This article covers the SPF and DKIM authentication processes for Proofpoint Essentials and how are they managed in Valimail. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.

Each domain that sends email can be individually configured to sign outbound messages with DKIM. To enable the feature, you will need to create a new signing key, add the public key in Valimail Enforce, and verify that its been added correctly.

1. Navigate to Administration -> Account Management -> Domains.

2. Select the domain you want to configure and click the vertical ellipsis on the right-hand side of the Domains table.

3. Click the option labeled Configure DKIM.

4. A drawer will appear on the right side of the screen, listing all the currently configured DKIM keys. If this is your first time configuring DKIM, no keys will be listed. Click Create New DKIM Signing Key.

5. The form will appear asking you to specify a selector. A selector is used to locate the public key in the DNS (or in Valimail Enforce, if you publish the DKIM key there) and is not visible to end users. A value is pre-populated, but you can change it if you'd like. Click Create.

6. The resulting screen will give you the DKIM record that you need to publish in Valimail Enforce.

IMPORTANT: In Valimail Enforce, you will only add the selector and the public value of the DKIM key.

The key selector is in the above case selector-1607357288 and the value is the whole string of numbers and letters that starts after the p= tag (omitting the tag).

7. Once you've published the DKIM key in Valimail Enforce, Proofpoint will need to validate that the record was added correctly. To do so, click the Verify Key button in the key's context menu.

8. Once the key is successfully verified, outbound DKIM signing is automatically enabled for this domain.

​

You can find the instructions on how to setup DKIM in Proofpoint here.

You can find more detailed information on how to add a DKIM key in Valimail, here:

Once you establish that Proofpoint is an authorized sender for your domain, you will need to add the service in your Enabled Senders.

You will find more detailed information on how to add a service for your domain in Valimail, here:

Note: We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.