Email Delivery Guide

Technical Implementation

Setting Up Email Authentication

Implementing proper email authentication is essential for ensuring deliverability and protecting your domain from spoofing. This guide provides practical steps for setting up SPF, DKIM, and DMARC.

Multi-Domain Strategy for Haply Robotics

With multiple domains (haply.co, haply.ca, haplyrobotics.com, haply-robotics.com) and different email providers (Google Workspace and Mailjet), it's important to implement a strategic approach to email authentication.

Recommended Domain Strategy:

  • haply.co: Primary domain for business communications via Google Workspace
  • haplyrobotics.com or haply.ca: Dedicated domain for mass sending via Mailjet (notifications, marketing)
  • Keep haply-robotics.com as a backup or redirect to main domain

This separation helps protect your primary domain's reputation from potential issues with mass sending.

Each domain should have its own properly configured SPF, DKIM, and DMARC records, even if they point to the same services.

SPF Record Generator

Use this tool to generate an SPF record for your domains. For Haply Robotics, you'll need to include both Google Workspace and Mailjet.

SPF Record Generator

Configuration:

Determines how receiving servers should treat emails that don't match your SPF record.

Generated DNS Record:

Record Name:
example.com
Record Type:
TXT
Record Value:
v=spf1 ip4:192.0.2.0/24 include:google.com include:sendgrid.net -all
Implementation Instructions:
  1. Log in to your DNS provider's control panel
  2. Navigate to the DNS management section for your domain
  3. Create a new TXT record with the name and value shown above
  4. Save your changes and allow time for DNS propagation (up to 48 hours)
  5. Verify your SPF record using an SPF validation tool

SPF Implementation for Haply Robotics

Google Workspace + Mailjet SPF Record

Add this TXT record to your domain:

v=spf1 include:_spf.google.com include:spf.mailjet.com -all

Components explained:

  • include:_spf.google.com: Authorizes Google Workspace servers
  • include:spf.mailjet.com: Authorizes Mailjet servers
  • -all: Strict policy that rejects unauthorized senders

Domain-Specific Recommendations

For your multi-domain setup:

  • haply.co: Include both Google and Mailjet if both send from this domain
  • Mass sending domain: If using a separate domain for Mailjet only, you can simplify to v=spf1 include:spf.mailjet.com -all
  • Verify each domain's SPF record using dig TXT domain.com or online tools

DKIM Record Generator

Use this tool to generate DKIM records for your domains. You'll need separate DKIM keys for Google Workspace and Mailjet.

DKIM Record Generator

Configuration:

A name that identifies this specific DKIM key (e.g., "mail", "key1", "2023q1").

The public key generated by your email service or DKIM tool.

Generated DNS Record:

Record Name:
mail._domainkey.example.com
Record Type:
TXT
Record Value:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mAKz3AVDEn/N8WNUcSS...
Implementation Instructions:
  1. Log in to your DNS provider's control panel
  2. Navigate to the DNS management section for your domain
  3. Create a new TXT record with the name and value shown above
  4. Save your changes and allow time for DNS propagation (up to 48 hours)
  5. Test your DKIM configuration by sending a test email

DKIM Implementation for Haply Robotics

Google Workspace DKIM Setup

Steps to enable DKIM for Google Workspace:

  1. Log in to Google Admin console (admin.google.com)
  2. Go to Apps > Google Workspace > Gmail > Authenticate email
  3. Select your domain and click "Generate new record"
  4. Copy the provided TXT record and add it to your DNS
  5. Return to Google Admin and click "Start authentication"

Google's DKIM record will look like: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...

Mailjet DKIM Setup

Steps to enable DKIM for Mailjet:

  1. Log in to your Mailjet account
  2. Go to Account Settings > SPF & DKIM
  3. Select the domain you want to configure
  4. Copy the provided DKIM record
  5. Add it to your DNS as a TXT record
  6. Verify the setup in Mailjet dashboard

Mailjet typically uses a selector like "mailjet" so the record name would be mailjet._domainkey.yourdomain.com

DMARC Record Generator

Use this tool to generate DMARC records for your domains. Start with monitoring mode and gradually increase enforcement.

DMARC Record Generator

Configuration:

Action to take when emails fail DMARC authentication.

Action to take for emails from subdomains.

Percentage of messages subject to filtering.

Email address to receive aggregate reports.

Email address to receive forensic failure reports.

Generated DNS Record:

Record Name:
_dmarc.example.com
Record Type:
TXT
Record Value:
v=DMARC1; p=none; sp=none; pct=100; rua=mailto:reports@example.com
Implementation Instructions:
  1. Log in to your DNS provider's control panel
  2. Navigate to the DNS management section for your domain
  3. Create a new TXT record with the name and value shown above
  4. Save your changes and allow time for DNS propagation (up to 48 hours)
  5. Monitor the reports sent to your specified email address

DMARC Implementation for Haply Robotics

Initial DMARC Setup (Monitoring Mode)

Add this TXT record to _dmarc.yourdomain.com:

v=DMARC1; p=none; rua=mailto:dmarc-reports@haply.co; pct=100;

This configuration:

  • Monitors email authentication without affecting delivery
  • Sends aggregate reports to your specified email
  • Applies to 100% of your email traffic

Multi-Domain DMARC Strategy

For your multiple domains:

  1. Set up identical DMARC records on all domains initially
  2. Analyze reports for at least 2-4 weeks to identify legitimate senders
  3. For your main business domain (haply.co), gradually move to stricter policies
  4. For mass sending domains, you can move to stricter policies faster if all sending is controlled through Mailjet
  5. Consider using a DMARC report analysis tool to simplify monitoring

Odoo and CRM Integration

Since you're using Odoo and CRM systems that send through Mailjet, ensure proper configuration:

Odoo Email Configuration

  • Configure Odoo to use Mailjet's SMTP servers
  • Set the "From" address to match your authenticated domain
  • Ensure Reply-To addresses are properly configured
  • Consider using a subdomain or separate domain for system emails

CRM Email Configuration

  • Verify CRM is properly configured to use Mailjet
  • Ensure all templates use authenticated domains in From fields
  • Test deliverability of CRM-generated emails
  • Monitor bounce rates and spam complaints

Troubleshooting Common Issues

SPF "Too Many DNS Lookups" Error

SPF has a limit of 10 DNS lookups. If you're including multiple services, you might hit this limit. Consider flattening your SPF record by replacing nested includes with their IP addresses.

DKIM Signature Verification Failures

If emails from Google or Mailjet fail DKIM verification, check that the correct selector is being used and that the DNS record is properly formatted without line breaks or extra spaces.

DMARC Alignment Issues

Ensure the From domain matches the domain used for DKIM signing or SPF authentication. This is especially important when sending through third-party services.

Third-Party Senders

For services that can't authenticate against your root domain, consider using subdomain delegation or a dedicated sending domain (like using haplyrobotics.com for mass sending).