This article covers the SPF and DKIM authentication processes for Proofpoint and how are they managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.
TABLE OF CONTENTS
- Configuring DKIM authentication for your Proofpoint emails
- Adding a DKIM Proofpoint DKIM key in Enforce
- Configuring SPF authentication for your Proofpoint emails
Configuring DKIM authentication for your Proofpoint emails
Each domain that sends email can be individually configured to sign outbound messages with DKIM. To enable the feature, you will need to create a new signing key, add the public key in Valimail Enforce, and verify that its been added correctly.
1. Navigate to Administration -> Account Management -> Domains.
2. Select the domain you want to configure and click the vertical ellipsis on the right-hand side of the Domains table.
3. Click the option labeled Configure DKIM.
4. A drawer will appear on the right side of the screen, listing all the currently configured DKIM keys. If this is your first time configuring DKIM, no keys will be listed. Click Create New DKIM Signing Key.
5. The form will appear asking you to specify a selector. A selector is used to locate the public key in the DNS (or in Valimail Enforce, if you publish the DKIM key there) and is not visible to end users. A value is pre-populated, but you can change it if you'd like. Click Create.
6. The resulting screen will give you the DKIM record that you need to publish in Valimail Enforce.
IMPORTANT: In Valimail Enforce, you will only add the selector and the public value of the DKIM key.
The key selector is in the above case selector-1607357288 and the value is the whole string of numbers and letters that starts after the p= tag (omitting the tag).
7. Once you've published the DKIM key in Valimail Enforce, Proofpoint will need to validate that the record was added correctly. To do so, click the Verify Key button in the key's context menu.
8. Once the key is successfully verified, outbound DKIM signing is automatically enabled for this domain.
You can find the instructions on how to setup DKIM in Proofpoint here.
Adding a DKIM Proofpoint DKIM key in Enforce
1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.
a. Scroll down and add the two DKIM keys in your configuration, by clicking on Add a DKIM key.
b. Enter the selector name, the DKIM TXT value (the actual value is the entire string after the p= tag), associate the key with Proofpoint and then click Add.
You can find more detailed information on how to add a DKIM key in Valimail Enforce here.
Configuring SPF authentication for your Proofpoint emails
Once you establish that Proofpoint is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.
1. Please go to your domain's Configuration page in Enforce.
2. Click on the + sign from the Enabled Senders section:
3. Choose Proofpoint Hosted from the list of configurable senders and then click Enable.
Additionally, make sure you also add the Proofpoint ID.
We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.
As always, if you have any questions, please don't hesitate to submit a ticket.