SPF(supported) (dedicated subdomain)

This article covers the SPF and DKIM authentication processes for Greenhouse and how are they managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.

DKIM and SPF configuration for Greenhouse is done through a dedicated subdomain, like gh-mail.yourcompany.com

This Greenhouse dedicated subdomain will not be managed from Valimail Enforce, but from your DNS directly.


Configuring DKIM and SPF authentication for your Greenhouse emails

Because DKIM and SPF configuration for Greenhouse is done through a dedicated subdomain, the SPF, DKIM management of this subdomain will only be done in your DNS. Please follow the instructions below to make sure you set up DKIM and SPF authentication for your domain in Greenhouse.

Verify email domain in Greenhouse Recruiting

1. Click the Configure icon from the navigation bar and select Email Settings on the left.

a screenshot of a computer

2. Enter your organization's email domain in the Email Settings page and click Register.

a screenshot of a email

Ask your IT team add the files to your DNS setup

Once you've registered your company's email domain, your IT team will need to add special files (called SPF, DKIM, MX, and CNAME records) to your email configuration to complete the setup.

To automatically send directions and the files to your IT team, click Email Your I.T. Dept and enter their address in the field.

a screenshot of a computer

Note: If you don't have an IT team, look for whoever manages the DNS for your email domain. Most likely, you can forward these records to someone in your IT department, and they should know what to do.

For organizations using web hosting services with the domain implied (such as GoDaddy or SquareSpace), the records populated after clicking Email your IT Department must be edited further to successfully verify your domain.

Verify an email domain using a web host with domain implied

Certain web hosting services like GoDaddy or SquareSpace imply your organization's domain when adding DNS records. This means that your web host service will automatically append your organization's domain to all added DNS records.

Note: Please check with your IT team to see if your web hosting service implies your organization's domain when adding DNS records.

For organizations using a web hosting service that implies your domain for DNS records, you'll need to edit the Email Your IT Department email as part of the email verification process.

1. Once you've registered your domain with Greenhouse Recruiting under Configure -> Email Settings, click Email Your I.T. Department.

a screenshot of a email

2. Greenhouse Recruiting will populate the information needed by your IT team to verify your domain in an email. However, since your organization is using a web host with the domain implied, the Hostname column needs to be edited.

a screenshot of a email

3. Remove your domain from each DNS record in the Hostname column (everything after gh-mail).

Note: Because your web host already appends your domain, if these entries are not edited you'll essentially be trying to verify a duplicative record, like gh-mail.redesign.greenhouse.io.redesign.greenhouse.io, that will cause your DNS settings to fail.

a screenshot of a email

4. Once the entries are edited, click Send. Your IT Team will use these edited records to verify your domain.

You can find the instructions for the steps above here and here.

Enabling Greenhouse as an approved sender in Enforce 

In order to enable Greenhouse as a sender in Valimail Enforce, you need to add it to your configuration for your org domain (top level domain) by clicking the Enable Sender button in the UI. You will also need to add the DKIM keys in Greenhouse and set up those keys in Valimail Enforce at the bottom of the Configuration page.

Once you establish that Greenhouse is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.

1. Please go to your domain's Configuration page in Enforce.

2. Click on the + sign from the Enabled Senders section:

a screenshot of a email

3. Choose Greenhouse from the list of configurable senders and then click Enable:

a screenshot of a computer

We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.

Note: Some customers who use Greenhouse on the top level, or org domain only, have reported that they have seen Greenhouse messages stop being sent in an aligned manner. This can happen because Greenhouse has an automated script to check for a particular include value being set in your SPF record. They cannot parse the standard SPF record we provide our customers and one of two things needs to happen:

  • You can explicitly add their include before our standard record until the validation step has occurred 
  • You can contact Greenhouse Support and they will override this check.

Adding the Greenhouse dedicated subdomain to Enforce

Although the DMARC authentication is done in your DNS for this Greenhouse dedicated subdomain, we also recommend that you add the subdomain to your domain's Configuration page in Enforce. This is needed for tracking and classification purposes with respect to the DKIM keys and future email traffic associated with this subdomain.

1. On the Configuration page in Enforce, click on the Add an Email Domain button on the far left side of the Your Email Domains section.

a white rectangular object with a black border

2. Add the Greenhouse subdomain in the Name field, select Greenhouse as the Email service provider and make sure you check the box for This domain will only be used for s single sender.

a screenshot of a web page

Add a Greenhouse DKIM key in Enforce

1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.

    a. Scroll down and add the two DKIM keys in your configuration, by clicking on Add a DKIM key

    b. Enter the selector name, the DKIM TXT value (the actual value is the entire string after the p= tag), associate the key with Greenhouse service and dedicated subdomain and then click Add.

a screenshot of a computer

a white background with black dots

You can find more detailed information on how to add a DKIM key in Valimail Enforce here.

As always, if you have any questions, please don't hesitate to submit a ticket.