TABLE OF CONTENTS


Summary

Many workflows in Source depend on email, e.g. when you request document uploads. You can customise the email address from First AML’s default email address (noreply@firstaml.com) to your organisation’s email address (e.g. noreply@customername.com).

 

This guide outlines the process on how to set up a custom email domain on Source. This is typically handled by your IT administrator.


*Please note that this is only available to Optimise and Transform subscriptions. 


Before you begin

Before you start setting up a custom email domain, decide on the following:

Display name: The name that appears as the sender. Example: X Company Compliance Team. 

Mailbox name: The name of the mailbox/sender. Example: noreply@ or compliance@. 

Domain name: The domain to use for your email. Example: x-company.com.


How to connect your domain name to Source

Step 1. Send your selected display, mailbox and domain name(s) to First AML via product@firstaml.com.

Step 2. Once First AML has received your selected custom email domain details, we will configure our system to send emails from your selected address.

As part of this, First AML generates DNS records (CNAMEs) that must be added to the domain (which has been selected previously). These verify that the email is legitimate and can be trusted, and don’t get classified as spam.

Step 3. First AML then provides the DNS records to your IT administrator via email.

Step 4. After the DNS records have been configured by your IT administrator, notify us via product@firstaml.com.

Step 5. On receipt of your notification, our team will validate the DNS records and enable sending emails from your new custom email domain.

That's it! Once these steps are completed, you'll be able to send and receive emails using your custom email domain.


Understanding domain authentication (DKIM, SPF, and DMARC)


Our platform allows you to send emails using your own domain (for example, you@yourcompany.com) while ensuring they pass modern email authentication checks such as DKIM and SPF.


When an email is received, the recipient’s mail server automatically performs checks to verify that it’s legitimate. One of these is DKIM (DomainKeys Identified Mail), which confirms that the message came from your domain and hasn’t been modified in transit.


Here’s what happens behind the scenes:


1. Domain authentication (DKIM)

When you add the CNAME records we provide, they delegate specific DNS entries (for example, selector._domainkey.yourdomain.com) to our system.


This allows us to cryptographically sign all outgoing emails with a DKIM signature that matches your domain. Email providers like Gmail and Outlook then verify this signature to confirm the message was authorised by your domain and is safe to deliver.


2. Alignment with SPF and DMARC

Because emails are sent from our mail servers on behalf of your domain, the DKIM signature ensures alignment with your DMARC policy.


You can also choose to update your SPF record to include our sending domain, which can further improve deliverability.


3. No need for direct access or private keys

By using CNAME records, you don’t need to upload private keys or manage cryptographic settings yourself.
Our system securely handles key rotation and signing automatically, maintaining best practices for authentication, security, and deliverability.


Once DNS verification is complete, all emails sent from your account will appear as if they were sent directly from your domain, while passing DKIM, SPF, and DMARC checks for maximum trust and inbox placement.



What if someone emails that custom address?

It is up to you to decide and configure how emails to your custom domain are handled. Typically your IT administrator will follow one of two approaches:

  1. A shared mailbox that is monitored by your AML team, or
  2. A rejection rule that doesn't accept email to the 'noreply' mailbox. The rejection rule notifies the sender that the mailbox is unmonitored, and doesn't accept the email.


The 'rejection rule' approach is usually simpler for your team as this encourages clients to upload their data directly into the FirstAML platform, instead of sending it via email. 



SPF records

If you would like to update your SPF records, you can add the following:
This will authorise our dedicated sending IPs and improve deliverability of emails. Those domains point to specific SPF records we keep up to date with our dedicated sending IPs, so they should always stay up to date.


Need help?

If you run into any difficulties, please get in touch with your Customer Success Manager or contact us via support@firstaml.com.

.