Purpose

As of February 2024, email providers like Google and Yahoo are enforcing additional email authentication requirements. These changes are being made in a continuing effort to protect users against fraudulent messages, such as scams and phishing attempts, and will prevent any emails sent from unauthenticated email addresses from reaching your client inboxes.

At Aspire, we already follow these security best practices, but you may need to make some changes in order to comply when sending messages with your system. You will want to make sure that Aspire is allowed to send emails on your behalf by creating something called an SPF Record.

📌 Note: Aspire also supports DKIM for an added layer of security. You can request this by logging a ticket with AspireCare and providing your domain name.

DKIM Information for Microsoft Office 365

DKIM Information for Google Workspace

If you do not have an SPF Record already, you’ll need to create one!

⚠️ If changes aren’t made, some types of outbound emails generated by Aspire will not reach your customers: Opportunities, Proposals, Invoices, Site Audit emails, and emails sent by users who are not successfully set up to use email syncing.

⚠️ This is to be used as reference only. This is simply what it could look like, not what should be entered specifically. Please reference the How Do I Create a SPF Record? below for details on how your IT Consultant or Email Host Provider can create one.

To verify records, you can use Dig found here.

⚠️ If you do not manage your DNS records, you will need to provide this information to your IT team, technical consultant, or email host provider so they can update your settings.

Frequently Asked Questions About Email Authentication

When Should I Take Action?

You can take action at any time, but these email authentications are in effect as of February 2024.

How Do I Get More Information?

Learn more about what email authentication (known as a SPF Record) is:
- What is a DNS SPF record? | Cloudflare
- About SPF Records
Contact your IT person or the company that manages your technology (sometimes, this is also the company that manages your website)

How Do I Know My Company Will Be Impacted?

You will be impacted if your company does not have include:smtp.youraspire.com in your DNS.

Where Do I Get More Help on This?

Here are some helpful links to the SPF record documentation for two of the largest providers:
- Google
  - https://support.google.com/a/answer/10684623
- Microsoft Office 365
  - https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-spf-configure
- Here is a link to a SPF Online Tool
  - https://easydmarc.com/tools/spf-record-generator

How Do I Create a SPF Record?

📑The below mentioned information is from this article. Please read this in full to understand more about SPF Records.

SPF is implemented by adding a TXT record to a domain’s DNS records. The TXT record specifies which IP addresses are allowed to send email for the domain.

Every SPF record begins with the string v=spf1 to indicate to the server that this is an SPF record.

The include: section tells the server the addresses that are allowed to send emails on behalf of the domain.

The -all portion at the end indicates that all other addresses not listed are not allowed to send emails on behalf of the domain and the server should reject them.
- Other options are ~all, indicating that unlisted addresses should be marked as unverified or treated as spam, and +all, indicating that all addresses are allowed to send mail on your behalf.

This process should be handled with IT consultants or Email Host Providers to ensure proper implementation to your environment.

How is Email Authenticated?

To perform an email authentication (SPF Record) check, there are a series of steps taken:

The receiving email server retrieves the SPF record from the DNS records for the domain of example.com.
The receiving server then checks the SPF record for all the IP addresses that are approved to send email on behalf of the domain.
If the SPF check passes, the receiving server confirms the message was sent from an approved sending server and will continue processing the message.
If the SPF check fails, the message is likely illegitimate and will be processed using the receiving server’s failure process.

Understanding Aspire’s Email Authentication

To understand the process of email authentication and how it helps you, please review the chart below to understand how Email Configuration works with Aspire:

🧠 Imagine an email server receives a message and checks the message's return-path. An example of the return-path is sender@example.com.

📑 To learn about syncing you User Settings for email, please click here.

Table of Contents