Skip to main content
Xoxoday supports sending all platform-generated emails from your company’s own domain or subdomain by authorising its email infrastructure through standard DNS records — SPF, DKIM, and optionally DMARC.
When employees receive a reward or recognition notification, an email arriving from a familiar company domain carries far more weight than one from an unrecognised third-party sender. Xoxoday supports custom sender domains so that all platform-generated communications — reward notifications, redemption confirmations, program announcements, and expiry reminders — appear to come directly from your organisation.

Setting Up DNS Authentication

Enabling this requires three DNS record types on your domain. SPF (Sender Policy Framework) authorises Xoxoday’s mail servers to send on your domain’s behalf. DKIM (DomainKeys Identified Mail) adds a cryptographic signature that destination mail servers verify to confirm the message is genuine. DMARC is optional but strongly recommended: it sets a policy for how receiving servers handle messages that fail SPF or DKIM checks, and it provides delivery reporting back to your team. Xoxoday’s implementation team supplies the exact DNS record values during onboarding. Most enterprise DNS management consoles support these records natively, making this a one-time configuration step with no ongoing maintenance required.

What Changes for Employees

Once the DNS records are live, employees using HRIS platforms such as Workday, SAP SuccessFactors, or Darwinbox receive Xoxoday emails that display your company’s sending domain in the “From” field. Subject lines, body content, and email signatures remain fully customisable, allowing your organisation to match its communication style and branding guidelines exactly. A practical example: if your organisation runs its rewards programme through a subdomain like rewards.yourcompany.com, Xoxoday sends all notifications from that address. Employees recognise the sender immediately, and IT retains full DNS-level control over the authorised sending infrastructure.

Deliverability and Spam Reduction

Modern email providers — including Microsoft Exchange and Google Workspace — increasingly route unverified sender domains to spam or junk folders. Aligning Xoxoday’s outbound emails with your domain’s SPF and DKIM records significantly reduces the chance of platform communications being filtered before employees see them. This matters most for time-sensitive messages such as reward expiry reminders and milestone recognition alerts. For organisations operating under security frameworks such as ISO 27001 or SOC 2 Type II, authenticated third-party email flows also support audit requirements around external communication channels and data governance.

Brand Consistency Across Every Touchpoint

Your employees interact with Xoxoday emails as an extension of your employer brand, not as messages from an external vendor. Custom sender domains close the gap between the product experience and your organisation’s identity — reinforcing trust at every notification touchpoint without requiring employees to learn a new sender address. Learn more: Xoxoday Help Centre — Back-end integration

DNS Email Authentication Setup

Step-by-step guidance for configuring SPF, DKIM, and DMARC records to authorise Xoxoday as a trusted sender on your domain.

Custom Email Templates and Branding

Customise subject lines, body content, and signatures for all Xoxoday platform notifications to match your organisation’s brand guidelines.