What is email spoofing/masking?
The result is that an email appears to have been sent from a different domain. In the context of your PMS your guests would be expecting an email from someone@hoteldomain.com and not someone.siteid@pms.eu.guestline.net .
What is a DKIM record?
DKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages are not altered in transit between the sending and recipient servers. ... Once the signature is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.
What is an SPF record?
A Sender Policy Framework (SPF) record is a DNS record that identifies specific mail servers that are allowed to send email on behalf of your domain.
Why is DKIM required as well as SPF?
SPF uses path-based authentication while DKIM uses identity-based authentication.
SPF uses DNS to publish a record of all mail transfer authorities (MTA) authorized to send mail on behalf of the domain. Recipient MTAs then query DNS for the SPF record and reconcile the list of approved IP addresses against the path the message actually took.
SPF has limitations. It can be cumbersome to deploy (large organizations can find it difficult to track down every MTA they use) which may lead to a more passive SPF policy preventing legitimate mail from being snagged by filters. This can increase the prevalence of phishing scams.
DKIM uses asymmetric cryptography to digitally sign a message. A domain has a public/private keypair. DKIM will take a hash of several fields of an email (including To, From, Date, etc). This hash is then signed with the private key of the domain in question and placed in the DKIM header. The domain public key is published in DNS and used to verify the authenticity of the email.
SPF records previously applied for Rezlynx no longer appear on the required list. Do I keep those or remove them?
They can be removed.
What is a DNS Service/Zone?
Nameservers store DNS records which are the actual file that says “this domain” maps to “this IP address”.
The authoritative nameserver is typically the DNS provider or the DNS registrar (like GoDaddy that offers both DNS registration and hosting). And here we can find the DNS record that maps example.com to the IP address 127.66.122.88.
What happens if I don’t follow the advice on DKIM & SPF records?
Emails sent from Rezlynx will ignore the spoofed (masked) email addresses and will send using the Rezlynx Domain. If you have not provided Rezlynx with a spoofed/masked email address, then no action is required.
What if I have more than one domain in use for email spoofing?
Set-up your primary domain as per the instructions then contact Guestline Support to request CNAME records for your other domains.
Why are Guestline enforcing the requirement for DKIM records to maintain spoofing/masking functionality?
If Guestline take no action, then it is extremely likely the Rezlynx domain will become blacklisted and no emails would reach their recipients. It also helps to ensure that emails are not routed to Spam/Junk folders or potentially rejected.
Will this impact emails that are sent from Rezlynx to OTA’s like booking.com?
The presence of DKIM records means that it is more likely that emails will reach the intended recipient. However, if an OTA chooses to block emails for some reason then that is not something we can control. However, there is no reason to believe that this change would have any negative impact.
Where are spoofed/masked email addresses configured in Rezlynx?
The configuration is in 3 areas:
- System>System>Ini Settings – Emails
- CRS Module>Configuration>ini Group Settings – Email
- User Set-up;
- System>System>User Set-up – Select User – Emails button
- Hamburger Icon>My User Account – User Account Tab
Note that the retrieval and checking of the DKIM name records is only achieved via the System>System>Ini Settings page in Rezlynx PMS.
Why can’t Guestline do this for us?
SPF Records are owned and controlled by the customer, NOT Guestline, and as such cannot really assist. Customers will need to contact their own ISP or domain registrar to organise changes be made to their SPF - the reason for this is domain ownership. Guestline do not own @examplehotel.com therefore can not add our own trust settings to it - only the domain registrar who holds the record can do so, this is typically someone like GoDaddy, Rackspace, UKFast, Squarespace - typically whomever a customer registered their domain with originally.