Configure DNS records to send emails in Odoo¶
SPAM labels overview¶
Sometimes, emails from Odoo are misclassified by the different email providers and end up in spam folders. At the moment, some settings are out of Odoo’s control, notably the way the different email providers classify Odoo’s emails according to their own restriction policy and/or limitations.
It is standard in Odoo that emails are received from "name of the author"
<notifications@mycompany.odoo.com>. In other words this can be translated to: "name of the
author" <{ICP.mail.from.filter}@{mail.catchall.domain}>. In this case ICP stands for
ir.config.parameters, which are the System Parameters. Deliverability is greatly improved with the
notifications configuration.
In order for servers to accept emails from Odoo on a more regular basis, one of the solutions is
for customers to create rules within their own mailbox. A filter can be added to the email inbox so
that when email is received from Odoo (notifications@mycompany.odoo.com) it is moved to the
inbox. It is also possible to add the Odoo database domain onto a safe senders list or whitelist
on the receiving domain.
If an Odoo email server appears on a blacklist, notify Odoo via a new help ticket and the support team will work to get the servers removed from the blacklist.
Should the Odoo database be using a custom domain for sending emails from Odoo there are three records that should be implemented on the custom domain’s DNS to ensure deliverability of email. This includes setting records for SPF, DKIM and DMARC. Ultimately though, it is up to the discretion of the final receiving mailbox.
Be SPF compliant¶
The Sender Policy Framework (SPF) protocol allows the owner of a domain name to specify which servers are allowed to send emails from that domain. When a server receives an incoming email, it checks whether the IP address of the sending server is on the list of allowed IPs according to the sender’s SPF record.
Note
The SPF verification is performed on the domain mentioned in
the Return-Path field of the email. In the case of an email sent by Odoo, this domain
corresponds to the value of the mail.catchall.domain key in the database system parameters.
The SPF policy of a domain is set using a TXT record. The way to create or modify a TXT record depends on the provider hosting the DNS zone of the domain name. In order for the verification to work properly, each domain can only have one SPF record.
If the domain name does not yet have a SPF record, create one
using the following input: v=spf1 include:_spf.odoo.com ~all
If the domain name already has a SPF record, the record must be updated (and do not create a new one).
Example
If the TXT record is v=spf1 include:_spf.google.com ~all, edit it to add
include:_spf.odoo.com: v=spf1 include:_spf.odoo.com include:_spf.google.com ~all
Check if the SPF record is valid with a free tool like MXToolbox SPF.
Enable DKIM¶
The DomainKeys Identified Mail (DKIM) allows a user to authenticate emails with a digital signature.
When sending an email, the Odoo server includes a unique DKIM signature in the headers. The recipient’s server decrypts this signature using the DKIM record in the database’s domain name. If the signature and the key contained in the record match, this guarantees that the message is authentic and has not been altered during transport.
To enable DKIM, add a CNAME record to the DNS zone of the domain name:
odoo._domainkey IN CNAME odoo._domainkey.odoo.com.
Tip
If the domain name is mycompany.com, make sure to create a subdomain
odoo._domainkey.mycompany.com whose canonical name is odoo._domainkey.odoo.com..
The way to create or modify a CNAME record depends on the provider hosting the DNS zone of the domain name. The most common providers are listed below.
Check if the DKIM record is valid with a free tool like DKIM
Core. If a selector is asked, enter odoo.
Check the DMARC policy¶
The Domain-based Message Authentication, Reporting, & Conformance (DMARC) record is a protocol that unifies SPF and DKIM. The instructions contained in the DMARC record of a domain name tell the destination server what to do with an incoming email that fails the SPF and/or DKIM check.
Example
DMARC: TXT record
v=DMARC1; p=none;
There are three DMARC policies:
p=nonep=quarantinep=reject
p=quarantine and p=reject instruct the server that receives an email to quarantine that email or
ignore it if the SPF and/or DKIM check fails.
If the domain name uses DMARC and has defined one of these policies, the domain must be SPF compliant or enable DKIM.
Warning
Yahoo or AOL are examples of email providers with a DMARC policy set to p=reject. Odoo strongly advises
against using an @yahoo.com or @aol.com address for the database users. These emails will
never reach their recipient.
p=none is used for the domain owner to receive reports about entities using their domain. It
should not impact the deliverability if the DMARC check fails.
DMARC records are comprised of tags in the form of DNS records. These tags/parameters allow for reporting, such as RUA and RUF, along with more precise specification like PCT, P, SP ADKIM & ASPF. For best practice, the the DMARC policy should not start out being too restrictive.
The following chart displays available tags:
Tag Name |
Purpose |
Example |
|---|---|---|
v |
Protocol version |
|
pct |
Percentage of messages subjected to filtering |
|
ruf |
Reporting URI for forensic reports |
|
rua |
Reporting URI of aggregate reports |
|
p |
Policy for organizational domain |
|
sp |
Policy for subdomains of the OD |
|
adkim |
Alignment mode for DKIM |
|
aspf |
Alignment mode for SPF |
|
Check the DMARC record of a domain name with a tool like MXToolbox DMARC.
SPF, DKIM & DMARC documentation of common providers¶
To fully test the configuration, use the Mail-Tester tool, which gives a full overview of the content and configuration in one sent email. Mail-Tester can also be used to configure records for other, lesser-known providers.
