How can we help?

IMS Onboarding FAQ

Do I need to own the domain that we use for IMS?

 

Yes (typically), we offer a White Label Service for IMS's Portal. So, you will need to own the domain we use when branding your IMS Portal. We can but it's not recommended use your companyname.imscre.net for your company name for your IMS Portal but you lose the White Label Service we're known for.

 

Do I need to use the same domain for my system emails as my IMS Portal domain?

 

No, we have the ability to send emails and host your portal on different domains

(ie. IMS Portal: investors.CompanyWebsite.com Email Sending Address: info@CompanyEmail.com)

 

  The only main requirements for your IMS portal us:

  1. You need to own the Domain(s)
  2. Have access to add the DNS records (you company or a technical 3rd party)
  3. Have email setup to receive for the sending domain (email deliver can be different than the portal domain)

 

Do I need a professional IT person on staff to assist with our Onboard to IMS?

 

Depending on the size and complexity of your portfolio, you may need to have a technical resource to assist with your company’s setup on our service. If your company is looking to just link to our service for an investor portal and has limited past deals, we can assist with offering a fairly painless onboard over to our Investment Portal. Some investment portals with no past deals have taken as little as 30 minutes to an hour to get started setup.

 

What's needed by my company to get an onboard portal setup?

 

    - We need graphics for your web portal.

    - Past deal histories

    - A domain to send emails from and host your investment portal

      -- The email domain and investment portal do not need to match.

      -- You need to own the Domain(s)

      -- Have access to add the DNS records (you company or a technical 3rd party)

      -- Have email setup to receive for the sending domain (email deliver can be different than the portal domain)

 

What is DNS?

 

Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses.

 

This is necessary because, although domain names are easy for people to remember, computers or machines, access websites based on IP addresses.

 

Information from all the domain name servers across the Internet are gathered together and housed at the Central Registry. Host companies and Internet Service Providers interact with the Central Registry on a regular schedule to get updated DNS information.

 

When you type in a web address, e.g., www.investormanagementservices.com, your Internet Service Provider views the DNS associated with the domain name, translates it into a machine friendly IP address (for example 104.155.150.225 is the IP for investormanagementservices.com) and directs your Internet connection to the correct website.

 

After you register a new domain name or when you update the DNS servers on your domain name, it usually takes about 1-36 hours for the domain name servers world-wide to be updated and able to access the information. This 36-hour period is referred to as propagation.

 

What is a SPF DNS records?

 

Sender Policy Framework (SPF) is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain's administrators. The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record. Email spam and phishing often use forged "from" addresses, so publishing and checking SPF records can be considered anti-spam techniques.

 

  More information on SPF Records can be found on:

    - https://mandrill.zendesk.com/hc/en-us/articles/205582267-About-SPF-and-DKIM

    - https://en.wikipedia.org/wiki/Sender_Policy_Framework

    - http://www.openspf.org/

  Testing Tools:

    - http://www.kitterman.com/spf/validate.html

    - https://mxtoolbox.com/spf.aspx

 

What is a DKIM Key?

 

Domain Keys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing. It allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. [1] It is intended to prevent forged sender addresses in emails, a technique often used in phishing and email spam.

 

In technical terms, DKIM lets a domain associate its name with an email message by affixing a digital signature to it. Verification is carried out using the signer's public key published in the DNS. A valid signature guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed. [2] Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than message's authors and recipients. In that respect, DKIM differs from end-to-end digital signatures.

 

More Resources on DKIM Keys can be found here:

    - https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

    - https://mandrill.zendesk.com/hc/en-us/articles/205582267-About-SPF-and-DKIM

 

What is HTTP vs HTTPS?

 

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.

 

Web browsers such as Internet Explorer, Safari, Firefox and Chrome also display a padlock icon in the address bar to visually indicate that a HTTPS connection is in effect.

 

What is a SSL/HTTPS Certificate?

 

A SSL Certificate (Secure Sockets Layer), also called a Digital Certificate or a HTTPS Certificate, creates a secure link between a website and a visitor's browser. By ensuring that all data passed between the two remains private and secure, SSL encryption prevents hackers from stealing private information such as credit card numbers, names and addresses.

 

When you request a HTTPS connection to a webpage, the website will initially send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session. Based on this initial exchange, your browser and the website then initiate the 'SSL handshake'. The SSL handshake involves the generation of shared secrets to establish a uniquely secure connection between yourself and the website.

 

When a trusted SSL Digital Certificate is used during a HTTPS connection, users will see a padlock icon in the browser address bar.

 

More resources about SSL certificates can be found:

   - https://aws.amazon.com/certificate-manager/faqs/

   - https://www.sslshopper.com/why-ssl-the-purpose-of-using-ssl-certificates.html

   - https://www.godaddy.com/help/what-is-an-ssl-certificate-542

 

Why Is a SSL Certificate Required?

 

All communications sent over regular HTTP connections are in 'plain text' and can be read by any hacker that manages to break into the connection between your browser and the website. This presents a clear danger if the 'communication' is on an order form and includes your credit card details or social security number. With a HTTPS connection, all communications are securely encrypted. This means that even if somebody managed to break into the connection, they would not be able decrypt any of the data which passes between you and the website.

 

What are the benefits of HTTPS over HTTP?

 

The major benefits of a HTTPS certificate are:

    - Customer information, like account information, is encrypted and cannot be intercepted

    - Protects Login Credentials for clients

    - Visitors can verify you are a registered business and that you own the domain

    - Customers are more likely to trust sites that use HTTPS

 

What is Mandrill?

 

Mandrill is an email infrastructure service IMS uses on your behalf to send personalized, one-to-one e-commerce emails, or automated transactional emails.

 

With Mandrill, IMS can send emails through the Mandrill API or SMTP integration. With the Mandrill API, you can send emails, get information about your account, and view or parse reporting data in your own app or system.

 

Why does IMS use Mandrill for Emails?

 

IMS uses Mandrill to send emails such as password resets, system messages and other important communication to your clients to track reads and open rates for the IMS portal. This service gives you transparency into how your contact messages are processed.

 

More information about Mandrill can be found at:

   - https://mandrill.com/

 

When are Mandrill Emails sent and what address is used?

 

IMS prides itself on offering a White label service. During the Initial On-Board onto our service we setup and email address and DNS entries that allow us to send from your domain. These emails are from an address on your domain and appear as if your company has sent the messages.

 

What initial technical setup is needed on our side to use the IMS Platform?

 

The timeline of IMS's on-boarding is generally defined by the size and complexity of your portfolio. To have access to the basic functions of your IMS portal site, we will need to have the following items in place:

 

  -- We need graphics for your web portal.

  -- A domain to send emails from and host your investment portal

  -- The email domain and investment portal do not need to match.

  -- You need to own the Domain(s)

  -- Have access to add the DNS records (you company or a technical 3rd party)

  -- Have email setup to receive for the sending domain (email deliver can be different than the portal domain)

 

What DNS entries will need to be added so our portal site can be hosted by IMS?

 

IMS provides a White Label Service and requires DNS entries so the internet traffic can route to oure servers. Generally, we need 3 main DNS entries to be added.

 

CNAME Record

    IMS needs a CNAME to be created to send traffic to your IMS portal. Generally, this record would be something such as investments. [YourDomainName] pointed to [YourCoreDomainName].imscre.net. (ie investments.mycompanyname.com CNAMED to mycompanyname.imscre.net)

 

A typical IMS CNAME record would look like:

      Record Type: CNAME

      TTL: 30 minutes or 1800 seconds

      Host: investors

      Value: mycompanyname.imscre.net

 

SPF TXT Record

    We need to add Mandrill as an approved email sender for your domain. If you already have a SPF record in place these rules may not apply. IMS's Operations team sends an email specific to your domain's SPF record needs during the initial onboard process.

 

A typical IMS SPF record would look like:

      Record Type: TXT

      TTL: 30 minutes or 1800 seconds

      Host: @

      Value (without quotes): "v=spf1 a mx include:spf.mandrillapp.com ~all"

 

Some of the main rules for the SPF record are:

     - A SPF record must be a TXT DNS record.

     - A domain may not have more than one TXT SPF record to be used by foreign mailservers

     - SPF records need to be set for the core of your domain (ie mycompanydomain.com not www.mycompanydomain.com)

     - The SPF record must begin with: v=spf1

     - The SPF record must end with one of the following: (?all, ~all, or -all)

 

Mandrill DKIM Key

    Our email remailer service Mandrill signs every email they send with an email key. These signatures notify your client's mail servers that the email sent is authentic and sent on the behalf of your company and is not unsolicited or junk email. The following DNS TXT record should be added to accomplish this verification.

 

    The DKIM Key for Mandrill should be:

      Record Type: TXT

      TTL: 30 minutes or 1800 seconds

      Host: mandrill._domainkey

      Value (without quotes): "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB;"

 

These records are an example and may change depending on how your domain name. Sometimes minor adjustments are needed to assure your site is available and email deliver isn't affected. An email is typically sent from our Operation Team outlining the records needed for your domain's DNS.

 

I'm not technical or I don't have an IT staff and these DNS entries seem complicated, how do I accomplish this?

 

IMS's main goal is to position you to succeed. Our operations team generates a detailed email to give you the individual DNS records needed for the onboarding onto our portal. We can usually walk you through adding these records easily with a Zoom meeting or some other screen share. When you receive your personalized onboarding email you can call or email the sender to get additional assistance with adding these records.

 

These calls normally take ~15-30 minutes to accomplish all the DNS entries and are usually as simple as updating a web form. To add these records, you will need access to whomever hosts your DNS. These are usually GoDaddy, NameCheap, GSuite, Wix or some other similar service.

 

How can I find out where my DNS changes need to be made?

 

Usually DNS is managed by the Registrar that you purchased your domain through. Typically, GoDaddy or some other similar services manages DNS on the behalf of your domain.

 

I'm not technical or I don't have an IT staff, can I just give you our Login's and you update all these records?

 

IMS's goal is to make the onboard process as simple and easy as possible. Because of the sensitivity of sharing passwords, we recommend you take advantage of the onboarding assistance usually provided by our operations group for the initial onboarding. We can host a zoom meeting and typically get the DNS records setup with a 15-30-minute call.

 

Who issues IMS's SSL certificates?

 

IMS utilizes Amazon Web Services (AWS) for its main back office offering. Our SSL certificates are issued using their tools and generally auto-renews as long as the certificate is attached to an AWS service.

 

How does AWS verify domain ownership for SSL certificates?

 

Amazon Web Services (AWS) certificate tools uses email validation for domain ownership verification. An email will be sent to the Technical, Administrative and Informational contacts for your domain. These are set or can be updated where you registered your domain, generally GoDaddy or a similar service. The email verification is also sent to admin, administrator, hostmaster, postmaster, and webmaster at your domain. These are hold over addresses typically reserved for Administrators of a domain. Only one email address is needed to approve the SSL certificate.

 

Do I need to purchase my own SSL certificate?

 

IMS does not require the purchase of an SSL certificate. We host our services with Amazon Web Services (AWS) and their SSL certificate are offered free of charge if applied to an AWS product.

 

Can I purchase my own SSL certificate?

 

Yes, but it is not advised. Amazon Web Services issues SSL certificates that are included in the cost of providing services to your Clients. Once verified these SSL certificates typically auto-renew on your behalf and create an easier to manage service for your company and our operation team.

 

Where is my Investment Portal hosted?

 

IMS uses Amazon Web Services to host the majority of its Portal and back office services. IMS has also leveraged relationships with online services such as Mandrill and DocuSign to enhance our offerings to your clients and investors. We continually work to look for new technologies and services that will allow for a more enhanced service offing to your clients and investors.

 

Does IMS update our main website?

 

No, if you are interested in a service that outsources your website maintenance, we have a partnership with Torchlite who can handle that for you. See more information here: https://torchlite.com/.

 

What does IMS do to provide Security for my customers and company?

 

IMS manages its servers and tools on Amazon Web Services. We continually audit how our information is stored and place rules and procedures around the care of customer data. Through security rules, encryption tools and strategic data placement and other industry standard procedures we work to limit exposure of our clients’ data. We also utilize technologies such as encryption at rest, data transport security and firewall technology to assure the storage and transport of our data

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request