DOCUMENT HISTORY AND VERSION CONTROL
| Version # | Implemented By | Revision Date | Approved By | Approved Date | Notes |
| 1.0 |
Sahitya Kalva Author |
24-03-2022 |
Latika Verma Product Owner |
31-03-2022 | |
| 1.1 |
Sahitya Kalva Author |
12-04-2022 |
Latika Verma Product Owner |
12-04-2022 | Sending Profiles section is added. |
Terms and Abbreviations
| Term | Abbreviation | Descriptive |
| BPID | BullPhish ID | BullPhish ID is a fully-featured cybersecurity training & awareness software platform. It is designed to serve Enterprises, SMEs, and Startups. By using our Training & Awareness courses and Phishing Simulation Campaigns, you have the power to save money and time in preventing cybersecurity attacks on your organization. |
| SMB | Small & Medium-Sized Business | Small and medium enterprises are privately owned businesses. A business with 100 or fewer employees is generally considered small, while one with 100-999 employees is medium-sized. |
| DNS | Domain Name System | It is a naming system for domains on the internet. When BullPhish ID refers to your DNS, we discuss the domain name you wish to send emails to targets. When we talk about your DNS provider, we talk about the service that hosts your domain name. For example, GoDaddy, Rackspace, or Cloudflare. |
| DKIM | DomainKeys Identified Mail |
It is designed to help email providers prevent malicious email senders by validating emails from specific domains. DKIM is one of the most popular email authentication methodologies that works by using cryptographic technology that adds a digital signature to your message header. This DKIM signature validates and authorizes your domain name in the eyes of the receiver. The DKIM signature is created using a unique string of characters stored as a public key. When your email is received, the public key is retrieved through the DNS and decrypted by the receiver to verify your domain's identity confidently. |
| SPF | Sender Policy Framework | It is an email authentication standard developed by AOL that compares the email sender's actual IP address to a list of IP addresses authorized to send mail from that domain. The IP list is published in the domain's DNS record to provide more information about SPF. |
| CNAME | Canonical Name | It is a record in the DNS database that indicates the true hostname of a computer associated with its aliases. It is essential when running multiple services from a single IP address. |
| SMTP | Simple Mail Transfer Protocol | The SMTP protocol is used for sending e-mails over the Internet. |
BullPhish ID Introduction
BullPhish ID is a fully-featured security awareness training platform designed to serve Enterprises, SMEs, and Startups. We feel privileged to inform you that we introduced a new "Sending Domains" feature to our BPID portal. This guide walks you through the Sending Domains feature functionality in detail.
Sending Domains
Sending Domains is a very flexible feature that allows you to add custom domains. You can now use your domain to send Phishing and Training campaigns. From Sending Domains page, you can create Custom Sending Domains.
Follow the article to see what you have inside.
Prerequisites
Well, before you add a domain, ensure that all the following requirements are met:
- You should be any one of the following user(s) - Partner Admin/Partner Agent/ SMB Privileged User(s)/Internal User(s).
- You own or control the domain.
- You cannot create the same domain if the domain name already exists in the system.
Add Custom Domain
1. Log In to the BullPhish ID portal.
2. Click Sending Domains under the Settings tab.
3. On the Sending Domains page, click "+ Add Sending Domain."
4. Enter your domain name in Sending Domain field. For example, www.domainname.com
5. Choose an Associated Organization for a specific domain from the drop-down.
6. Click "Next."
Note:
- If the User enters the invalid domain, a pop-up msg displayed on the screen saying, please use a valid domain.
- You can create sending domain for any parent organization, and those domains can be used for any child organization and create sending profile.
- You cannot re-enter sending domain or change the associated organization.
- You cannot use the same name that has already been taken.
Once the domain is created, the page will take you to the Custom Sending Domain page.
Verify Sending Domain
Before you verify the domain, please add the Domain & Value to your DNS records with CNAME Type. Follow the below instructions to do so.
7.
Click the Copy functionality under the Actions column to copy the DNS values. When you do so, the value will be copied to the clipboard, and you should add the record to the DNS service provider.
Note: Please ensure to copy all the values one after one.
8. Go to your specific DNS service provider and add copied values to the records.
Note: Go to the CUSTOM DOMAIN AUTHENTICATION section to know how to add specific DNS records on your DNS server to allow our SMTP server to send emails using custom domains.
9. Once you add DNS values to the DNS server, click the checkbox of 'I've added these records.'
10. Click Verify.
Note: Cancel will take the user back to the sending domain page.
Note: The application gives a warning message when you miss copying one or more records.
Verification Sending Domain DNS records have the following status - Pending, Failed, and Verified.
Cause of Pending Status:
- It is an application waiting time for the user to finish their action tasks for the domain.
- This status appears when you (referring to the user) are in the process of adding values to the DNS server and taking the following steps, such as clicking the Checkbox and Verify button.
Cause of Failed Status:
- This status appeared when errors were made in adding records.
- Your domain server might take up to 48 hours to reflect the changes.
Cause of Verified Status:
- Verified: This status appears when you successfully add all your records to the DNS provider. And check the "Yes, I've added records to my DNS records" and click Verify Domains. (The background application collects all these records from DNS for verification).
Once the domain is successfully added, you can view the Verified or Not Verified status on the Sending Domain landing page.
Cause of Verified Status:
- You will view the "Verified" status once the domain is added successfully and verified and can be used to create sending profiles.
Cause of Not Verified Status:
- This status appeared when errors were made in adding records to the domain DNS service provider.
- You did not make verification, which means the customer will not be able to use sending domains to create sending profiles.
Note:
- You will not be able to use Not Verified domains to create sending profiles.
- If a domain is not verified, the campaigns will be automatically canceled.
The view icon will redirect you to the verification page.
Once you click on the delete icon, the page opens a modal window, as shown.
Select Sending Domain from the drop-down and click "Delete And Replace" if you wish to continue.
Note: The deleted domain will be replaced with a new domain in all active/scheduled campaigns. Also, this action will not affect your DNS configured and must be manually removed.
You can customize columns on your wish. To do so, follow the below steps:
- Click the Customize column icon.
- A pop-up modal window appears on the screen with the available columns. Select the columns that you want to show on the table.
- Click "Apply."
Note: You can view all columns on the table by default.
You can show/hide columns using checkboxes.
You can drag and drop the columns list by placing the cursor on the list.
Once you apply changes, it will save permanently for you until you wish to change again. Click Restore Defaults to go back to the default settings.
Filters Usage: You can sort filter columns using "Sending Domain Name," "Associated Organization," and "Verified." Place the cursor in the field box and select the field on your sort of wish.
If you want to fetch sending domain information using the Sending Domain Name, please follow the instructions:
- Place the cursor in the filter search box.
- Select the Sending Domain Name filter.
- You can directly provide the sending domain name in the search field without an additional pop-up box.
- Click "Apply."
You will get the following search result as per your applied filter.
If you want to fetch only Verified/Not Verified information using the status, please follow the instructions:
- Place the cursor in the filter search box.
- Select the Verified filter.
- When you do so, a Verified pop-up column opens on the screen: Click Yes to view all verified domains or click No to view all Not Verified domains. Provide the info in the field as shown, for example: 'Yes.'
- Click "Apply."
You will get the following search result as per your applied filter.
Once you create Sending Domain, you can create a new Sending Profile with the new sending domain. Follow the below steps to know more.
Export Sending Domains
You can Export Sending Domains from Sending Domains page.
Description: The BullPhish ID system uses the listed domains to send phishing and training campaigns to the targets.
Our Sending Profiles and URLs will all utilize one of the listed domains. In addition to Mail configurations, add to any Email Security Layers such as Microsoft Defender (formerly ATP), Proofpoint, Barracuda, Mimecast, and others. It is considered for Link Re-Writing.
The list of sending domains available on the BullPhish ID Sending Domains page under Settings section.
- Clicking Export Sending Domains button will download a CSV of every Sending Domain from your organization along with their verification status. To access this functionality, lo into BullPhish ID, select Settings on the left navigation panel > Sending Domains > Export Sending Domains.
Sending Profiles
Using Sending profiles feature sender can send all emails for phishing or training campaigns. From Sending Profile page, you can create a new sending profile.
Prerequisites
You must meet the following requirements to create a new sending profile.
- You should be any one of the following users(s) - Partner Admin/Partner Agent/ SMB Privileged User(s)/Internal User(s).
- The status of the domain should be "Verified."
CREATE NEW PROFILE
1. Log In to the BullPhish ID portal.
2. Click Sending Profiles under the Settings tab.
3. Click on "+ Create New Profile."
4. Choose an Associated Organization for a specific domain from the drop-down.
5. Provide the email provider name in the Display Name field.
6. Provide the profile name in the Profile Address.
7. Select your domain name from the Profile Domain drop-down. For example, <kaseyatest.com>
8. Once you click "Create," the sending profile will be successfully created.
Note: If you choose to cancel, your changes will be discarded, and all progress will be lost.
FILTERS USAGE
You can sort the Sending Profiles by applying Sending Display Name filter.
Sending Display Name: If you want to fetch sending profiles information using the Sending Display Name, please follow the instructions:
- Place the cursor in the filter search box.
- Select the Sending Display Name filter.
- You can directly provide the sending display name in the search field without an additional pop-up box.
- Click "Apply."
You will get the following search result as per your applied filter.
Edit page allows you to edit the Edit Sending Profile page.
To delete a sending profile, you must select a new sending profile to replace the deleted ones. It will allow the application to replace sending profiles in all places.
- Select the sending profile for replacement.
- Click "Delete And Replace."
Click the Customize column icon - A pop-up modal window appears on the screen with the available columns. Select columns you want to show on the table and click "Apply."
Note: You can view all columns on the table by default.
You can show/hide columns using checkboxes.
You can drag and drop the columns list by placing the cursor on the list.
Once you apply changes, it will save permanently for you until you wish to change again. Click Restore Defaults to go back to the default settings.
CUSTOM DOMAIN AUTHENTICATION
Domain authentication, formerly known as domain Whitelabel, shows email providers that BullPhish ID has your permission to send emails on your behalf. To provide BullPhish ID permission, you must point DNS entries from your DNS provider (like GoDaddy, Rackspace, or Cloudflare) to BullPhish ID.
Even though this is a slight change from your recipient's perspective, this change has a substantial positive impact on your reputation as a sender and your email deliverability. It is essential because email service providers distrust messages that don't have domain authentication set up as they cannot be so sure that the message comes from you. Explicitly stating that it comes from you increases your reputation with email service providers. Making it much less likely that they will filter your mail and not allow it to get to your recipient's inbox, increasing your deliverability. You also explicitly show your recipients that this email comes from you, making them less likely to mark your mail as spam.
SETTING UP DOMAIN AUTHENTICATION
To set up domain authentication, you must submit the DNS records provided by BullPhish ID to your DNS or hosting provider (for example, GoDaddy, Hover, CloudFlare, etc.). Firstly, determine who your hosting provider is and if you have access. If you don't have access to your DNS or hosting provider, you should get the information on who in your company has this access before setting up domain authentication.
Next, you must add all the CNAME records from the 'Verified Sending Domain' screen to your DNS host. This process varies depending on your DNS host. The following table instructs you on how to add CNAME records for various DNS providers:
| DNS provider | Link to the documentation |
| GoDaddy | https://godaddy.com/help/kak-dobavit-zapis-cname-19236GoDaddy |
|
Amazon Route 53 |
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-creating.html |
|
Cloudflare |
https://support.cloudflare.com/hc/en-us/articles/360020348832-Understanding-a-CNAME-Setup |
|
ClouDNS |
|
|
DSN Made Easy |
https://support.dnsmadeeasy.com/support/solutions/articles/47001001393-cname-record |
|
DNSimple |
|
|
Alibaba Cloud |
|
|
Google Cloud |
https://cloud.google.com/dns/docs/quickstart#create_a_cname_record_for_the_www_subdomain |
|
Jimdo |
https://help.jimdo.com/hc/en-us/articles/115005537866-How-do-I-add-a-CNAME-entry- |
|
Namecheap |
|
|
NS 1 |
https://help.ns1.com/hc/en-us/articles/360020258073-Create-a-DNS-record |
|
DNSPod |
|
|
Dyn |
https://help.dyn.com/standard-dns/adding-a-resource-record-in-standard-dns/ |
|
easyDNS |
If you couldn't find your DNS provider in the list, you can contact support or create a feature request so that we supplement this list and help you find documentation.
VERIFYING YOUR DNS
Once you add the CNAME records to your DNS host, return to the "Verified Sending Domain" page and click Verify button.
Two cases get placed when you do so: either half of your CNAME records get verified - this usually means you need to wait a bit longer, or it is also possible that you incorrectly entered one of your records. For other troubleshooting information, see Sender authentication troubleshooting.
SENDER AUTHENTICATION TROUBLESHOOTING
Where is my domain hosted?
If you aren't sure what DNS provider hosts your domain, use this command to find out:
dig <<your_domain.com>> ns
My DNS records aren't validating.
After you add your CNAME records to your DNS host, you need to validate them in the BullPhish ID UI. If your DNS records aren't validating, try the following steps.
Allow your DNS records to propagate.
Some DNS providers take longer than others to update your DNS records with the CNAME files we ask you to add. Please give it up to 48 hours to validate.
When the user does not add some records to the domain, the application displays a warning message: 'One or more values were not added. Please copy all values to your records.' Though records were added correctly, DNS takes some time to update them.
Auto appending
Some DNS hosts will automatically add your top-level domain to the end of DNS records you create, which can turn a CNAME for "email.domain.com" into "email.domain.com.domain.com."
Be sure to follow the convention on existing records in your DNS panel when adding new ones, as sometimes you will only need to add what is to the left of the top-level domain.
For example, a CNAME for "email." becomes "email.domain.com"
My DNS doesn't accept underscores
BullPhish ID requires underscores for sender authentication, but some DNS providers do not support underscores in zone file entries.
If your provider does not allow you to use underscores in zone files, consider changing your DNS hosting provider.
Manually validating records
Sometimes there is no other option but to validate your DNS records manually. It can be caused by certain DNS providers or by customizations you add to your records.
To validate a DNS record manually, use the Unix command DIG. The following examples use the Terminal on a Mac platform. The tables show specific validations. If the ANSWER section of the dig return is empty, this usually means that either the record does not exist or has yet to propagate.
| Command | Type | Answer |
| dig cname bpid.<yourdomain.com> | CNAME | 25d3b1577f2c421b844fa47370297a95.bullphish.com |
| dig cname bpid._domainkey.<yourdomain.com> | CNAME | 25d3b1577f2c421b844fa47370297a95._domainkey.bullphish.com |
If you can successfully verify your DNS changes manually, but it won't validate in the tool, contact support, and we can help you investigate. You can also use the DNS lookup tool provided by MxToolbox.