This article covers the SPF and DKIM authentication processes for Elastic Email and how they are managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.
TABLE OF CONTENTS
- Configuring DKIM authentication for your emails with Elastic Email
- Add an Elastic Email DKIM key in Enforce
- Configuring SPF authentication for your emails with Elastic Mail
Configuring DKIM authentication for your emails with Elastic Email
The first step in this process will be for you to verify your domain.
1. In order to verify your domain, navigate to Settings -> Domains -> Manage Domains screen.
2. Click Verify domain in order to bring up the Add domain popup. In here you can input your domain name and confirm it with the button with the same name at the bottom.
3. When your domain is added to the account, it's now visible in the domains list. If a blue star is present next to the domain name, it indicates that it's set as a Default Sender. You can enter a domain's details by clicking the eye icon.
4. The following screen shows detailed information about your domain's verification status. Here, you can set your domain as default sender and check if your SPF, DKIM, Tracking, MX and DMARC records are properly verified.
5. Add in Valimail Enforce, the following DKIM key:
IMPORTANT: You will also need to add a CNAME record for tracking and an MX record, both to your DNS.
You can only manage the DKIM, SPF and DMARC DNS zones in Valimail Enforce. Any other type of records like MX ones, need to be added in your DNS.
6. After you finished publishing all the needed records in both Valimail Enforce and your DNS, you must complete the verification for these records.
a. Go to your Settings -> Domains screen.
b. Add your domain (yourdomain.com). Click Verify Domain.
c. Green check marks mean that the record has been added correctly.
Please consult all the steps from this setup on how to configure DKIM, SPF, Tracking and MX record in Elastic Email here.
Add an Elastic Email DKIM key in Enforce
1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.
a. Scroll down and add the two DKIM keys in your configuration, by clicking on Add a DKIM key.
b. Enter the selector name, the DKIM TXT value (the actual value is the entire string after the p= tag), associate the key with Elastic Email, make sure you check the box called Only allow exact domain signing (t=s) and then click Add.
You can find more detailed information on how to add a DKIM key in Valimail Enforce here.
Configuring SPF authentication for your emails with Elastic Mail
Once you establish that Elastic Email is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.
1. Please go to your domain's Configuration page in Enforce.
2. Click on the + sign from the Enabled Senders section:
3. Choose Elastic Email from the list of configurable senders and then click Enable:
We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.
As always, if you have any questions, please don't hesitate to submit a ticket.