Documentation
Need help with something?
Contact us at
info@ourschoolpages.com
Back to index
Related topics

Email Domain Authentication


OSP use Sendgrid to send various emails on behalf of the PTAs.

In plain text. 'Sendgrid' is the post service we used to send emails. The email envelop has 'From', 'Reply-To' (which normally is same as 'From'), and 'To' address. Previously 'Sendgrid' allow us to fill any arbitrary 'From' address, so the emails sent by OSP will appear to be sending from your PTA's email address, while it is actually not. This obvious give spammers advantages and allow them to send phishing emails appearing from some valid entities with click baits links. So now 'Sendgrid' require validations after 4/30/2023. We need to prove to 'Sendgrid' that we really own/have control of the 'From' address, else 'Sendgrid' will simply decline to deliver the emails. To avoid lose the emails, by default OSP will switch to use 'noreply@ourschoolpages.com' which is already validated as the 'From' address, and the 'Reply-To' will be set to PTA's email address. User will see the email is from OSP noreply address, and when user click reply, they will be sending reply emails to PTAs. There are many drawback for this, If emails 'From' address is 'noreply@OSP' instead of PTA emails, a lot of the users may simply ignore it since they don't really know who 'noreply@OSP' is. Also user may report this as spam/fraud and then you won't be able to send email to the user using 'noreply@ourschoolpages.com' any more and user may be missing important emails like order confirmation/password reset emails. However this is at least better then no email at all. PTA admins can help to validate the PTA emails, and then turn off the "SendEmail From OSPNoReply Address" option in site basic settings, so that OSP will be able to use PTA emails as 'From' address and have a better user experience.

Now Sendgrid require customers to verify their Sender Identities.  To improve delivery and avoid being treated as spam email or even worse completely dropped, now by default OSP will use noreply@ourschoolpages.com to send email and set reply-to address to be your email. You can choose to allow OSP's SendGrid account be authenticated to send email from your domain and then disable the "SendEmail From OSPNoReply Address" option in your site basic settings.

We recommend PTA to get a custom domain and setup email service with that domain. Here is more details about custom domain.

Validate single email address

If you don't yet have custom domain and email, for single sender email validation please check this page.

Validate entire email domain (recommended)

Please check below about how to validate entire email domain.

Free email service from Microsoft/Google for NonProfit

Note both Microsoft and Google offer free plan which includes email for NonProfit (which most PTAs are).

https://www.google.com/nonprofits/offerings/workspace/

https://nonprofit.microsoft.com/en-us/getting-started

We do recommend Nonprofit PTAs to take advantage of those free offers.

SPF Record

add include:sgw.ourschoolpages.com into your existing SPF Record.

For example, if you are using google workspace email, the SPF TXT record will be like

v=spf1 include:_spf.google.com include:sgw.ourschoolpages.com ~all

If you are using office 365 emails, the SPF TXT record will be like

v=spf1 include:spf.protection.outlook.com include:sgw.ourschoolpages.com ~all

SendGrid Auth

We use Sendgrid default automatic security, and need you to config 3 CName entries. for more details, check Sendgrid document.

Prerequisites

1. Must be using a valid custom domain (more details here) and the email domain must be same as custom domain. The email service could be simple email forwarding provided by your domain registrar like GoDaddy or other full email service provider like Office365 or GSuite.

Steps to authenticate

1. go to https://ospletsencrypt.azurewebsites.net/Home/Email input your domain, click "Get" button to see details. Note don't include www. in the domain name.

2. If the domain has not been configured before, click the "InitAuth" button

3. After click "InitAuth", the page will display the 3 CName record you need to configure. After config those record, click "Validate"

4. One you see "Domain already authenticated" it should be done.

Note the em#### part may be different for different domains, the other part should be same.

CName Record Value
em4026 u646681.wl182.sendgrid.net
s1._domainkey s1.domainkey.u646681.wl182.sendgrid.net
s2._domainkey s2.domainkey.u646681.wl182.sendgrid.net