TLS-Verify is an optional secure delivery method that requires modifications to the domains SPF and DKIM records. 


SPF (Sender Policy Framework) allows the owner of a domain to specify which mail servers they use to send mail from

that domain.


An organization sending mail publishes an SPF (TXT) record in the Domain Name System (DNS). The record contains a list of IP addresses that are authorised to send mail on behalf of their domain name.


Receivers of mail verify the SPF record by looking up the “Envelope From” (aka Mail From, Mfrom or return-path) domain name in the DNS. If the IP address sending mail on behalf of this domain is not listed in the SPF record, the message fails SPF authentication.


Configuring an SPF record is not only required when using the EncryptTitan service, but a real good idea and will help the deliverability of your e-mail message.  If there is not an SPF record configured for your domain, then receivers that require some form of authentication verification may not accept your message or may automatically flag the message as SPAM.  When you create an SPF record, you must include all legitimate mail systems that send email on behalf of your domain, otherwise the ones not listed could be treated as possible forgery sources. 


In the following example, Healthy Care Services is has an SPF record in the following format;

v=spf1 include:spf.messaging.microsoft.com -all

In order to authorize EncryptTitan  to deliver messages for healthycareservices.com, the SPF record for healthycareservices.com will need to be modified to include EncryptTitans SPF record.   


By editing the current SPF record by adding include:spf.encrypttitan.net you are authorizing EncryptTitan to deliver mail for your domain.  The following is what the edited SPF record for healthycareservices.com would like after they authorize EncryptTitan to deliver mail from their domain.


v=spf1 include:spf.messaging.microsoft.com include:spf.encrypttitan.net -all

A few caveats to avoid;


  • The DNS record type for SPF is TXT (Text).  If your DNS provider displays a record type SPF, it should be ignored as the DNS record type SPF has been depreciated, use a TXT type record.
  • Be sure to place the include statement (include:spf.encrypttitan.net) before the ending operand which is usually -all
  • A valid SPF record can contain 10 or less DNS lookups.  If you are unsure of how many lookups your SPF record current includes, Kitterman Technical Services has a great tool for verifying the structure of you SPF record. You can reach this tool by pointing your browser to https://www.kitterman.com/spf/validate.html 
  • The SPF Framework only supports a single DNS SFP record.   You should not have multiple SPF records.
  • Be sure  that there is no more than one white space between statements in your SPF record.  For instance, if you have two spaces (rather than one) between the include:spf.encrypttitan.net and -all, the SPF record may fail validation.