Ethnio uses two industry-standard providers, Mailgun, and Amazon SES, to send emails with maximum deliverability using any email from/sender/reply-to addresses our customers prefer and we offer domain verification for Enterprise customers, depending on the plan tier.
If you don't complete Domain Verification, we use “On Behalf Of”
The default method Ethnio uses to send emails to your participants for Scheduling, Incentives, or Pool requires no integration or domain verification from your organization. Out of the box, it offers about 85% deliverability. Let’s say your email is firstname.lastname@example.org and you want to use Ethnio for Scheduling and incentive payments, as part of your job as Research Coordinator at Acme Corporation. You would simply login to your Ethnio account, enter Acme Research / email@example.com, and when your respondents reply to the email it will go to you. A small percentage of users (2-12%) will see “Ethnio on behalf of Acme Research” as the from address, but the reply-to will always be firstname.lastname@example.org.
How Domain Verification Works (DKIM/SPF)
If you’d like to increase deliverability, make sure no unnecessary spam reporting happens, and prevent any phishing concerns, you can configure your domain to verify that Ethnio is authorized to send emails for your organization.
This is only part of Enterprise plans with certain tiers, and has to be setup by your technical or security team internally to add SPF and DKIM records to your domain provider’s DNS management section. The DKIM or Domain Keys Identified Mail is an encryption authentication method that is used to ensure that the email is originated from an authorized system and it prevents spammers from stealing the identity of legitimate entities. Whereas SPF or Sender Policy Framework is used to improve email reliability and prevent spoofing.
The SPF and DKIM DNS records allow Ethnio, using either Mailgun or Amazon SES, to deliver emails for any email address at your domain. You'll always be able to set the reply-to for any email at your organization that you prefer to use per study or account (that could be email@example.com or firstname.lastname@example.org). There are no restrictions on how many different emails can be used inside Ethnio with this level. Please note the sender concept below would be a single email and most recipients will never see that. Lots more detail below.
We need three things from your team to get started on DKIM, and please note this is only for Enterprise customers with certain plans:
- Subdomain - usually something like uxr.yourdomain.com
- Sender email address – typically like email@example.com
- HSTS Settings - does your organization force https for all subdomains
Both the DNS records and the "sender" email that you can specify in Ethnio should use a subdomain. For example, if your email is firstname.lastname@example.org, your developers will more than likely prefer to create a subdomain, for example "research," so that the DKIM uses research.yourdomain.com and the emails you send in Ethnio come from email@example.com.
Please note that almost nobody will see this email, as you can still set the reply-to to firstname.lastname@example.org. Sender vs Reply-to is a confusing topic, but think of the Sender as something nobody really sees, and the From name as something that can be 100% customized within Ethnio at your discretion anytime.
2: Pick a sender email address
After your technical team has chosen a subdomain for the domain verification, you'll want to pick a sender email like email@example.com. The most important aspect of the sender is that nobody really sees this. It's just a single email that operates behind the scenes and is white listed and authorized to send hundreds or thousands of Ethnio emails without getting caught by spam or otherwise not reaching your recipients for invites, scheduling, incentives, or Pool emails.
3. HSTS settings
Check with your internal team that will be making these DNS changes on whether your organization has a TLS policy that forces HTTPS on all subdomains using the HSTS header. Most organizations do not do this, but if yours does, it can impact click-tracking and we'll need to know up front. There are a couple options for how to proceed.
Security Best Practices
It's common that your security / IT team will want to white list both dedicated sending IPs, as well as the new subdomain you create to send research emails through Ethnio. More info on that here:
- Whitelist sending IPs - Ethnio can provide dedicated IPs for both Mailgun & SES
- Whitelist subdomain – ensure the new subdomain is allowed to email employees
1. Whitelisting sending IPs
If your security or technical team would like to whitelist both the Mailgun and SES sending IP, we can provide that upon request.
2. Whitelisting subdomain: Sending Ethnio emails to employees
Make sure the same team that implements the DNS changes for domain verification also whitelists your new subdomain & sender to email employees. Network security might consider the new subdomain a suspicious sender because it could appear to be a phishing attempt (like scammer.yourdomain.com).
Sample Detailed DNS Instructions
If you'd like to see exactly what the DNS record changes that are required for your development team, you can view detailed instructions here: ethn.io/docs/dkim.pdf Basically, it involves pasting in some text records. Please contact Ethnio through your Enterprise plan to generate actual DKIM instructions.
A Note on the concept of Sender
The subdomain you choose from above will also be something that appears in the sender email address, but it's really important to note yet again that the sender is not the from name or the reply-to, which show up in vastly higher priority for your respondents in Gmail or Outlook or whatever email client they use. In other words, the sender email might look a bit strange, but it helps deliver emails at a incredibly high rate, and your respondents will most likely see From / Reply to.
Finally, deliverability is incredibly complex
Each domain, development environment, set of DNS rules, and organization is different. There
can be restrictions at your organization for SPF/DKIM and which vendors are allowed to go
through this process. You could already be using Mailgun directly, which would require a new subdomain. It also typically requires a security and technical audit of Ethnio, and our pricing
for this integration add-on has to reflect that process.
Any questions? Please email firstname.lastname@example.org for more information.