UsendDomain Protection
To protect your domain from unauthorized third-party email spoofing, a combination of security measures are utilized, including SPF (Sender Policy Framework), Domain Lockdown™, DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) records. DKIM allows senders to digitally sign emails, ensuring that the content remains unaltered during transit. DMARC further enhances email security by providing a policy framework for authentication, reporting, and conformance, building upon the foundation laid by DKIM and SPF (Sender Policy Framework). These measures work together to fortify your domain against email fraud and maintain the integrity of your email communications.
WARNING
This is an optional but strongly recommended step.
The standard implementation of Usend will search for a DKIM RSA public key within your domain, and if the record exists, it will only send your email when you provide the private key during the sending process. On the other hand, if a DKIM record doesn't exist, the private key won't be required.
If you want to improve your domain protection, follow these steps.
Setting Up DMARC and DKIM Records
Prerequisites
Before starting these steps, you need to have already installed the SPF record and Domain Lockdown™. For instructions on how to set it up, please refer to this link. For assistance in completing, fill in the fields with your domain and administrative email:
1. Add DMARC record
DMARC mandates an administrative email for receiving reports and notifications, enabling monitoring, issue resolution, and control over email deliverability and brand reputation.
To add a DMARC record, access your DNS provider and add a TXT record with the following details:
Name | Type | Content |
|---|---|---|
| _dmarc | TXT | v=DMARC1; p=reject; ruf=mailto:admin@example.com; rua=mailto:admin@example.com; |
Update the admin@example.com email address with your own administrative email address.
2. Generate and add DKIM public key record
To implement DKIM authentication, you need to generate a DKIM private key and add it as a TXT record in your DNS settings. We have generated a public and private key pair for you, but if you prefer, you can also generate them using OpenSSL command:
Name | Type | Content |
|---|---|---|
| mailchannels._domainkey.example.com | TXT | v=DKIM1; k=rsa; p= |
3. Add DKIM private key to your project environment
Now, to send emails through your domain using Usend, you need to use the DKIM private key. For this, you can add it to your .env environment variables file.
DKIM_PRIVATE_KEY=4. And start sending secure emails with Usend
With these simple steps, you can now start sending secure emails.
import { Usend } from "usend-email";
const usend = new Usend({ dkimPrivateKey: process.env.DKIM_PRIVATE_KEY });
// or
// const usend = new Usend({ dkimPrivateKey: "..." });
(async () => {
await usend.sendEmail({
from: "noreply@example.com",
to: "a-OXeAzb@mailsac.com",
subject: "Hello from Usend",
html: "<h1>It works!</h1>",
});
})();5. Done, now just confirm! 🎉
Confirm the sending of the email at https://mailsac.com/inbox/a-OXeAzb@mailsac.com.
Using OpenSSL to Generate Keys (Optional)
INFO
If you prefer, you can generate the DKIM key pair using OpenSSL. For your convenience, you can use the keys we generated for you and skip these steps.
1. Generate a private key
Generate a private key (.pem and .txt file):
openssl genrsa 2048 | tee priv_key.pem | openssl rsa -outform der | openssl base64 -A > priv_key.txtNow, open the priv_key.txt file, copy and place the contents in the .env file as the DKIM_PRIVATE_KEY variable.
2. Generate a public key
Generate a public key (.txt file):
echo -n "v=DKIM1; k=rsa; p=" > pub_key_record.txt && \
openssl rsa -in priv_key.pem -pubout -outform der | openssl base64 -A >> pub_key_record.txtAdd the contents of the pub_key_record.txt file as a TXT record on your DNS provider.