Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
chadkafka

Important Changes Required for Email Deliverability

chadkafka
Rookie
‎01-18-2024 10:48 AM
‎01-18-2024 10:48 AM

Important Changes Required for Email Deliverability

A comment from KB article: Important Changes Required for Email Deliverability

 

Is this something that ALL users of School Messenger have to follow or is this only if we received this message directly from PowerSchool/School Msgr?  I did not receive this as the admin of our School Messenger.

Franklin Public Schools
District Communications Specialist
0 Kudos
72 Replies
dajones70
Hobbyist
‎02-15-2024 06:02 AM
In response to KellyS4
‎02-15-2024 06:02 AM

Google makes it easy to see the SPF, DKIM, and DMARC alignment/results.  If not able to send to a gmail.com address, then it's a bit more difficult.  You have to gather up the email headers (normally hidden by mail clients) by "Show Original" or "View Source" in your mail client.  The headers are the top part of the email all the way down until the first blank/empty line where the body starts.

Copy/paste the headers into https://mxtoolbox.com/EmailHeaders.aspx and it will show you the pass and alignment results.  Hope this helps.

0 Kudos
MGoranson
Hobbyist
‎02-15-2024 09:04 AM
In response to dajones70
‎02-15-2024 09:04 AM

Hello again and thank you for your response.

 

We sent a test message from SchoolMessenger to my Workspace account last night and as you suspected DKIM fails as it is coming from spe.schoolmessenger.com instead of laramie2.org. Before Feb. 1st PowerSchool reported we were good to go but like many it seems they have missed a step.

 

I did open a ticket yesterday referencing this thread in hopes it would help PowerSchool understand their error. No feedback as of yet.

 

I will keep you posted.

 

Thank you again for your time and efforts in trying to help PowerSchool come to a conclusion on an issue on their end.

0 Kudos
dajones70
Hobbyist
‎02-15-2024 06:07 AM
‎02-15-2024 06:07 AM

FYI, I am seeing more customer domains with SPF alignment in my DMARC feedback reports from SM mail hosted on sparkpostmail.com.  This is an improvement but still not taking advantage of the DKIM signing with alignment until SM "flips the switch" for you and then the From address is updated to your own school/district domain.

Both SPF and DKIM passing with alignment is the goal for the best possible delivery, least recipient confusion, and the best chance to not land in the Junk/Spam folder. 

0 Kudos
amarkevans
Journeyman
‎02-15-2024 06:24 AM
‎02-15-2024 06:24 AM

I am confused as to what to do. there are many abbreviations which sound technical or specific.

0 Kudos
dajones70
Hobbyist
‎02-15-2024 06:56 AM
In response to amarkevans
‎02-15-2024 06:56 AM

Sorry about that.  This is a complicated and very technical issue.  Don't feel bad.  Most experienced enterprise mail admins don't understand it either.  Here is a good article if you are interested in learning more:

https://www.validity.com/blog/how-to-explain-dmarc-in-plain-english/

0 Kudos
dajones70
Hobbyist
‎02-15-2024 06:58 AM
In response to dajones70
‎02-15-2024 06:58 AM

If you provide your school/district domain name, I can check the DNS records and tell you what to do next.

0 Kudos
dajones70
Hobbyist
‎02-15-2024 06:59 AM
In response to amarkevans
‎02-15-2024 06:59 AM

If you provide your school/district domain name, I can check the DNS records and tell you what to do next.

0 Kudos
MGoranson
Hobbyist
‎03-13-2024 10:36 AM
‎03-13-2024 10:36 AM

Hello all I just wanted to leave an update to what we found here at LCSD2.

 

Messages from SchoolMessenger were failing DKIM until they updated the envelope from value to be correct for our domain. After that massages to external addresses were passing SPF, DKIM, and DMARC. However when these SchoolMessenger messages were sent to a LCSD2 address DKIM failed again.

 

After digging we finally realized our email threat protection platform Zix was breaking DKIM due to two security features. First Zix has a link rewriting feature which will break DKIM as it modifies the body of the message. This required "http://track.spe.schoolmessenger.com*" to be whitelisted in the link rewriting feature. Additionally we had to white list the SchoolMessenger IPs for the domain spoofing protection. As this would trigger the subject to be tagged [CAUTION SPOOFING] which also breaks DKIM validation.

 

I won't use his full name but a ZJ w/ SchoolMessenger support knows what he is doing and is great to work with.

 

Hope this helps anyone else still having issues with the new SPF, DKIM, & DMARC needs.

0 Kudos
dajones70
Hobbyist
‎03-13-2024 10:55 AM
‎03-13-2024 10:55 AM

Yeh.  ZJ is great.  I helped him understand the need/urgency to get the DKIM signing happening as the customer's domain.  He is relaying the need on to the developers.

 

DMARC is only going to become more and more important as Google, Office 365, Yahoo, and other major (high volume) players take it more seriously to help with spoofing.  SPF is easy and been around a long time but breaks with autoforwarding, so DKIM signing as the customer domain and passing is critical for the future of mass mailing platforms like SchoolMessenger/Powerschool. 

0 Kudos
MGoranson
Hobbyist
‎03-13-2024 11:01 AM
In response to dajones70
‎03-13-2024 11:01 AM

Hi @dajones70 - thank you for helping get this process going. Last week ZJ updated the envelope signer(?) from "spe.schoolmessenger.com" to "laramie2.org" and messages to external addresses were good. It took an epiphany on what DKIM actually does, some extra digging on Zix, and a call w/ ZJ to get it resolved for internal laramie2.org addresses.

 

This has helped me have more ideas on a few other email related issues we are also facing.

 

Thank you for your help earlier as well. You were critical on getting us on the right path!

0 Kudos
Related Discussions & Articles