All e-mails that are sent via doo have as the sender by default a own doo.net email address: booking related emails are sent by buchung@doo.net, email messages that are sent by the doo email manager are sent by einladung@doo.net. By request it is possible to adjust a customer specific email sender address for a fee. If you’re interested, please contact your contact person or send your request to upgrade@doo.net

After commissioning, please pay attention the following notes.

1. General information about the device

The configuration of a customer specific email sender address requires the help of the owner of the used e-mail address in some steps. Only then we can make sure that emails that are sent with the new email address will be correctly delivered to the recipient.

For the delivery of automatized emails and email campaigns, doo uses the infrastructure of amazon simple email service (SES). To make sure that this service won’t be used abusively, amazon verifies the identity of the owner of the sender email address via email. Further amazon signs outgoing emails with the DKIM method (more information about that e.g on wikipedia)

In this way, spam filters and mail servers can verify that the corresponding emails are not spam or spoofing. For this, however, it is necessary that some entries are adjusted for the corresponding domain settings in the name server.

2. Requirements 

The following should be ensured on your side so that the configuration can be carried out as smoothly as possible and without delays.

• You need access to the emails, which are sent to the e-mail to be used.
• You need access to the domain name server (DNS), which is used for the domain of the email to be used.

3. Procedure of the configuration

1) Tell your doo contact person:

• Which email address should be configured
• For which doo organization this configuration should be valid
• If the email address will be used only for the emails that are sent to bookers and recipients of invitation or also as the sender address for automized emails with access to account notifications to your doo account (e.g event created, monthly payments, export completed)

2) Subsequently you will receive the details from your doo contact person, that have to be adjusted in your DNS entry. These are CNAME records that must be attached to the appropriate domain.

Example for CNAME entries with dummy data:

"DKIM record set:" 
"Record name","Record type","Record Value" 
"7kcjh<something>war36f._domainkey.<customer>.<tld>","CNAME","7kcjhyb7<something>36f.dkim.amazonses.com" 
"6jaq6v4<something>ocwz5._domainkey.<customer>.<tld>","CNAME","6jaq<something>yk3rlqoocwz5.dkim.amazonses.com" 
"2zvk<something>ucnklf6xt._domainkey.<customer>.<tld>","CNAME","2zvkrnh<something>aucnklf6xt.dkim.amazonses.com"

The method for the addition of CNAME data sets for your DNS configuration depend on which DNS or hosting provider you are using. Unfortunately, we can not offer support for this – please contact your respective admin.

The check to see if the DNS server was successfully actualized will be done automatically. Depending on the existing DNS configuration, this may take several minutes.

In addition to the CNAME entry, the following TXT record needs to be added to your DNS record.

"v=spf1 include:amazonses.com ~all”

This gives Amazon SES the authority to send Amazon SES emails on your behalf.

4) Your doo contact person will notify you as soon as the configuration was successfully completed. From this time on you can use the new sender e-mail address in the email settings of your email messages and booking emails or choose one in cases you configurated more than one email address.

Security notes of this procedure:

Email security and control

We use a service from Amazon Web Services (AWS) called Simple Email Service (SES) to send emails on behalf of your domain. It’s important to understand that as a customer, you have complete control over who can send emails on behalf of your domain. Here’s how that works:

Authorization through DNS entry

In order for our AWS account to send emails on your behalf, you need to set up a special DNS record in your domain. This entry confirms that our AWS account is authorized to send on behalf of your domain. Without this entry, our AWS account cannot send emails on your behalf.

Security through individual verification:

AWS checks whether such a DNS entry exists for your domain for each sending order. The email will only be sent if the entry exists. If another AWS account attempts to send emails with your domain without your authorization, this will be blocked because the necessary DNS entry is missing.

Your control:

• You decide if and when our AWS environment is activated for your domain by setting the DNS record.
• You can revoke access at any time by deleting the DNS entry.

Without this entry, no AWS account – not even ours – can send emails with your domain.

Why is this secure?

The DNS record works like a “key” that can only be controlled from your domain.
Every email is sent via a secure process that checks this authorization.

-> Your domain is protected and only the AWS account that you explicitly authorize is allowed to send emails on your behalf.

-> We have no way of doing this independently or without your explicit permission.