Cisco Cloud Email Security requires special configuration actions outside of Authenticate. Please follow these steps to complete configuration for Cisco Cloud Email Security, and then return to your automation-guided task list in Authenticate.


1. Make sure you have added Cisco Cloud Email Security as an 'Approved Sender' in Authenticate for the domain you are configuring it for.

Note: If Cisco Cloud Email Security has not been approved, please do so now by selecting it from the ‘Service Name’ dropdown.


2. Cisco Cloud Email Security requires that you add a DKIM record to Authenticate. Here are the steps to generate the DKIM record from the Cisco Cloud Email Security console:

  1. Access to the Email Security Appliance (ESA).  
  2. Ensure that DKIM signing is off

Before we make any changes, we want to ensure that DKIM signing is off in all mail flow policies. This will allow us to configure DKIM signing without any impact to mail flow:

Go to Mail Policies > Mail Flow Policies.

Go to each mail flow policy and ensure that "Domain Key/DKIM Signing" is set to "Off."

  1. Create a DKIM signing key

You will first need to create a new DKIM signing key on the ESA:

  • Go to Mail Policies > Signing Keys and select "Add Key..."
  • Name the DKIM key and either generate a new private key or paste in an existing one.

Note: In most cases, it's recommended that you choose a 2048 bits private key size.

  • Commit the changes.
  1. Generate a new DKIM signing profile and publish the DNS record to DNS

Next, you will need to create a new DKIM signing profile, generate a DKIM DNS record from that DKIM signing profile and publish that record to DNS:

  1. Go to Mail Policies > Signing Profiles and click "Add Profile..." 
    • Give the profile a descriptive name in the field "Profile Name."
    • Enter your domain in the field "Domain Name."
    • Enter a new selector string into the field "Selector."

Note: The selector is an arbitrary string that is used to allow multiple DKIM DNS records for a given domain.

    • Select the DKIM signing key created in the previous section in the field "Signing Key."
    • Click Submit.
  1. From here, click "Generate" in the column "DNS Text Record" for the signing profile you just created and copy the DNS record that is generated. It should look similar to the following:
    • IN TXT "v=DKIM1; 
      p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMaX6wMAk4iQoLNWiEkj0BrIRMDHXQ7743OQUOYZQqEXSs+jMGomOknAZJpjR8TwmYHVPbD+30QRw0qEiRY3hYcmKOCWZ/hTo+NQ8qj1CSc1LTMdV0HWAi2AGsVOT8BdFHkyxg40oyGWgktzc1q7zIgWM8usHfKVWFzYgnattNzyEqHsfI7lGilz5gdHBOvmF8LrDSfN" "KtGrTtvIxJM8pWeJm6pg6TM/cy0FypS2azkrl9riJcWWDvu38JXFL/eeYjGnB1zQeR5Pnbc3sVJd3cGaWx1bWjepyNQZ1PrS6Zwr7ZxSRa316Oxc36uCid5JAq0z+IcH4KkHqUueSGuGhwIDAQAB;"

  2. Commit the changes.


3. Add the DKIM keys in Valimail Authenticate for Cisco Cloud Email Security:

 a. Click on 
Cisco Cloud Email Security from the Senders section:

 b. Click on 'Add DKIM KEY':


Click on the dropdown menu under the Record Type section and switch to CNAME and add the information provided by Cisco Cloud Email Security support and then select Add:

Here's a detailed guide on how to publish and manage DKIM keys in Authenticate: DKIM Key Management in Authenticate 


4. Wait until the DKIM DNS TXT record has been fully propagated. After adding the key to Authenticate go back to the Cisco Email Security Appliance (ESA) to test that the key was added:

  • Go to Mail Policies > Signing Profiles.
  • Under the column "Test Profile", click "Test" for the new DKIM signing profile. If the test is successful, continue with this guide. If not, confirm that the DKIM DNS TXT record has been fully propagated.


5. Turn DKIM signing on

Now that the ESA is configured to DKIM sign messages, we can turn DKIM signing on:

  • Go to Mail Policies > Mail Flow Policies.
  • Go to each mail flow policy that has the "Connection Behavior" of "Relay" and turn "Domain Key/DKIM Signing" to "On."

 6. Once you’ve completed these steps, you can begin sending authenticated email using Cisco Cloud Email Security.