Articles in this section

Improve email delivery rates

Ensuring that your emails reach their intended recipients is crucial for effective communication. Your network administrator may need to update your email and DNS servers to improve your email delivery rates.

  • Finalsite sends emails on behalf of your personnel, making them appear to come directly from your district or school.
  • This step-by-step guide will help improve email delivery rates by:
    • setting up SPF, DKIM, and DMARC
    • configuring IP whitelisting
    • monitoring email protocols

 

 

This is a Help for District Administrators article, providing comprehensive support for those with the highest level of access as they help their communities get started with Messages XR Enterprise.

 

Authorizing Finalsite to send emails on your behalf helps prevent messages from being rejected or flagged as spam by email services used by your organization, parents, and students. Follow these guidelines to ensure your messages are delivered efficiently and securely.

Step 1: Authorize email sending and authentication

When support sends emails on behalf of your personnel, they appear to come directly from your organization. Authorization helps prevent these messages from being flagged as spam.

What are SPF, DKIM, and DMARC? 

SPF, DKIM, and DMARC are used to let email service providers know that you have authorized Finalsite to send email on behalf of your school district personnel:

  • Sender Policy Framework (SPF): An email verification system that allows domain owners to identify the mail servers they use to send mail. This helps ensure that forged emails are caught by spam filters, while legitimate emails get through.
  • DomainKeys Identified Mail (DKIM): A form of email authentication that adds an encrypted signature to your email messages, proving they came from a trusted source and were not modified in transit.
  • Domain-based Message Authentication, Reporting & Conformance (DMARC): An email validation system that allows you to create policies for blocking fraudulent activity appearing from your domain. To pass DMARC, a message must pass authentication and alignment with SPF and/or DKIM.

Configure your Global SPF, DKIM, and DMARC settings 

  • In the Messages XR Enterprise platform, navigate to Settings > Global Settings.
  • Scroll down to Email Reliability and Security > Click here to improve your email delivery
    click to improve email delivery.png
  • Click to view the instructions to verify the setup.
    • Set up SPF record: Update or set up an SPF record to include: _spf.bbnotify.net
      • If your district does not have an SPF record, your network administrator will need to add a record to your DNS. We recommend adding the following:
        host type value @ TXT v=spf1 mx include:_spf.bbnotify.net -all
        host type value visual.png
      • Important Note: If you require an additional SPF entry, be sure to include it in the same line.
    • Add DKIM DNS records: Follow the instructions in your email application to set up DKIM DNS records.
    • Set up DMARC: Implement DMARC policies to block fraudulent activities appearing from your domain.

Step 2: Configure IP whitelisting

What is whitelisting? 

Whitelisting is a security measure that grants access only to approved entities, such as email addresses, IP addresses, applications, or websites, while denying access to anything not on the list. For email servers, this may involve configuring them to accept messages from Finalsite's servers, either through SPF records or manual whitelisting of Finalsite's IP addresses. Consult your network administrator to determine if your email servers need configuration changes.

Configure your Global IP whitelisting settings 

    • From the Communications HQ interface menu, navigate to Settings > Global Settings.
    • In Global Settings, select "Click here to improve your email delivery"
      click here zoomed in.png
    • Provide your email domain and click Verify.
      verify domain field.png
    • Verify SPF, DKIM, and DMARC records. 
      verify domain with spf dkim dmarc boxes.png
    • Remove rate limits: Ensure no rate limits on emails from Finalsite CE relays by allowing IP addresses 192.230.230.0/24 and 69.196.242.0/24.

"Congratulations!" message

When you see a "Congratulations" message verifying records for SPF, DKIM, and DMARC, the verification is complete and everything is properly set up on your DNS. If you don't see congratulation messages for each one, have your network administrator set up the email authentication protocols on your DNS.

Office 365 configuration

All Office 365 users must update their connection filter policy to allow these IP addresses. Learn more in the article, "Configure connection filtering." 

Here are the instructions: 

  1. Sign in to the "Microsoft Security & Compliance Center".
  2. Click the Policies and rules item on the left sidebar menu and select "Threat Policies".
  3. Click the Policies and rules > Anti-Spam under the Policies. To go directly to the Anti-spam policies page, use https://security.microsoft.com/antispam.
  4. Click the Connection filter policy and select the "Edit connection filter".
  5. Add the IP addresses (192.230.230.0/24, 69.196.242.0/24) to the section labeled "Always allow messages from the following IP addresses or address range".
  6. Enable the Turn on safe list option.
  7. Click Save to complete the process.

GSuite configuration

All GSuite users must add these IP addresses to your email allowlist. Learn more in the article, "Add IP addresses to allowlists in Gmail."

Here are the instructions: 

  1. Your current account, might not have permission to do these steps. Make sure you're signed in to an administrator account.
  2. In the Admin console, go to Menu >Apps > Google Workspace > Gmail > Spam, Phishing and Malware.
  3. On the left, select the top-level organization. This is usually your domain.
  4. On the Spam, phishing, and malware tab, scroll to the Email allowlist setting. Or, in the search field, enter email allowlist.
  5. Enter the IP address of the sending mail servers you want to add to the allowlist - for Finalsite mail services - 192.230.230.0/24, 69.196.242.0/24. To add more than one IP address, enter an IP range (using CIDR notation) or separate individual IP addresses with commas.
    • Note: Enter public IP addresses only. This setting doesn't support private IP addresses.
  6. At the bottom of the page, click Save.

Important Note

Are you using Barracuda Email Protection or other similar security vendors? Please open a ticket directly with the vendor to remove rate limits.  

Step 3: Verification and maintenance

Finalsite uses TLS (Transport Layer Security) for email delivery. Ensure your server supports at least TLS 1.1 (TLS 1.2 recommended). If your server does not support TLS, configure it to accept unencrypted SMTP or upgrade TLS functionality. This may differ in instructions, depending on your mail server. 

Step 4: Success! 

By following these steps, you can enhance email delivery, ensuring messages reach your intended recipients efficiently and securely. If you have any issues or need further assistance, reach out to your network administrator or email service provider.

Was this article helpful?
0 out of 0 found this helpful