SPF(supported) (dedicated subdomain) DKIM(recommended)
This article covers the SPF and DKIM authentication processes for Greenhouse and how are they managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.
DKIM and SPF configuration for Greenhouse is done through a dedicated subdomain, like gh-mail.yourcompany.com
This Greenhouse dedicated subdomain will not be managed from Valimail Enforce, but from your DNS directly.
TABLE OF CONTENTS
- Configuring DKIM and SPF authentication for your Greenhouse emails
- Verify email domain in Greenhouse Recruiting
- Ask your IT team add the files to your DNS setup
- Verify an email domain using a web host with domain implied
- Enabling Greenhouse as an approved sender in Enforce
- Adding the Greenhouse dedicated subdomain to Enforce
- Add a Greenhouse DKIM key in Enforce
Configuring DKIM and SPF authentication for your Greenhouse emails
Because DKIM and SPF configuration for Greenhouse is done through a dedicated subdomain, the SPF, DKIM management of this subdomain will only be done in your DNS. Please follow the instructions below to make sure you set up DKIM and SPF authentication for your domain in Greenhouse.
Verify email domain in Greenhouse Recruiting
1. Click the Configure icon from the navigation bar and select Email Settings on the left.
2. Enter your organization's email domain in the Email Settings page and click Register.
Ask your IT team add the files to your DNS setup
Once you've registered your company's email domain, your IT team will need to add special files (called SPF, DKIM, MX, and CNAME records) to your email configuration to complete the setup.
To automatically send directions and the files to your IT team, click Email Your I.T. Dept and enter their address in the field.
Note: If you don't have an IT team, look for whoever manages the DNS for your email domain. Most likely, you can forward these records to someone in your IT department, and they should know what to do.
For organizations using web hosting services with the domain implied (such as GoDaddy or SquareSpace), the records populated after clicking Email your IT Department must be edited further to successfully verify your domain.
Verify an email domain using a web host with domain implied
Certain web hosting services like GoDaddy or SquareSpace imply your organization's domain when adding DNS records. This means that your web host service will automatically append your organization's domain to all added DNS records.
Note: Please check with your IT team to see if your web hosting service implies your organization's domain when adding DNS records.
For organizations using a web hosting service that implies your domain for DNS records, you'll need to edit the Email Your IT Department email as part of the email verification process.
1. Once you've registered your domain with Greenhouse Recruiting under Configure -> Email Settings, click Email Your I.T. Department.
2. Greenhouse Recruiting will populate the information needed by your IT team to verify your domain in an email. However, since your organization is using a web host with the domain implied, the Hostname column needs to be edited.
3. Remove your domain from each DNS record in the Hostname column (everything after gh-mail).
Note: Because your web host already appends your domain, if these entries are not edited you'll essentially be trying to verify a duplicative record, like gh-mail.redesign.greenhouse.io.redesign.greenhouse.io, that will cause your DNS settings to fail.
4. Once the entries are edited, click Send. Your IT Team will use these edited records to verify your domain.
Enabling Greenhouse as an approved sender in Enforce
In order to enable Greenhouse as a sender in Valimail Enforce, you need to add it to your configuration for your org domain (top level domain) by clicking the Enable Sender button in the UI. You will also need to add the DKIM keys in Greenhouse and set up those keys in Valimail Enforce at the bottom of the Configuration page.
We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.
Note: Some customers who use Greenhouse on the top level, or org domain only, have reported that they have seen Greenhouse messages stop being sent in an aligned manner. This can happen because Greenhouse has an automated script to check for a particular include value being set in your SPF record. They cannot parse the standard SPF record we provide our customers and one of two things needs to happen:
- You can explicitly add their include before our standard record until the validation step has occurred
- You can contact Greenhouse Support and they will override this check.
Adding the Greenhouse dedicated subdomain to Enforce
Although the DMARC authentication is done in your DNS for this Greenhouse dedicated subdomain, we also recommend that you add the subdomain to your domain's Configuration page in Enforce. This is needed for tracking and classification purposes with respect to the DKIM keys and future email traffic associated with this subdomain.
1. On the Configuration page in Enforce, click on the Add an Email Domain button on the far left side of the Your Email Domains section.
2. Add the Greenhouse subdomain in the Name field, select Greenhouse as the Email service provider and make sure you check the box for This domain will only be used for s single sender.