new ones or modifying the existing ones.

  1. Copy and paste each value from the Name and Data fields into the corresponding record types for your domain.
Copy and paste each value
  1. Return to your Reteno account and click Verify domain.
Verify domain

After this, the domain status should change to Domain verified.

Domain verified

Example of email headers in Gmail after domain verification:

Example of email headers

The email is signed using the DKIM of our domain and your subdomain.

📘

Note

  • In this option, all mail for the subdomain you select will arrive at our mail servers and be forwarded to your address, which must be specified in the reply field.
  • Your address indicated in the reply field must be valid; you must regularly review it and respond to emails arriving at it. 
  • Recipients can respond to emails and express their desire to unsubscribe from your campaigns. You must immediately unsubscribe such recipients.

See the example of how to set up digital signatures on Cloudflare >

Additional DNS Settings

If necessary, you can grant us access to Postmaster Tools analytics. To do this, we will provide a TXT or CNAME record that needs to be added to the DNS. More details >

Checking the Settings Correctness

Reteno has a built-in tool for checking domain settings. If the records are entered in a way that does not meet our recommendations, a warning will appear next to the verification status.

Warning

Click on the warning to see a list of recommendations in the pop-up window.

List of recommendations

Make the recommended changes, and then click Refresh.

Any service that allows DNS queries, such as DNS Record Query, can check the availability of your published DNS records to mail servers.

We recommend a free online tool, SPF Policy Tester, to check that your SPF record is generated correctly and meets the standard's limitations.

Checking Settings During Operation

Reteno regularly checks to make sure your DNS settings are ok. 

If the settings break, we will notify you by email. Until the issue is resolved, key signing for your domain will be suspended.

Please carefully read emails automatically generated by our service for you. If you receive at least one message about any problem, do not put off solving it for later; immediately contact our support team for help.

Deleting Domains

Click the trash can icon in the right column to delete a domain and confirm the action.

Deleting domains