Mail service: Connect your e-mail account

Mail service: Connect your e-mail account

"AudiencePlayer is NOT a generic hosting provider, meaning you cannot purchase mail hosting with AudiencePlayer. However AudiencePlayer can CONNECT with an existing mail account to send mails in your name, which in general looks better than consumers receiving mails from sender "AudiencePlayer".

The AudiencePlayer platform sends various automated e-mail messages to your consumers, for instance to reset a forgotten password, notify them of a purchase, etc.
Of course it looks MUCH better if these e-mails are sent in your name instead of having a sender address "no-reply@audienceplayer.com".
Therefore, we strongly advise you to set up a dedicated e-mail account, which you will also use for your 1st line consumer support (e.g. "support@yourcompany.com").
AudiencePlayer can then use this mail account to send automated mails. Should a consumer now have a question regarding an automated mail, they can simply reply to it and reach you. 

Connecting your e-mail account

As such, please setup an e-mail account (e.g. via your domain hosting provider, or simply via Google) and connect it to AudiencePlayer, considering the following:
  1. Please ensure that your mail account supports "Authenticated SMTP". Depending on your provider, you may need to configure an "app password" (please see the notes below).

  2. From your provider, please collect all the necessary info which you can configure in the CMS (see screenshot below). The most important ones are:
    1. Outgoing mailserver address (often also called "smtp-host-server, for example: "smtp.yourcompany.com" or "smtp.gmail.com").
    2. Outgoing mailserver port (e.g. 587, 465, etc).
    3. username
    4. password

  3. You can configure and validate your settings in the CMS by going to: Project configuration > Mail Service > Settings > Mailbot credentials.
    Additionally you can also use independent tools to verify your credentials, such as: dotcom tools.


App Specific passwords

Most of our customers use either their own hosting provider or Google Mail for their outbound mail accounts: Note that with some providers, such as Google, it is necessary to create an "app specific password", because our mailbot sends emails automatically and cannot complete interactive multi-factor authentication.

For Google Gmail

Please refer to the following information: Google Account Help.

For Microsoft Azure / Office 365

Please refer to the following information: How to get and use app passwords.

Important: This Microsoft app-password feature is only available for certain legacy scenarios and accounts. Many customers have reported that it is unavailable in their Office 365 tenant due to MFA and security restrictions.

When Microsoft app-specific passwords cannot be created

If Microsoft’s app-password option is not available in your Office 365 environment (which is common due to MFA enforcement), you will need to use an alternative OAuth2-based method.

☞ Note: The following information outlines a technical workaround. It is provided by AudiencePlayer strictly on an “AS IS” basis (time of writing: September 2023). AudiencePlayer cannot offer additional support on this route. For updates, please refer to Microsoft’s documentation or contact Microsoft support directly.

At the time of writing, many Office 365 customers found it difficult to obtain app passwords, since Microsoft’s MFA controls make this unnecessarily complex. In such cases, a more technical OAuth2 approach is available, which requires creating an App Registration in the Azure Portal.

Once you have created an App Registration, you will obtain the following values:
Client ID
Client Secret
OAuth 2.0 Token Endpoint
With these three values you can generate an access token using the curl command below. (See the attached PDF for explanations on where to locate these three values).
This access token can then be encoded into a valid XOAUTH2 app-specific password for your mail script.
  1. STEP 1: Obtain an access token
    Run the following curl command in a Linux shell:
    1. curl -X POST "{token_endpoint_url}" -H "Content-Type: application/x-www-form-urlencoded" --data-urlencode "client_id={client_id}" --data-urlencode "client_secret={client_secret}" --data-urlencode "scope=https://outlook.office365.com/.default" --data-urlencode "grant_type=client_credentials"

  2. STEP 2: Generate the XOAUTH2 password
    Once the access token has been retrieved, convert it into an XOAUTH2 string (i.e. your "app specific password"), by running the following command in a Linux shell:
    1. echo -n "user={email_username}"$'\x01'"auth=Bearer {obtained_access_token}"$'\x01'$'\x01' | base64

    Variables Used
    {token_endpoint_url} – OAuth 2.0 token endpoint from your App Registration
    {client_id} – Client ID of the App Registration
    {client_secret} – Client Secret of the App Registration
    {obtained_access_token} – Access token retrieved with the curl command
    {email_username} – Email address or username associated with the mailbox

Other examples

A few other examples of supported providers: www.hostnet.nl, www.mailfence.com, www.sendgrid.com.

Configuration of your mail server domain

Ideally sending mail must not be bound by IP-restrictions, however major providers, like Google Mail, are continuously tightening the regulations. As of February 1st 2024, Google requires you to configure certain DNS-records ("SPF", "DKIM" and "DMARC") to ensure Google Mail users are still able to receive mails. Failing to configure these records, will likely lead to Google Mail Users NOT being able to receive e-mails sent from your domain.
  1. → Note that this may likely affect you regardless of your setup with AudiencePlayer! For more information, please see: https://support.google.com/a/answer/33786?hl=en.
  2. → Note that Our platform mailbot may send e-mails from different IP-addresses. We recommend you use them in your SPF-records. For an updated overview of our IP-addresses, please see: AudiencePlayer IP addresses

Example of an SPF-record for your mail server domain, which includes the AudiencePlayer IP-addresses, as well as Google's own domain:
"v=spf1 mx a ptr ip4:34.243.28.105/32 ip4:34.248.188.241/32 ip4:34.249.200.251/32 ip4:34.241.35.83/32 ip4:34.242.125.210/32 ip4:54.74.179.114/32 ip4:52.17.3.241/32 include:_spf.google.com ?all"

If you need help setting up SPF-records, we recommend you contact your own administrator and make the following request (substitute "yourdomain.com" with your own domain name):
Dear madam/sir,
Please assist me in configuring SPF/DKIM and DMARC records for the domain name.
With regard to the SPF-records, please ensure that the IP-addresses below are included (should a SPF-record already assist, please expand it with given IP-addresses and include-statements).

TXT    yourcompany.com     "v=spf1 mx a ptr ip4:34.243.28.105/32 ip4:34.248.188.241/32 ip4:34.249.200.251/32 ip4:34.241.35.83/32 ip4:34.242.125.210/32 ip4:54.74.179.114/32 ip4:52.17.3.241/32 include:_spf.google.com ?all"