This article covers the SPF and DKIM authentication processes for Cisco Cloud Email Security and how they are managed in Valimail. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.

1. Login to Cisco Cloud Email Security console and go to Mail Policies -> Signing Keys and select Add Key...

2. Name the DKIM key and either generate a new private key or paste in an existing one. (Best practice is to select the 2048 option for key encryption).

3. Commit the changes.

4. Go to Mail Policies -> Signing Profiles and click Add Profile...

a. Give the profile a descriptive name in the field Profile Name.

b. Enter your domain in the field Domain Name.

c. Enter a new selector string into the field Selector.

d. Select the DKIM signing key created in the previous section in the field Signing Key.

e. Click Submit.

Note: The selector is an arbitrary string that is used to allow multiple DKIM DNS records for a given domain.

5. From here, click Generate in the column DNS Text Record for the signing profile you just created.

6. Commit the changes.

7. Now you will need to add the generated DKIM key in Valimail Enforce. (In Enforce you will only be adding the DKIM selector and the exact TXT value of the key - like the bolded italics ones below).

selector2._domainkey.example.com. IN TXT "v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMaX6wMAk4iQoLNWiEkj0BrIRMDHXQ7743OQUOYZQqEXSs+jMGomOknAZJpjR8TwmYHVPbD+30QRw0qEiRY3hYcmKOCWZ/hTo+NQ8qj1CSc1LTMdV0HWAi2AGsVOT8BdFHkyxg40oyGWgktzc1q7zIgWM8usHfKVWFzYgnattNzyEqHsfI7lGilz5gdHBOvmF8LrDSfNKtGrTtvIxJM8pWeJm6pg6TM/cy0FypS2azkrl9riJcWWDvu38JXFL/eeYjGnB1zQeR5Pnbc3sVJd3cGaWx1bWjepyNQZ1PrS6Zwr7ZxSRa316Oxc36uCid5JAq0z+IcH4KkHqUueSGuGhwIDAQAB;"

8. Go to Mail Policies -> Signing Profiles.

9. Under the column Test Profile, click Test for the new DKIM signing profile.

Turn DKIM signing on

10. After the test is confirmed successful, you will need to turn DKIM signing on. Go to Mail Policies -> Mail Flow Policies.

11. Go to each mail flow policy that has the Connection Behavior of Relay and turn Domain Key/DKIM Signing to On.

You can also find the instructions on how to set up DKIM for Cisco Cloud Email Security here.

You can find more detailed information on how to add a DKIM key in Valimail, here:

Once you establish that Cisco Cloud Email Security is an authorized sender for your domain, you will need to add the service in your Enabled Senders.

You will find more detailed information on how to add a service for your domain in Valimail, here:

Note: We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.