Mimecast is an international company specializing in cloud-based email management.
This article covers the SPF and DKIM authentication processes for Mimecast and how to manage this configuration in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.
In order to setup DKIM for Mimecast, you will have to Setup an Outbound Signing Definition and Setup an Outbound Policy to apply DKIM to your outbound emails.
TABLE OF CONTENTS
- Setup an Outbound Signing Definition
- Add a Mimecast DKIM key in Enforce
- Setup an Outbound policy
- Configuring SPF authentication for your Mimecast emails
- Enable SPF alignment in Mimecast for your domain
Setup an Outbound Signing Definition
1. Once logged in, click the Administration dropdown, select Gateway and click Policies.
2. Click the Definitions dropdown and select DNS Authentication - Outbound.
3. Click “New DNS Authentication – Outbound Signing” to create a new DKIM policy.
4. Fill in a description and select Sign outbound mail with DKIM. A domain needs to be selected and so click Lookup next to Domain.
5. Select your domain by clicking Select in front of your chosen domain.
6. Select either 1024 bits or 2048 bits as your DKIM Key Length. We recommend choosing 2048 bits for more secure encryption.
Do not change the Selector. Click Generate.
7. Your new DKIM key has been generated successfully.
8. The newly created DKIM key will need to be published in Valimail Enforce.
Add a Mimecast DKIM key in Enforce
1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.
You can find more detailed information on how to add a DKIM key in Valimail Enforce here.
Setup an Outbound policy
1. Once done with your outbound signing definition, next you need to create your outbound policy.
Under Policies select DNS Authentication – Outbound.
2. Add a new Policy for Outbound Signing and use the following values:
3. Go back into Mimecast and click Check DNS to verify that the Mimecast DKIM key was properly published in Valimail Enforce.
4. After the validation of the DKIM key was done successfully in Mimecast, you can now send DKIM authenticated email for your domain using Mimecast.
Configuring SPF authentication for your Mimecast emails
We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.
Enable SPF alignment in Mimecast for your domain
You may notice that Mimecast emails are not authenticated via SPF, even after you have added Mimecast to your domain's configuration. This is likely caused by Mimecast not sending SPF aligned-mail and can be corrected by making sure SPF alignment is turn on in Mimecast for your domain.
You can find more information on how to set up SPF and SPF alignment for Mimecast here.
As always, if you have any questions, please don't hesitate to submit a ticket.