Table of Contents
- Your Essential Steps For Member Email Deliverability
- Members: Whitelisting Domains and IPs
- How Membee Maximizes Email Deliverability
- SPF Verification Error Notices From Membee
- FAQs
Your Essential Steps For Member Email Deliverability
Email deliverability is a cooperative effort between three parties:
- Essential settings made by your organization to authorize Membee to deliver emails on your behalf
- Settings your members make in their email provider
- Membee's email settings and authentication to legitimize emails
The MOST important settings are made by your organization, in order to authorize Membee to deliver emails on your behalf. This is a requirement and is not optional.
If you do not authorize Membee to send emails on behalf of your organization, all the hard work Membee is doing to secure and legitimize your emails for delivery will be futile and as a result, a high percentage of your member emails will be rejected by the receiving email servers used by your membership. It’s that simple.
To start, you are required and responsible to complete the configurations below to authorize Membee to deliver emails on behalf of your organization's domain:
- Step One: Identify If You're Using Your Organization's Domain
- Step Two: Check Your SPF Record
- Step Three: Changes To Your SPF Record
Step One: Identify If You're Using Your Organization's Domain
- Are you using an email address such as memberservice@ourorganization.org?
- If so, you're set! Move onto "Step Two: Check Your SPF Record"
- Are you using an email address such as memberservice@gmail.comas your email?
- If so, you will NOT be able to move forward without an email address at your domain such as memberservice@ourorganization.org
- Your member's receiving email servers will be looking at the consumer email provider's domain, in this example, gmail.com, for the settings to authorize Membee to send emails on your behalf. You won't be able to control the settings in gmail.com's domain.
- Membee will still attempt to send emails on your behalf, but the likelihood that these emails will reach your members will be dramatically reduced. As the email environment seeks greater security, further reduction in deliverability are likely.
- Using consumer email providers such as gmail.com, comcast.com, yahoo.com, outlook.com, etc, for your organization is not recommended.
- We recommend checking with your IT professionals for their recommendations. Alternatively, you can utilize one of these highly reliable and inexpensive services to set up an email address at your domain. Here are a couple of links:
Step Two: Check Your SPF Record
An SPF record is a special record in your domain's DNS settings that authorizes third parties such as Membee to send emails on your behalf. To be able to know what steps you need to take, it's important to identify what settings are in your SPF record.
- Visit https://dnslookup.online/spf.html
- In the "Domain Name" field, enter your organization's domain. For example, if your email address is memberservice@ourorganization.org, then your domain is "ourorganization.org".
- If you do not have a domain name and use "gmail.com" or any consumer email providers for your emails, go back to "Step One: Identify If You're Using Your Organization's Domain"
- Click "SPF Lookup"
- The results will return with the following possibilities:
- DNS record not found
- This means that your domain does not have an existing SPF record and you will need to create an SPF record. Move forward to "Step Three: Changes To Your SPF Record - Create An SPF Record"
- Search results return with an SPF record without "include:_spf.membeemail.com" in the text column
- You will need to update your SPF record to include the value "include:_spf.membeemail.com"
- If your SPF record contains "include:mail.membee.com" or "+ip4:66.11.155.116", you will need to remove these values and update your existing SPF record.
- Continue in "Step Three: Changes To Your SPF Record - Update An Existing SPF Record"
- Search results return with an SPF record with "include:_spf.membeemail.com" in the text column
- You do not need to complete anything. Your SPF record has Membee as an authorized sender on behalf of your organization's domain.
- DNS record not found
Step Three: Changes To Your SPF Record
Choose one of the following that best fits your SPF results from Step Two:
Create An SPF Record
If your SPF lookup returned with "DNS record not found" in "Step Two: Check Your SPF Record", you will need to add an SPF record in your DNS servers.
- Do you have login access to the registrar account for your domain?
- Yes, continue to "#2: Update Your DNS"
- If no, you will need to identify who your domain registrar or domain provider
- Go to https://lookup.icann.org/lookup
- Enter your domain in the "domain" field" and click "Lookup"
- Under "Registrar Information", you will find the "Name" of the domain registrar
- Contact the domain registrar. They will likely have access to your DNS or can direct you to the right person/provider that can make this change for you.
- Update Your DNS
- Make the update by doing it yourself or ask your domain registrar or DNS provider. A host record (sometimes called a 'zone file' or 'zone record') needs to be created as follows:
- Type: TXT
- Value: v=spf1 include:_spf.membeemail.com -all
- Make the update by doing it yourself or ask your domain registrar or DNS provider. A host record (sometimes called a 'zone file' or 'zone record') needs to be created as follows:
- When the SPF record is setup, it may take 24-48 hours to propagate through the DNS servers. Confirm the correct setup of the record by doing the following:
- Visit https://dnslookup.online/spf.html
- In the "Domain Name" field, enter your organization's domain. For example, if your email address is memberservice@ourorganization.org, then your domain is "ourorganization.org"
- Click "SPF Lookup"
- The SPF should return with "include:_spf.membeemail.com" in the text column as follows
Update An Existing SPF Record
If your SPF record exists but you do not have the value "include:_spf.membeemail.com", you will need to update your SPF record by including this value. This will authenticate Membee as an authorized email sender.
- Do you have login access to the registrar account for your domain?
- Yes, continue to "#2: Update Your DNS"
- If no, you will need to identify who your domain registrar or domain provider
- Go to https://lookup.icann.org/lookup
- Enter your domain in the "domain" field" and click "Lookup"
- Under "Registrar Information", you will find the "Name" of the domain registrar
- Contact the domain registrar. They will likely have access to your DNS or can direct you to the right person/provider that can make this change for you.
- Update Your DNS
- Make the update by doing it yourself or ask your domain registrar or DNS provider to make the update as follows:
- Add "include:_spf.membeemail.com" immediately following the "v=spf1" portion in your SPF record
- If you have the IP "+ip4:66.11.155.116" OR "mail.membee.com" in the SPF record, please remove this. These are outdated values that should not be in your SPF record
- The "-all" value must be at the very end of your SPF record
- Make the update by doing it yourself or ask your domain registrar or DNS provider to make the update as follows:
- When the SPF record is updated, it may take 24-48 hours to propagate through the DNS servers. Confirm the correct setup of the record by doing the following:
- Visit https://dnslookup.online/spf.html
- In the "Domain Name" field, enter your organization's domain. For example, if your email address is memberservice@ourorganization.org, then your domain is "ourorganization.org"
- Click "SPF Lookup"
- The SPF should return with "include:_spf.membeemail.com" in the text column as follows
NOTE: Only ONE SPF record can exist for your domain. If more than one SPF record exists, all SPF records are invalidated.
Members: Whitelisting Domains and IPs
In select circumstances, individual members may maintain their email in an environment that may unintentionally impair your ability to deliver legitimate email to their inbox. The following are suggestions you may use to assist your members. These recommendations are likely unnecessary for the vast majority of members but if they undertake these steps, it won’t hurt.
The process is typically called "whitelisting" (your member's email tool may use the term "preferred senders" or "safe senders" as well) and it is a list maintained in their email system of domains that they wish to unilaterally accept emails from. The following domains/IP's should be whitelisted in your member's email system to ensure they receive the emails your organization is attempting to deliver to them:
- Your organization’s domain
- 15.156.178.143
- _spf.membeemail.com
Here are some links to the whitelisting process in some of the more popular email systems:
Safe Sender List in Microsoft Outlook
Please note that your member's email system may "filter" email before it reaches their email application so it is best that they consult with their IT professionals to determine where the best location is to white list both yours and Membee's email domains.
How Membee Maximizes Email Deliverability
There is a constant and escalating battle being waged between those who are looking to use email for legitimate purposes and those looking to utilize email to facilitate various forms of illegal activity. A simple spam filter on your Inbox just doesn’t get the job done anymore.
Membee sends about 150,000 emails a month on behalf of client organizations. The job is to make sure these emails have the highest likelihood of being delivered and are secure begins initially with Membee itself.
Why Email is the Key to Effective Member Communication
The spam mitigation mechanisms such as a spam filter in our email systems are a good thing since they protect us from massive amounts of useless email cluttering our Inbox. They can also unintentionally hinder Membee's ability to deliver important emails to your members, non-members, and your Membee users (staff and/or volunteers). This essential communication includes:
- Member login setup and password reset emails to members
- Membership renewal and reminder emails to members
- Notification emails to Membee users (Event Sale Notifications, New Member Application Notification, New payment received, new profile modifications, etc.)
- Event reminder emails to event attendees
- Referral emails (the email sent when a visitor to your Membee online directory clicks on the "Send Message" link)
- Confirmation emails with the summary of the email sent when composing a new email in Membee
Membee is a responsible member of the email community and an advocate for the proper usage of email. As a result, Membee takes the following steps to ensure emails are scrutinized as legitimate.
Public/Private Key Authentication
To further ensure that emails are not manipulated before they are received, Membee employs DomainKeys Identified Mail (DKIM) to digitally “sign” emails it sends on your behalf from your copy of Membee. The email recipient’s receiving email server sees this digital signature (key) in the email and it contacts Membee’s sending server to compare this key to a private secure key. If the keys match then the receiving server knows that Membee was the originator of the email and it accepts the email on behalf of the recipient.
Please note that there was a time when the receiving email server would quite likely still accept the inbound email even if the keys did not match. Times have changed. Currently, major email providers are ratcheting up their rejection of any emails where the DKIM keys do not match.
Domain-based Message Authentication, Reporting & Conformance (DMARC)
It would be fair to say that the task of delivering legitimate email effectively is becoming more complex. While Membee is up to the challenge and our own internal testing processes ensure the technologies outlined above are working as advertised, Membee is only half of the email delivery equation - the sending half.
The receiving half of the equation also has a really tough task as it tries to figure out which emails are legitimate such as those that are digitally signed by Membee as well as the emails that are not signed that are just as legitimate as the ones Membee sends. It’s a tough job knowing that rejecting a legitimate email is nearly as bad as letting an illegitimate one through to the recipient’s inbox.
Since there are two halves to effective email delivery if both halves work together, more legitimate emails get through and we are all less vulnerable to spammers, con artists, and phishing attempts. Domain-based Message Authentication, Reporting & Conformance (DMARC) is a mechanism that allows email senders such as Membee to let receiving servers know what to do with emails that the receiving server has questions about. DMARC also specifies to the receiver servers how to provide feedback to Membee on emails that the receiver is unsure about.
As a strong supporter of DMARC, Membee has established an aggressive email evaluation strategy asking receiving servers to evaluate 100% of all emails we send to them. In turn, the receiving servers provide detailed feedback on the evaluated emails Membee has sent to them. Membee evaluates this feedback constantly.
To date, DMARC feedback to Membee has uncovered few issues and when it does, they are often indicators of settings our client organizations have missed or set incorrectly which we immediately share with the organization.
FailSafe Resend Strategy
There are many reasons for the member’s email server to be temporarily unable to accept the email that Membee is attempting to deliver. As a result, Membee will attempt the delivery of the email using the following schedule:
- Attempt delivery again 15 minutes after the initial delivery attempt
- Attempt delivery again 30 minutes after the initial delivery attempt
- Attempt delivery again 60 minutes after the initial delivery attempt
- Attempt delivery again 240 minutes after the initial delivery attempt
- Attempt delivery again 12 hours after the initial delivery attempt
- Membee will notify you at this point that the member’s email has been delayed
- Attempt final delivery 48 hours after the initial delivery attempt
- If this delivery attempt fails, you will receive final notification that the email is undeliverable
- This is a queue to check with the member to confirm their desired email address
SPF Verification Error Notices From Membee
If you received an email from Membee with any of the following identified issues, you will need to make the corresponding updates found below.
| Error | What Does This Mean & Changes Required |
"include:_spf.membeemail.com" was not found in your SPF record | You do not have the syntax for Membee's domain. This means that Membee is not authorized to send emails on your behalf. Changes Navigate to "Step Three: Update An Existing SPF Record" to make a change to your existing SPF record - do not make a new SPF record. |
| SPF Record Does Not Exist or DNS Record Not Found | This means that you do not have an existing SPF Record and you will need to create one. Changes
|
More Than One SPF Record Found | Only one SPF record can exist. If more than one is found, the email server will completely ignore the settings in any of the SPF records and as a result, increase the risk of emails being rejected. Changes Navigate to "Step Three: Update An Existing SPF Record" to make a change to your existing SPF records - do not make a new SPF record. If you are unsure of how to consolidate your SPF records into one, contact your IT support or your domain provider and they will be able to assist you. |
Invalid Syntax Found | A syntax or value in your SPF record is invalid. This means that the syntax may be entered incorrectly or the syntax is null. Changes
|
Too Many MX Resource Records | These errors indicate that your SPF Record has exceeded the maximum limit for the Mail Exchange (MX) resources, DNS Lookups, or the void lookups. Changes
|
FAQs
Setting up your SPF record in Google Domains
If your DNS is managed in Google Domains you'll need to take a couple of steps to set up your record. You can find the full details on how to get this done by clicking here.
I received an Undelivered Error Email with the Error Code 4.4.7
If your email delivery attempt fails when it tries to deliver the email 48 hours after the initial delivery attempt, you will receive an "undeliverable" email message.
First, check with your member to confirm if their email address is correct.
If the email address is a valid email, please contact us at support@membee.com. Please attach a copy of the "Undelivered" email that you received so that we can best troubleshoot and investigate the issue.
Red "lock" Icon Appearing in Consumer Level Gmail
You may have a member points out that recently when they open your emails in their free consumer-grade Gmail account, a small red lock in the address portion of your emails. See the example below.
This does not indicate an error or affect delivery (otherwise the member wouldn't see it). But what it does indicate is that the Gmail has started flagging emails that are delivered using a standard SMTP connection that did not arrive using a more secure TLS connection.
Google is trying to raise awareness that Transport Layer Security (TLS) connections between the sender and the receiving email servers are better. Currently, Google is only email service promoting this and they only do it in their free consumer-grade version. Their corporate version (G Suite) does not display this indicator.
Membee wholeheartedly agrees with Google that TLS is better but here's the rub. If Membee sends all member emails using TLS, tens of thousands will go undelivered because the receiving servers cannot or will not support a TLS connection from Membee. Until such time as more receiving servers support a TLS connection (and we hope eventually require it), Membee will not utilize TLS simply to ensure as many member emails as possible are delivered.