Skip to main content

Legal

Tax & Accounting

Trade & Supply

Risk & Fraud

News & Media

Books

Developers

Alerts and notifications

DMARC/DKIM support

We support DMARC (Domain-based Message Authentication, Reporting & Conformance) and DKIM (DomainKeys Identified Mail), which are email authentication protocols designed to improve email security and reduce spam, phishing, and spoofing.

Feature description

DMARC (Domain-based Message Authentication, Reporting & Conformance):
  • Purpose:
     DMARC builds on the SPF and DKIM protocols, providing a way for domain owners to specify how unauthenticated emails should be handled.
  • How it works:
     Domain owners publish a DMARC policy in their DNS records. This policy tells receiving mail servers what to do if an incoming email fails SPF and/or DKIM checks. Options include monitoring the email, quarantining it, or rejecting it.
  • Benefit:
     It helps domain owners protect their domain from being used in email spoofing, provides visibility into unauthorized use of their domain, and helps reduce spam and phishing attacks.
DKIM (DomainKeys Identified Mail):
  • Purpose:
     DKIM lets an organization take responsibility for a message that is in transit. This is achieved by affixing a digital signature linked to a domain name.
  • How it works:
     It uses a pair of cryptographic keys, 1 private and 1 public. The private key is used by the sender to generate a unique signature for each outgoing email. The public key is published in the domain's DNS records, so recipients can verify that the email hasn’t been altered and truly comes from the stated domain.
  • Benefit:
     It helps verify the authenticity of the sender and ensures that the message hasn’t been tampered with during transit.
Together, DKIM and DMARC, along with SPF (Sender Policy Framework), form a robust defense mechanism against email-based threats, ensuring better email security and authenticity.

Configuration on your domain

Add our SPF record to your domain
If you aren't sending emails from
@thomsonreuters.com
 or
@tr.com
 addresses, update the SPF record for your domain to include the following text:
INCLUDE: SPF.RELAY.THOMSONREUTERS.COM
If you don't have or don't know what an SPF record is, contact our team or the ISRM Email Security Team for further guidance.
Add DKIM to your domain
If you aren't sending emails from
@thomsonreuters.com
 or
@tr.com
 addresses, consider enabling DKIM.
DKIM enables a sender to prove that they have control over a given domain (they can create DNS entries) and it signs each email using a key (referenced via DNS) that lets the recipient verify that the email was sent by an approved sender for that domain.
Add the following 2 DNS entries to your email domain:
  • IHN1._DOMAINKEY.<YOUR-DOMAIN> CNAME TARGET= IHN1DKIM.THOMSON REUTERS.COM.
  • IHN2._DOMAINKEY.<YOUR-DOMAIN> CNAME TARGET= IHN2DKIM. THOMSON REUTERS.COM.
Add DMARC to your domain
If you aren't sending emails from
@thomsonreuters.com
 or
@tr.com
 addresses, consider enabling DMARC.
DMARC set up is potentially complex and has a number of prerequisites. Incorrectly configured DMARC may be damaging to email deliverability, so only configure it once you are confident that you have a viable and verified configuration.

Update Legal Tracker

Customers need to advise TR of the domains that they want to send emails from. Once the customer has applied the necessary DNS records to their domain, contact Support or Customer Success for the necessary updates to be made to Legal Tracker. Once the ticket has been completed, support for DMARC/DKIM will be active.

This article applies to:

  • PRODUCT: Legal Tracker
  • Audiences: Company