Unipark Email Compliance Guide

1. Introduction

Unipark enforces required DMARC, SPF, and DKIM policies to enhance email security, prevent spoofing, and ensure reliable email delivery. These measures align with industry best practices and help reduce risks associated with unauthorized email usage.

This guide provides essential instructions for users and institutional IT teams to comply with Unipark’s email authentication setup. Institutions must not apply these DNS changes independently. The Unipark Technical Support Team is responsible for generating the correct DNS Zone file, which is forwarded to the institution via the Unipark Support Team. Once the changes are applied, the Technical Support Team manually completes SES domain authorization to enable email sending from the configured domain.


2. Why Compliance is Required

Many email providers and institutions reject emails that do not adhere to SPF, DKIM, and DMARC policies. To ensure users can send and receive email notifications, surveys, and responses through Unipark, institutions must configure their email domains correctly by applying the required SPF, DKIM, and DMARC records. Unipark Support will coordinate with the Unipark Technical Support Team to enable SES authorization after confirming that all DNS changes have been applied correctly.


3. Understanding DMARC, SPF, and DKIM

A. SPF (Sender Policy Framework)

SPF prevents unauthorized email senders from impersonating a domain. Institutions must add the required SPF record to their DNS settings to ensure successful delivery. This is a prerequisite for SES authorization.

The required SPF record will be provided separately by Unipark Support and must be added manually.

B. DKIM (DomainKeys Identified Mail)

DKIM ensures emails sent via Unipark are authenticated using a cryptographic signature. This protects against tampering and spoofing.
Unipark’s Technical Support Team provides DKIM records as part of a zone file, which must be added to your DNS configuration. These include 3 CNAME records, which are used to validate your sending domain through AWS SES.

C. DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC builds upon SPF and DKIM to enforce email authentication policies and protect against spoofing.
It helps prevent unauthorized senders from misusing your domain and improves overall email reliability.

The required DMARC record is included in the DNS Zone file provided by Unipark Technical Support. Institutions must apply this record exactly as received. No modifications should be made to DMARC structure or policy unless approved.

 

4. How Institutions Can Enable Compliance

  • Step 1: Do not attempt to add individual records based on online checks. Always wait for the official DNS Zone file provided by Unipark Support.Step 2: Request the complete Zone file from Unipark Support.Step 3: Apply the DNS records from the zone file exactly as provided, unless your domain already has an existing DMARC TXT record. In that case, only the DKIM records should be added.Step 4: Add the required SPF record manually to your DNS. The SPF value will be provided separately by Unipark Support.

    Step 5: Inform Unipark Support once all DNS changes are live. The Unipark Technical Support Team will then enable SES authorization for your domain.

    Step 6: Test delivery of Unipark survey emails to confirm functionality.

    Please note: It may take up to 48 hours for DNS changes to propagate fully.


5. What Users Should Do

Users should ensure their institution applies the required DNS records (SPF, DKIM, and DMARC). They should contact their IT department to request the updates and coordinate with Unipark Support for proper authorization.


6. Alternative Solutions for Non-Compliant Institutions

If your institution refuses to implement Unipark’s email security policies, consider:

  1. If your institution is unable or unwilling to apply the required DNS configuration, the following alternatives may be considered:Use the fallback sender address noreply@tivian.comThis allows outbound email sending only. It will not support incoming survey replies, confirmations, or system notifications
  2. Request individual sender address verification (private domain only)
    In rare cases, Unipark Support may authorize one specific sender address through SES if domain-level DNS changes are not possible. This is subject to manual approval and setup.


7. Conclusion

Unipark’s email authentication policies help protect users from spoofing and ensure reliable communication.
To enable email sending via Unipark while staying fully compliant with EU regulations, institutional IT teams must request the official DNS Zone file from Unipark Support, apply the provided records, and manually add the required SPF entry.
Once DNS changes are complete, Unipark Support will coordinate domain authorization with the Unipark Technical Support Team.
All email delivery is handled through AWS SES, which is fully GDPR-compliant.

For further support, contact Unipark Support via:

🌍 Website: https://www.unipark.com/en/support/