1. Administration Guide
  2. Terminology

Terminology

  • Spoofing: Method of forging another entity's identity (e.g., the "From" address) onto an email in order to get users to open a message.
  • Phishing: Method of tricking recipients into giving out personal information, such as credit card numbers or account passwords, often by spoofing the origins of the email (e.g., a user's bank, credit card company, or familiar merchant).
  • Approved Sender: The address used in the "From:" header of the emails you send must be managed as an approved sender via the Email Delivery Service (OCI SDK). The domain name used in the approved sender needs to be configured as a sending domain which requires DNS configuration; see sending domain definition below. An approved sender is a regional resource with an associated Oracle Cloud ID (OCID).
  • DomainKeys Identified Mail (DKIM): DomainKeys Identified Mail is a cryptographic signature-based type of email authentication. DKIM requires email senders' computers to generate "public/private key pairs" and then publish the public keys into their Domain Name System (DNS) records. The matching private keys are stored in a sender's outbound email servers, and when those servers send out email, the private keys generate message-specific "signatures" that are added into additional, embedded email headers. ISPs that authenticate using DKIM look up the public key in DNS and then can verify that the signature was generated by the matching private key. This ensures that an authorized sender actually sent the message, and that the message headers and content were not altered in any way during their trip from the original sender to the recipient.
  • DKIM Selector: A DKIM selector is a short name for a DKIM private/public key pair within a given sending domain. It's also the first component of the DNS name used to publish the DKIM public key. The recommended naming convention is <prefix>-<shortregioncode>-YYYYMMDD. Each sending domain must have at least one unique DKIM selector per region used. Best practice advice is to rotate the DKIM key every 6 months by creating a new selector (see M3AAWG advice: m3aawg-dkim-key-rotation-bp-2019-03.pdf). We have future plans to automate DKIM key creation and rotation.
  • Domain-based Message Authentication, Reporting & Conformance (DMARC): DMARC standardizes how email receivers perform email authentication using both of the well-known SPF and DKIM mechanisms. It allows a sender to indicate within its DNS record that its email is protected by SPF and/or DKIM. If neither of those authentication methods pass, the sender can specify the actions a receiver should take (i.e. quarantine or reject the message). DMARC helps senders experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC.
  • Return Path: The return path is an SMTP email source address used to process the bounces that occur with your emails. The return path is where mailbox providers send the bounces. The default Email Delivery return path domain is <region-short-code>1.rp.oracleemaildelivery.com. Configuring the return path can improve: Deliverability & Reputation, Addressbook addition & other allow-listing mechanisms, DMARC alignment (SPF), consistent branding.
  • Sender Policy Framework (SPF): SPF is an IP-based process that enables the verification of a sender's IP address by cross-checking the domain in the email address listed in the visible "Mail From" line of an email against the published record a sender has registered in the Domain Name System (DNS). An SPF record consists of a list of computer servers or IP addresses that senders indicate are "authorized" to send email for that domain. By publishing an SPF record for a domain, that domain is declaring which IP addresses are authorized to send out email claiming to be from that domain .
  • Sending Domain: the DNS domain name used in the From header when sending email. This domain should have an MX or A record (a CNAME can be used but is not as good) and should accept mail for postmaster@domain and abuse@domain without bouncing. For more details, see MAAWG best practices for sending domains document.
  • Suppressions: If you send to an email address that fails (due to a hard bounce, repeated soft-bounce, or spam/ abuse complaint), Email Delivery may process the bounce message and create a suppression. Subsequent attempts to send to that address will be accepted by Transportation and Global Trade Management (counting against your limits) but dropped by Email Delivery. See Managing Delivery Failure for more details on this topic.