This article covers the SPF and DKIM authentication processes for D2L Brightspace and how they are managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.


Configuring DKIM authentication for your D2L Brightspace emails

Setting up DKIM for D2L Brightspace is fairly easy.

You just need to add 2 CNAME DKIM keys in Valimail Enforce with the following values and selectors:



A private and public domain key pair is required to allow D2L to sign mail sent on your behalf and enable recipients to decode headers and verify the source of the email.

D2L generates the private and public domain key pair and imports it for use in signing email messages sent from the D2L Cloud on behalf of your domain. D2L provides the public DKIM TXT records to your organization for use in creating the corresponding CNAME records.

D2L will rotate the active DKIM keys every six months. When one key is rotated, the second will become active in signing emails, after which the process will repeat at six-month intervals. For organizations that have DKIM keys enabled and are using a custom mail domain, email delivery may be impacted if both required DKIM CNAME records are not in place at the time of rotation.

The service owner of D2L Brighspace within your organization, will need to contact D2L Brighspace to make sure they DKIM record are validated.

You can also find the instructions on how to set up DKIM and SPF in D2L Brightspace here.

Add a D2L Brightspace DKIM key in Enforce

1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.

    a. Scroll down and add the two DKIM keys in your configuration, by clicking on Add a DKIM key

    b. Enter the selector name, CNAME target value, associate the key/s with D2L Brightspace and then click Add.

a screenshot of a computer

You can find more detailed information on how to add a DKIM key in Valimail Enforce here. 

Configuring SPF authentication for your D2L Brightspace emails

Once you establish that D2L Brightspace is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.

1. Please go to your domain's Configuration page in Enforce.

2. Click on the + sign from the Enabled Senders section:

a screenshot of a email

3. Choose D2L Brightspace from the list of configurable senders and then click Enable:

a screenshot of a computer

We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.

As always, if you have any questions, please don't hesitate to submit a ticket.