This article covers the SPF and DKIM authentication processes for Hornetsecurity and how they are managed in Valimail. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.

In order to enable our DKIM validation for incoming emails or the DKIM signature for outgoing emails, it is first necessary that you set our CNAME record in the DNS zone of your domain.

Set the following two CNAME records in the DNS zone of your domain:

hse1._domainkey.DOMAIN.TLD CNAME hse1._domainkey.hornetsecurity.com

hse2._domainkey.DOMAIN.TLD CNAME hse2._domainkey.hornetsecurity.com

For DOMAIN.TLD, enter your domain.

You can enable validation as well as signing only if your domains have valid DKIM records.

You can then activate the desired functions in the Control Panel under Security Settings -> Email Authentication.

NOTE: If you manage you domain in Valimail, you will need to add the DKIM key/s on your domain's configuration page in the Valimail platform.

You can also find the instructions on how to set up DKIM and SPF for Hornetsecurity, here.

You can find more detailed information on how to add a DKIM key in Valimail, here:

Once you establish that Hornetsecurity is an authorized sender for your domain, you will need to add the service in your Enabled Senders.

You will find more detailed information on how to add a service for your domain in Valimail, here:

Note: We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.