SPF/DNS Configuration


If a school chooses to use email communications from CampusLogic Products using a custom "from" address rather than the default 'noreply' address, the school will need to update their SPF entry in their DNS record to allow CampusLogic to send communications on their behalf.  Updating the SPF record helps prevent the communications sent from CampusLogic from being sent to junk, spam or blocked.  Please follow the instructions below to update the school's SPF/DNS record. 

If the school has implemented 'DMARC' email security, additional configuration must occur in addition to properly configuring SPF record(s) before the school can configure a custom, school owned email 'From' domain.


Clients that elect to provide a custom from address (ie. finaid@school.edu) should do the following:

 

1. Ensure that the “FROM” address (ex: finaid@school.edu) actually exists in the school’s email system. This is so that if a student replies to an email notification they receive, it will go to the proper team at the school.

2. The email “FROM” address domain must be owned by the client, or else be the default 'noreply' address.

3. To ensure deliverability, clients should add a Sender Policy Framework (SPF) record to their Domain Name Service (DNS) record(s).

4. If no SPF record exists for the domain, it should be configured similar to the record(s) below. Please DO NOT simply copy the entry below, consult with your IT team before making any changes.:

“V=spf1 include:verifymyfafsa.com  ~all”

  • If an SPF record exists, the following item should be added:

“include:verifymyfafsa.com”


DMARC Configuration 

The following information is only applicable to institutions who have implemented DMARC with a policy set to quarantine or reject. 


CampusLogic will need to configure DKIM signing specifically for the institution through our mail vendor (SendGrid) to cause DMARC to pass. Through SendGrid, we will setup 3 CNAME records (6 in total - 3 for sandbox and 3 for production) that you will need to host in your DNS: 

  • One CNAME  to point to the mail sending server
  • Two other CNAMEs used for DKIM keys that would be automatically rotated


This way, our mail vendor would be able to sign messages with keys that you’ve delegated via your DNS records. It’s not possible to use your existing DKIM key(s) because the private key is owned by your current email provider. There’s no way to get it to SendGrid for signing. 


To get the process started, you can open up a FreshDesk ticket or email support@campuslogic.com.