If you need to remove a domain from Authenticate, first decide whether you want to keep it in reporting-only mode or remove it entirely.

Reporting-Only Mode

In this mode, you simply keep Valimail in your DMARC policy as a recipient of DMARC aggregate reports. 


1. Change your SPF record for the domain

• Formulate SPF records for the domain and any relevant subdomains. You can list include statements for services and and IP addresses based on what you captured in Step 1

• Publish the updated SPF records to your DNS

• Make sure to remove all references to Valimail


2. Stop pointing DKIM to Valimail

• Ensure that you’ve published all your DKIM keys from Step 2 in your DNS

• Remove the NS record in your DNS for _domainkey

• Be sure to do this for all subdomains


3. Stop pointing DMARC to Valimail

• Capture the exiting DMARC TXT record and preserve your policy (p=)

• Remove the NS record in your DNS for _dmarc

• Publish your own DMARC TXT record for your domain

• Retain visibility by keeping Valimail in your DMARC record with rua=mailto:dmarc_agg@vali.email;



Remove the Domain Entirely


1. Capture list of enabled services

• Take notes or screenshots of all services and netblocks that have been configured in Valimail

• Ensure you capture this data for all domains/sub-domains


2. Capture and recreate all DKIM keys

• Document the keys and values for all configured DKIM keys in Valimail

• Publish the DKIM keys and values in your DNS

• Do this for all domains/sub-domains


3. Change your SPF record for the domain

• Formulate SPF records for the domain and any relevant subdomains. You can list include statements for services and and IP addresses based on what you captured in Step 1

• Publish the updated SPF records to your DNS

• Make sure to remove all references to Valimail

• Optional: you can find your old SPF record for the domain if you convert it to reporting-only first, then navigate to the domain from the main navigation sidebar and click "See More" at the top of the page.


4. Stop pointing DKIM to Valimail

• Ensure that you’ve published all your DKIM keys from Step 2 in your DNS

• Remove the NS record in your DNS for _domainkey

• Be sure to do this for all subdomains


5. Stop pointing DMARC to Valimail

• Capture the exiting DMARC TXT record and preserve your policy (p=)

• Remove the NS record in your DNS for _dmarc

• Publish your own DMARC TXT record for your domain

• Optional: you can find your old DMARC record for the domain if you convert it to reporting-only first, then navigate to the domain from the main navigation sidebar and click "See More" at the top of the page.