SPF(supported) (dedicated subdomain)
DKIM(recommended)



This article covers the SPF and DKIM authentication processes for Sailthru and how they are managed in Valimail Enforce.

Adding Sailthru as an authorized sender in the Valimail Enforce usually requires a dedicated subdomain to be pointed to the Sailthru infrastructure and typically the DKIM keys will be added in the Valimail platform. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.



TABLE OF CONTENTS





Configuring DKIM authentication for your Sailthru emails


Configure Google Postmaster Tools


Before setting up DKIM in Sailthru for your domain, you will need to configure Google Postmaster tools.

It is likely that many if not most of your recipients use Gmail. Google Postmaster Tools allows you to analyze your email sends to these users, offering data on delivery errors, spam reports, reputation scoring, and more. The setup process below is required to ensure that you and Sailthru can work to ensure optimal deliverability, mitigating any issues that may arise.


These configuration steps require a Google account of your own, and one for each additional co-worker for whom you wish to grant access to this data.


1. Go to postmaster.google.com.


2. If domains are listed, and you need to add a new domain, click the plus sign in the bottom-right. If no domains are listed, click Get Started.



3. On the Getting Started dialog, under What domain do you use to authenticate your email?, enter the domain that your company uses for your From address when sending email.



4. Under Domain Configuration, copy the entire TXT record displayed in the gray box and ask your domain/IT administrator add this text as a “TXT record” for your domain.


5. Click Not Now if you are waiting to have this TXT record implemented by your IT/domain administrator.


6. Once the TXT record is implemented, return to postmaster.google.com, hover your mouse over the domain name, and click Verify Domain.



7. Once the domain is verified, you’ll need to add Sailthru as a user, plus any additional coworkers who will need to view Gmail deliverability information.

    a. Next to the domain, from the menu, select Manage Users.



    b. Click the plus sign to add the email address of a user to authorize. The user’s email must be associated with a GMail or Google Apps account. The Sailthru address to add is gpt@sailthru.info.

    c. Enter the email address and click Next.

    d. Click Add Another or Done. Notify your Project Manager or Customer Success Manager when the Sailthru address is added.


8. Notify your Project Manager or Customer Success Manager when the Sailthru address is added.


Setup your DKIM using a CNAME


10. Create a new CNAME for your DKIM record. 

The CNAME sailthru._domainkey.yourdomain.com  should point to yourdomain.com.sailthrudkim.com. 


Note: This step requires you to set up only a CNAME. Once this is finished, your Sailthru Account Manager will set up the DKIM key (a long string of letters, numbers, and other characters) for the DKIM record to be complete.

The DKIM record proves authorization from your sending domain.


11. Add the Sailthru DKIM key in Valimail Enforce.



You can find the complete instructions on how to set up DKIM and SPF for Sailthru here.







Add a Sailthru DKIM key in Enforce


1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.


    a. Scroll down and add the two DKIM keys in your configuration, by clicking on Add a DKIM key

    b. Enter the selector name, CNAME target value, associate the keys with Sailthru and then click Add.




You can find more detailed information on how to add a DKIM key in Valimail Enforce here.






Configuring SPF authentication for your Sailthru emails

Once you establish that Sailthru is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.


1. Please go to your domain's Configuration page in Enforce.

2. Click on the + sign from the Enabled Senders section:



3. Choose Sailthru from the list of configurable senders and then click Enable:




We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.






Enable SPF alignment in Sailthru for your domain


You may notice that Sailthru emails are not authenticated via SPF, even after you have added Sailthru to your domain's configuration. This is likely caused by Sailthru not sending SPF aligned-mail and can be corrected by following the process detailed below.


1. Create a new subdomain based on your sending domain: bounce.yourdomain.com

EX: Sending domain is sailthru.com – create bounce.sailthru.com

EX: Sending domain is email.sailthru.com – create bounce.email.sailthru.com


2. Publish these TXT and MX records in your DNS: 


bounce.yourdomain.com IN MX 10 njmta-173.sailthru.com 

bounce.yourdomain.com IN MX 10 mtast-04.sailthru.com 

bounce.yourdomain.com IN TXT "v=spf1 mx include:aspmx.sailthru.com ~all"



You can find more info on the SPF domain alignment in Sailthru here.






As always, if you have any questions, please don't hesitate to submit a ticket.