Signing (SPF & DKIM)
Currently, Treezor API sends email to your end users during their onboarding and password reset.
When Treezor sends emails on behalf of your domain names, two technologies must be configured to ensure proper delivery.
Best practice – Make sure you configure emails properly
Otherwise, emails Treezor sends on your behalf are likely to be considered as spam or display warning messages such as "The sender is not who they claim to be".
SPF
The Sender Policy Framework is declared in the DNS zone of your domain name.
It enumerates the servers explicitely allowed to send emails on your behalf (aka sending emails ending in @your-domain-name.tld
)
Information – You must add Treezor IP addresses to the SPF record of your DNS zone
These IP addresses are provided by Treezor and allow Treezor to send email on your behalf.
SPF record example
ini
company-name.tld. 3599 IN TXT "v=spf1 mx include:company-name.spf.treezor.co -all"
DKIM
The DomainKeys Identified Mail is a private/public key pair technology, the public key lives in the DNS zone of your domain name.
This technology allows Treezor to sign outgoing emails, and empowers the recipient into checking the signature of a received email against the public key.
Information – You must add the DKIM key in a TXT record of your DNS zone
The Treezor public DKIM key is provided by your Treezor Account Manager and allows Treezor to send emails on your behalf.
DKIM record example
ini
treezor._domainkey.company-name.tld. 3599 IN TXT "k=rsa; p=QsABSUqGDCh7GOBexnj+apFT[...]NlVDzn3c4aPMoPJROgyd7v1rI2"