Mimecast is an international company specializing in cloud-based email management.

This article covers the SPF and DKIM authentication processes for Mimecast and how to manage this configuration in Valimail. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.

In order to setup DKIM for Mimecast, you will have to Setup an Outbound Signing Definition and Setup an Outbound Policy to apply DKIM to your outbound emails.

1. Once logged in, click the Administration dropdown, select Gateway and click Policies.

2. Click the Definitions dropdown and select DNS Authentication - Outbound.

3. Click “New DNS Authentication – Outbound Signing” to create a new DKIM policy.

4. Fill in a description and select Sign outbound mail with DKIM. A domain needs to be selected and so click Lookup next to Domain.

5. Select your domain by clicking Select in front of your chosen domain.

6. Select either 1024 bits or 2048 bits as your DKIM Key Length. We recommend choosing 2048 bits for more secure encryption.

Do not change the Selector. Click Generate.

7. Your new DKIM key has been generated successfully.

8. The newly created DKIM key will need to be published in Valimail Enforce.

You can find more detailed information on how to add a DKIM key in Valimail, here:

1. Once done with your outbound signing definition, next you need to create your outbound policy.

Under Policies select DNS Authentication – Outbound.

2. Add a new Policy for Outbound Signing and use the following values:

3. Go back into Mimecast and click Check DNS to verify that the Mimecast DKIM key was properly published in Valimail.

4. After the validation of the DKIM key was done successfully in Mimecast, you can now send DKIM authenticated email for your domain using Mimecast.

Once you establish that Hushmail is an authorized sender for your domain, you will need to add the service in your Enabled Senders.

You will find more detailed information on how to add a service for your domain in Valimail, here:

Note: We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.

You may notice that Mimecast emails are not authenticated via SPF, even after you have added Mimecast to your domain's configuration. This is likely caused by Mimecast not sending SPF aligned-mail and can be corrected by making sure SPF alignment is turn on in Mimecast for your domain.

You can find more information on how to set up SPF and SPF alignment for Mimecast here.