Chapter 9: How to configure a custom domain

DOCUMENT HISTORY AND VERSION CONTROL 

Version # Implemented By  Revision Date Approved By  Approved Date Notes
1.0 

Sahitya Kalva 

Author 

24-03-2022

Latika Verma  

Product Owner

31-03-2022  
1.1

Sahitya Kalva 

Author 

12-04-2022

Latika Verma  

Product Owner

12-04-2022 Sending Profiles section is added.

TERMS AND ABBREVIATIONS 

Term Abbreviation Descriptive 
BPID BullPhish ID  BullPhish ID is a fully-featured cybersecurity training & awareness software platform. It is designed to serve Enterprises, SMEs, and Startups. By using our Training & Awareness courses and Phishing Simulation Campaigns, you have the power to save money and time in preventing cybersecurity attacks on your organization. 
SMB Small & Medium-Sized Business  Small and medium enterprises are privately owned businesses. A business with 100 or fewer employees is generally considered small, while one with 100-999 employees is medium-sized. 
DNS  Domain Name System  It is a naming system for domains on the internet. When BullPhish ID refers to your DNS, we discuss the domain name you wish to send emails to targets. When we talk about your DNS provider, we talk about the service that hosts your domain name. For example, GoDaddy, Rackspace, or Cloudflare. 
DKIM  DomainKeys Identified Mail 

It is designed to help email providers prevent malicious email senders by validating emails from specific domains. DKIM is one of the most popular email authentication methodologies that works by using cryptographic technology that adds a digital signature to your message header. This DKIM signature validates and authorizes your domain name in the eyes of the receiver. The DKIM signature is created using a unique string of characters stored as a public key. 

When your email is received, the public key is retrieved through the DNS and decrypted by the receiver to verify your domain's identity confidently.  

SPF  Sender Policy Framework  It is an email authentication standard developed by AOL that compares the email sender's actual IP address to a list of IP addresses authorized to send mail from that domain. The IP list is published in the domain's DNS record to provide more information about SPF. 
CNAME  Canonical Name  It is a record in the DNS database that indicates the true hostname of a computer associated with its aliases. It is essential when running multiple services from a single IP address. 
SMTP  Simple Mail Transfer Protocol  The SMTP protocol is used for sending e-mails over the Internet. 

BULLPHISH INTRODUCTION 

BullPhish ID is a fully-featured security awareness training platform designed to serve Enterprises, SMEs, and Startups. We feel privileged to inform you that we introduced a new "Sending Domains" feature to our BPID portal. This guide walks you through the Sending Domains feature functionality in detail.  

SENDING DOMAINS 

Sending Domains is a very flexible feature that allows you to add your custom domains. You can now use your domain to send Phishing and Training campaigns. From Sending Domains page, you can create Custom Sending Domains. 

Follow the article to see what you have inside.

Prerequisites 

Well, before you add a domain, ensure that all the following requirements are met: 

  1. You should be any one of the following user(s) - Partner Admin/Partner Agent/ SMB Privileged User(s)/Internal User(s). 
  2. You own or control the domain. 
  3. You cannot create the same domain if the domain name already exists in the system.  

ADD CUSTOM DOMAIN

1. Log In to the BullPhish ID portal.

2. Click Sending Domains under the Settings tab.

  0.png

3. On the Sending Domains page, click "+ Add Sending Domain."

1.jpeg

4. Enter your domain name in Sending Domain field. For example, www.domainname.com 

5. Choose an Associated Organization for a specific domain from the drop-down. 

6. Click "Next."

2.jpeg

Note: 

  • If the User enters the invalid domain, a pop-up msg displayed on the screen saying, please use a valid domain. 
  • You can create sending domain for any parent organization, and those domains can be used for any child organization and create sending profile. 
  • You cannot re-enter sending domain or change the associated organization. 
  • You cannot use the same name that has already been taken.

Once the domain is created, the page will take you to the Custom Sending Domain page.

4.jpeg

Verify Sending Domain

Before you verify the domain, please add the Domain & Value to your DNS records with CNAME Type. Follow the below instructions to do so. 

7.blobid5.png Click the Copy functionality under the Actions column to copy the DNS values. When you do so, the value will be copied to the clipboard, and you should add the record to the DNS service provider.  

Note: Please ensure to copy all the values one after one.  

8. Go to your specific DNS service provider and add copied values to the records.  

Note: Go to the CUSTOM DOMAIN AUTHENTICATION  section to know how to add specific DNS records on your DNS server to allow our SMTP server to send emails using custom domains.  

4.1.jpeg

9. Once you add DNS values to the DNS server, click the checkbox of 'I've added these records.' 

10. Click Verify.        

Note: Cancel will take the user back to the sending domain page.  

4.2.jpeg

Note: The application gives a warning message when you miss copying one or more records.

Verification Sending Domain DNS records have the following status - Pending, Failed, and Verified.  

 Cause of Pending Status:  

  • It is an application waiting time for the user to finish their action tasks for the domain.  
  • This status appears when you (referring to the user) are in the process of adding values to the DNS server and taking the following steps, such as clicking the Checkbox and Verify button.

Cause of Failed Status:  

  • This status appeared when errors were made in adding records. 
  • Your domain server might take up to 48 hours to reflect the changes.  

4.3.jpeg

Cause of Verified Status: 

  • Verified: This status appears when you successfully add all your records to the DNS provider. And check the "Yes, I've added records to my DNS records" and click Verify Domains. (The background application collects all these records from DNS for verification).

Once the domain is successfully added, you can view the Verified or Not Verified status on the Sending Domain landing page. 

4.4.png

Cause of Verified Status:

  • You will view the "Verified" status once the domain is added successfully and verified and can be used to create sending profiles.  

Cause of Not Verified Status:  

  • This status appeared when errors were made in adding records to the domain DNS service provider. 
  • You did not make verification, which means the customer will not be able to use sending domains to create sending profiles.  

Note:  

  • You will not be able to use Not Verified domains to create sending profiles.  
  • If a domain is not verified, the campaigns will be automatically canceled.  

blobid11.png View icon will redirect you to the verification page. 

delete_ico.jpeg Once you click on the delete icon, the page opens a modal window as shown. 

Select Sending Domain from the drop-down and click "Delete And Replace" if you wish to continue.

Note: The deleted domain will be replaced with a new domain in all active/scheduled campaigns. Also, this action will not affect your DNS configured and must be manually removed. 

delete_icon.jpeg

Customize_columns.jpeg You can customize columns on your wish. To do so, follow the below steps:

  1. Click the Customize column icon.
  2. A pop-up modal window appears on the screen with the available columns. Select columns that you want to show on the table.
  3. Click "Apply."

Note: You can view all columns on the table by default.

          You can show/hide columns using checkboxes.

          You can drag and drop the columns list by placing the cursor on the list.

          Once you apply changes, it will save permanently for you until you wish to change again. Click Restore Defaults to go back to the default settings.

custom_columns.jpeg

Filters Usage: You can sort filter columns using "Sending Domain Name," "Associated Organization," and "Verified." Place the cursor in the field box and select the field on your sort of wish.  

4.5.jpeg

If you want to fetch sending domain information using the Sending Domain Name, please follow the instructions:

  1. Place the cursor in the filter search box.
  2. Select the Sending Domain Name filter.
  3. You can directly provide the sending domain name in the search field without an additional pop-up box: for example, 'test11.com'
  4. Click "Apply."

2.png

You will get the following search result as per your applied filter.

Screenshot__187_.png

If you want to fetch only Verified/Not Verified information using the status, please follow the instructions:

  1. Place the cursor in the filter search box.
  2. Select the Verified filter.
  3. When you do so, a Verified pop-up column opens on the screen: Click Yes to view all verified domains or click No to view all Not Verified domains. Provide the info in the field as shown, for example: 'Yes.'
  4. Click "Apply."

4.3.jpeg

You will get the following search result as per your applied filter.

4.4.jpeg

Once you create Sending Domain, you can create a new Sending Profile with the new sending domain. Follow the below steps to know more.

SENDING PROFILES

Using Sending profiles feature sender can send all emails for phishing or training campaigns. From Sending Profile page, you can create a new sending profile.

Prerequisites

You must meet the following requirements to create a new sending profile.

  1. You should be any one of the following users(s) - Partner Admin/Partner Agent/ SMB Privileged User(s)/Internal User(s).
  2. The status of the domain should be "Verified."

 CREATE NEW PROFILE  

1. Log In to the BullPhish ID portal.

2. Click Sending Profiles under the Settings tab.

0.png

3. Click on "+ Create New Profile."

6.jpeg

4. Choose an Associated Organization for a specific domain from the drop-down.

5. Provide the email provider name in the Display Name field.

6. Provide the profile name in the Profile Address. For example, <test11>

7. Select your domain name from the Profile Domain drop-down. For example, <kaseyatest.com>

8. Once you click "Create," the sending profile will be successfully created.

2.png

Note: If you choose to cancel, your changes will be discarded, and all progress will be lost.

FILTERS USAGE

 You can sort the Sending Profiles by applying Sending Display Name filter.

Screenshot__188_.png

Sending Display Name:  If you want to fetch sending profiles information using the Sending Display Name, please follow the instructions:

  1. Place the cursor in the filter search box.
  2. Select the Sending Display Name filter.
  3. You can directly provide the sending display name in the search field without an additional pop-up box: 'text11.'
  4. Click "Apply."

You will get the following search result as per your applied filter.

3.png

Edit_Icon.jpeg Edit page allows you to edit the Edit Sending Profile page.

delete_ico.jpegTo delete a sending profile, you must select a new sending profile to replace the deleted ones. It will allow the application to replace sending profiles in all places.

  • Select the sending profile for replacement.
  • Click "Delete And Replace."

13.PNG

Customize_columns.jpegClick the Customize column icon - A pop-up modal window appears on the screen with the available columns. Select columns that you want to show on the table and click "Apply."

Note: You can view all columns on the table by default.

          You can show/hide columns using checkboxes.

          You can drag and drop the columns list by placing the cursor on the list.

          Once you apply changes, it will save permanently for you until you wish to change again. Click Restore Defaults to go back to the default settings.

15.PNG

CUSTOM DOMAIN AUTHENTICATION 

Domain authentication, formerly known as domain Whitelabel, shows email providers that BullPhish ID has your permission to send emails on your behalf. To provide BullPhish ID permission, you must point DNS entries from your DNS provider (like GoDaddy, Rackspace, or Cloudflare) to BullPhish ID.

Even though this is a slight change from your recipient's perspective, this change has a substantial positive impact on your reputation as a sender and your email deliverability. It is essential because email service providers distrust messages that don't have domain authentication set up as they cannot be so sure that the message comes from you. Explicitly stating that it comes from you increases your reputation with email service providers. Making it much less likely that they will filter your mail and not allow it to get to your recipient's inbox, increasing your deliverability. You also explicitly show your recipients that this email comes from you, making them less likely to mark your mail as spam.

SETTING UP DOMAIN AUTHENTICATION  

To set up domain authentication, you must submit the DNS records provided by BullPhish ID to your DNS or hosting provider (for example, GoDaddy, Hover, CloudFlare, etc.). Firstly, determine who your hosting provider is and if you have access. If you don't have access to your DNS or hosting provider, you should get the information on who in your company has this access before setting up domain authentication.

Next, you must add all the CNAME records from the 'Verified Sending Domain' screen to your DNS host. This process varies depending on your DNS host. The following table instructs you on how to add CNAME records for various DNS providers:

DNS provider  Link to the documentation 
GoDaddy https://godaddy.com/help/kak-dobavit-zapis-cname-19236GoDaddy 

Amazon Route 53 

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-creating.html  

Cloudflare 

https://support.cloudflare.com/hc/en-us/articles/360020348832-Understanding-a-CNAME-Setup  

ClouDNS 

https://www.cloudns.net/wiki/article/13/  

DSN Made Easy 

https://support.dnsmadeeasy.com/support/solutions/articles/47001001393-cname-record  

DNSimple 

https://support.dnsimple.com/articles/manage-cname-record/#:~:text=To%20add%20a%20CNAME%20record,.example.com%20enter%20www%20.  

Alibaba Cloud 

https://www.alibabacloud.com/help/en/doc-detail/27144.htm  

Google Cloud 

https://cloud.google.com/dns/docs/quickstart#create_a_cname_record_for_the_www_subdomain  

Jimdo 

https://help.jimdo.com/hc/en-us/articles/115005537866-How-do-I-add-a-CNAME-entry-  

Namecheap 

https://www.namecheap.com/support/knowledgebase/article.aspx/9646/2237/how-to-create-a-cname-record-for-your-domain/  

NS 1 

https://help.ns1.com/hc/en-us/articles/360020258073-Create-a-DNS-record  

DNSPod 

https://docs.dnspod.com/dns/5faa37b891e2ca46b29ff50e/  

Dyn 

https://help.dyn.com/standard-dns/adding-a-resource-record-in-standard-dns/  

easyDNS 

https://kb.easydns.com/knowledge/aname-records/  


If you couldn't find your DNS provider in the list, you can contact support or create a feature request so that we supplement this list and help you find documentation.

VERIFYING YOUR DNS 

Once you add the CNAME records to your DNS host, return to the "Verified Sending Domain" page and click Verify button.

Two cases get placed when you do so: either half of your CNAME records get verified - this usually means you need to wait a bit longer, or it is also possible that you incorrectly entered one of your records. For other troubleshooting information, see Sender authentication troubleshooting.

SENDER AUTHENTICATION TROUBLESHOOTING

Where is my domain hosted? 

If you aren't sure what DNS provider hosts your domain, use this command to find out: 

dig <<your_domain.com>> ns 

My DNS records aren't validating. 

After you add your CNAME records to your DNS host, you need to validate them in the BullPhish ID UI. If your DNS records aren't validating, try the following steps. 

Allow your DNS records to propagate. 

Some DNS providers take longer than others to update your DNS records with the CNAME files we ask you to add. Please give it up to 48 hours to validate.

When the user does not add some records to the domain, the application displays a warning message: 'One or more values were not added. Please copy all values to your records.' Though records were added correctly, DNS takes some time to update them.

blobid3.png

Auto appending 

Some DNS hosts will automatically add your top-level domain to the end of DNS records you create, which can turn a CNAME for "email.domain.com" into "email.domain.com.domain.com." 

Be sure to follow the convention on existing records in your DNS panel when adding new ones, as sometimes you will only need to add what is to the left of the top-level domain. 

For example, a CNAME for "email." becomes "email.domain.com" 

My DNS doesn't accept underscores 

BullPhish ID requires underscores for sender authentication, but some DNS providers do not support underscores in zone file entries. 

If your provider does not allow you to use underscores in zone files, consider changing your DNS hosting provider. 

Manually validating records 

Sometimes there is no other option but to validate your DNS records manually. It can be caused by certain DNS providers or by customizations you add to your records. 

To validate a DNS record manually, use the Unix command DIG. The following examples use the Terminal on a Mac platform. The tables show specific validations. If the ANSWER section of the dig return is empty, this usually means that either the record does not exist or has yet to propagate. 

Command Type Answer 
dig cname bpid.<yourdomain.com>  CNAME 25d3b1577f2c421b844fa47370297a95.bullphish.com 
dig cname bpid._domainkey.<yourdomain.com> CNAME 25d3b1577f2c421b844fa47370297a95._domainkey.bullphish.com

 

If you can successfully verify your DNS changes manually, but it won't validate in the tool, contact support, and we can help you investigate. You can also use the DNS lookup tool provided by MxToolbox. 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us