If you need to remove a domain from Authenticate, first decide whether you want to keep it in reporting-only mode or remove it entirely.


To Remove a Domain that is in Reporting-Only Mode

For this mode, you don't really have to do anything. 

However, you may choose to remove the reference to Valimail in your DMARC record, in the rua section. It looks like this: mailto:dmarc_agg@vali.email;


To Switch from Active to Reporting-Only

This mode lets you keep visibility without relying on Valimail for authentication. You'll simply keep Valimail in your DMARC policy as a recipient of DMARC aggregate reports. 


1. If you have an NS record pointing DMARC to Valimail, remove it

• Capture the existing DMARC TXT record and preserve your policy (p=)

• Remove the NS record in your DNS for _dmarc


2. Create your own DMARC DNS record

• Publish your own DMARC TXT record for your domain

• Retain visibility by keeping Valimail in your DMARC record with rua=mailto:dmarc_agg@vali.email;


3. Change your SPF record for the domain

• Formulate SPF records for the domain and any relevant subdomains. You can list include statements for services and and IP addresses based on what you captured in Step 1

• Publish the updated SPF records to your DNS

• Make sure to remove all references to Valimail


4. Stop pointing DKIM to Valimail

• Ensure that you’ve published all your DKIM keys from Step 2 in your DNS

• Remove the NS record in your DNS for _domainkey

• Be sure to do this for all subdomains


To Remove a Domain currently in Active Mode


1. Capture list of enabled services

• Take notes or screenshots of all services and netblocks that have been configured in Valimail

• Ensure you capture this data for all domains/sub-domains


2. Capture and recreate all DKIM keys

• Document the keys and values for all configured DKIM keys in Valimail

• Publish the DKIM keys and values in your DNS

• Do this for all domains/sub-domains


3. Change your SPF record for the domain

• Formulate SPF records for the domain and any relevant subdomains. You can list include statements for services and and IP addresses based on what you captured in Step 1

• Publish the updated SPF records to your DNS

• Make sure to remove all references to Valimail

• Optional: you can find your old SPF record for the domain if you convert it to reporting-only first, then navigate to the domain from the main navigation sidebar and click "See More" at the top of the page.


4. Stop pointing DKIM to Valimail

• Ensure that you’ve published all your DKIM keys from Step 2 in your DNS

• Remove the NS record in your DNS for _domainkey

• Be sure to do this for all subdomains


5. Stop pointing DMARC to Valimail

• Capture the exiting DMARC TXT record and preserve your policy (p=)

• Remove the NS record in your DNS for _dmarc

• Publish your own DMARC TXT record for your domain

• Optional: you can find your old DMARC record for the domain if you convert it to reporting-only first, then navigate to the domain from the main navigation sidebar and click "See More" at the top of the page.