DMARC Alignment and SuiteProjects Pro Email

If you use DMARC for email authentication and your DMARC policy quarantines or rejects email that is not DMARC compliant, you can take the following actions to ensure that SuiteProjects Pro email pass either DKIM or SPF checks. SuiteProjects Pro email does not comply with DMARC alignment rules by default. If both DKIM and SPF sets of checks fail, email may be marked as junk mail or not be delivered at all.

To pass DKIM authentication and alignment, you can contact SuiteProjects Pro Support to set up DKIM for SuiteProjects Pro notifications. See Setting Up DKIM for SuiteProjects Pro Notifications.

Note:
If DKIM authentication and alignment fail after DKIM is set up, contact SuiteProjects Pro Support for further investigation.
To pass SPF authentication, you can add the SuiteProjects Pro email relay server domain (relay.openair.com) to your SPF DNS record.

Note:
OpenAir is now SuiteProjects Pro. As of 5 a.m. Eastern Time (UTC–5) on January 25, 2025, for your sandbox account, and on February 15, 2025, for your production account, service URLs with the netsuitesuiteprojectspro.com domain name replace URLs with the openair.com domain name. The sender for all email originating from SuiteProjects Pro will change from www@openair.com to www@netsuitesuiteprojectspro.com. The email sender change will be rolled out in phases. Refer to the upcoming Proactive Feature Change Notification (PFCN) email for more information about the target date for the email sender change in your account.

Note that the email relay domain relay.openair.com will not be replaced and a netsuitesuiteprojectspro.com equivalent will not be added until further notice. You do not need to update your SPF DNS record in preparation for the change.

For more information about the change, see Introducing SuiteProjects Pro.
To pass SPF alignment, you can use the Custom Email Return Path feature to set a custom return path for your account. Review the best practice guidelines before enabling this feature. See Custom Email Return Path.

What is DMARC?

DMARC is an open email authentication protocol that provides domain-level protection of the email channel. DMARC authentication detects and prevents email spoofing techniques used in phishing, business email compromise (BEC) and other email-based attacks. Building on existing standards – SPF and DKIM –, DMARC is the first and only widely deployed technology that can make the header From domain trustworthy. The domain owner can publish a DMARC record in the Domain Name System (DNS) and create a policy to tell receivers what to do with email messages that fail authentication. It is a set of rules that when validated will ensure the email message received comes from a trusted source.

To pass DMARC alignment, email must pass either SPF alignment and authentication checks or DKIM alignment and authentication checks.

SPF Authentication checks whether the sender server is allowed to send email for this domain (domain part of the email address in the Return-Path header).
SPF Alignment checks whether the email message originates from whom the From header says it did. It does so by checking that the email addresses in the From and Return-Path headers have matching domains.
DKIM Authentication checks whether the email message includes a valid DKIM signature certifying that the message body, attachments and other parts of the email message have not been modified.
DKIM Alignment checks whether the key used for signing the email message is correct for the domain of the sender. It does so by checking that the domain part of the address in the From header matches the source domain found in the DKIM signature.