Signing (SPF & DKIM)

Currently, Treezor API sends email to your end users during their onboarding and password reset.

When Treezor sends emails on behalf of your domain names, two technologies must be configured to ensure proper delivery.

Best practice – Make sure you configure emails properly

Otherwise, emails Treezor sends on your behalf are likely to be considered as spam or to display warning messages.

SPF

The Sender Policy Framework is declared in the DNS zone of your domain name.

It enumerates the servers explicitely allowed to send emails on your behalf (aka sending emails ending in @your-domain-name.tld)

Information – You must add Treezor IP addresses to the SPF record of your DNS zone

These IP addresses are provided by Treezor and allow Treezor to send email on your behalf.

SPF record example

company-name.tld. 3599 IN TXT "v=spf1 mx include:company-name.spf.treezor.co -all"

DKIM

The DomainKeys Identified Mail is a private/public key pair technology, the public key lives in the DNS zone of your domain name.

This technology allows Treezor to sign outgoing emails, and empowers the recipient into checking the signature of a received email against the public key.

Information – You must add the DKIM key in a TXT record of your DNS zone

The Treezor public DKIM key is provided by your Treezor Account Manager and allows Treezor to send emails on your behalf.

DKIM record example

treezor._domainkey.company-name.tld. 3599 IN TXT "k=rsa; p=QsABSUqGDCh7GOBexnj+apFT[...]NlVDzn3c4aPMoPJROgyd7v1rI2"