This article covers the SPF and DKIM authentication processes for Cisco Cloud Email Security and how they are managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.
TABLE OF CONTENTS
- Configuring DKIM authentication for your Cisco Cloud Email Security emails
- Add a Cisco Cloud Email Security DKIM key in Enforce
- Configuring SPF authentication for your Cisco Cloud Email Security emails
Configuring DKIM authentication for your Cisco Cloud Email Security emails
Create a DKIM signing key
1. Login to Cisco Cloud Email Security console and go to Mail Policies -> Signing Keys and select Add Key...
2. Name the DKIM key and either generate a new private key or paste in an existing one. (Best practice is to select the 2048 option for key encryption).
3. Commit the changes.
Generate a new DKIM signing profile
4. Go to Mail Policies -> Signing Profiles and click Add Profile...
a. Give the profile a descriptive name in the field Profile Name.
b. Enter your domain in the field Domain Name.
c. Enter a new selector string into the field Selector.
d. Select the DKIM signing key created in the previous section in the field Signing Key.
e. Click Submit.
Note: The selector is an arbitrary string that is used to allow multiple DKIM DNS records for a given domain.
5. From here, click Generate in the column DNS Text Record for the signing profile you just created.
6. Commit the changes.
7. Now you will need to add the generated DKIM key in Valimail Enforce. (In Enforce you will only be adding the DKIM selector and the exact TXT value of the key - like the bolded italics ones below).
selector2._domainkey.example.com. IN TXT "v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMaX6wMAk4iQoLNWiEkj0BrIRMDHXQ7743OQUOYZQqEXSs+jMGomOknAZJpjR8TwmYHVPbD+30QRw0qEiRY3hYcmKOCWZ/hTo+NQ8qj1CSc1LTMdV0HWAi2AGsVOT8BdFHkyxg40oyGWgktzc1q7zIgWM8usHfKVWFzYgnattNzyEqHsfI7lGilz5gdHBOvmF8LrDSfNKtGrTtvIxJM8pWeJm6pg6TM/cy0FypS2azkrl9riJcWWDvu38JXFL/eeYjGnB1zQeR5Pnbc3sVJd3cGaWx1bWjepyNQZ1PrS6Zwr7ZxSRa316Oxc36uCid5JAq0z+IcH4KkHqUueSGuGhwIDAQAB;"
8. Go to Mail Policies -> Signing Profiles.
9. Under the column Test Profile, click Test for the new DKIM signing profile.
Turn DKIM signing on
10. After the test is confirmed successful, you will need to turn DKIM signing on. Go to Mail Policies -> Mail Flow Policies.
11. Go to each mail flow policy that has the Connection Behavior of Relay and turn Domain Key/DKIM Signing to On.
You can also find the instructions on how to set up DKIM for Cisco Cloud Email Security here.
Add a Cisco Cloud Email Security DKIM key in Enforce
Configuring SPF authentication for your Cisco Cloud Email Security emails
We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.