RBCommons attempts to send e-mail on your users' behalf for all reviews and review request updates, in order to keep everyone in the loop. However, due to increased security on most e-mail providers, you might see warnings about these e-mails not being legitimate.


In order to take care of this, you'll need to set up a SPF (Sender Policy Framework) record on your domain name (the one used in your users' e-mail addresses). SPF is a method for both protecting against spoofed e-mails and for allowing certain services to send on your behalf.


Create an SPF Record

SPF records are TXT records that specify which mail servers have permission to send e-mail on your domain's behalf. When granting a service, like RBCommons, permission, you'll make use of an include: rule. In our case, you'll want your SPF record to look like:


v=spf1 include:_spf.rbcommons.com ~all


You may already have such a record. In that case, simply add the include:_spf.rbcommons.com in the list of rules somewhere.


See your domain provider's instructions for creating and managing records.


Verify Your New SPF Record

Once you've created your record, you'll want to make sure it's valid. We use MX Toolbox's SPF Records tool to verify our records. Just type in your domain name and click "SPF Record Lookup."


You should see _spf.rbcommons.com: Pass in the list. If you do, great, you're done!


Please note that it may take up to 48 hours for your DNS record to propagate, so if it doesn't find your record, try again a bit later.


Other E-Mail Considerations

SPF is just one tool in the world of e-mail security. You may also want to set up DKIM and DMARC records.


DKIM (DomainKeys Identified Mail) is a method for verifying the content of e-mails, preventing them from being modified in-flight.


DMARC (Domain-based Message Authentication, Reporting & Conformance) defines how your domain handles any suspicious e-mails. It can do a range of things, including outright blocking such e-mails, or allowing some percentage of them to go through.


Note: if your domain's DMARC record is set to block any e-mails, RBCommons will not send on your users' behalf! Instead, it will simply include your e-mail address in the Reply-To field, and send from our noreply address.