SPF(supported) (dedicated subdomain) DKIM(recommended)
This article covers the SPF and DKIM authentication processes for L-Soft EASE and how they are managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.
L-Soft EASE uses a TXT DKIM key and a dedicated subdomain configuration setup.
TABLE OF CONTENTS
- Configuring DKIM authentication for your L-Soft EASE emails
- Add an L-Soft EASE DKIM key in Enforce
- Configuring SPF authentication for your L-Soft EASE emails
Configuring DKIM authentication for your L-Soft EASE emails
To set up DKIM for your L-Soft EASE emails, you will need to create and publish a DKIM TXT key in your DNS and also add it on your domain's Configuration page in Valimail Enforce, you manage the DKIM in Valimail for that subdomain.
Creating a DKIM TXT record can be done in various ways. If you run your own DNS, simply edit your forward zone file to include a TXT record. We will assume for this exercise that the LISTSERV host name is “listserv.example.com”, and we will enter the following information:
TXT Value: v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcARWuStG7G33L+M5jqjiCbhfKBlgxIMC8Of5ODONOTUSETHISKEYITISANEXAMPLEONLY91O1RigBB/C+UXzPO+N1+hZ55ZXS8MPGPgaV9VM1EysEdyfm2Y/rn935GGJwtm67fz+6dyKkCAzLsMjR5DvcxxlMzf6Gs9TrX7PBNwIDAQAB
TTL: Your preference, but typically 1 hour.
- 1. When creating a new record in a DNS zone file, the host name normally is not fully qualified. If you are editing the zone file for the example.com zone, it should not be necessary to enter the fully-qualified domain name in the “host” section. Be sure to check the documentation for whatever DNS you are running if you are unsure of this.
- 2. We are assuming a DKIM selector value of “default”. For the purposes of DKIM authentication, external sites will always check DNS for a TXT record belonging to “selector”._domainkey.”hostname”. In our example, external sites would be looking for the TXT record belonging to default._domainkey.listserv.example.com .
- 3. The TXT value should not break and wrap as displayed above. It should be one continuous line of text. The value of “p=” is the text of the public key from between the lines
Once you have created your DNS entries and LISTSERV configuration for DKIM, you will want to test it.
Listserv has a built-in Deliverability Assessment report which can be reached in the web interface at Server Administration -> Site Configuration -> Deliverability Assessment. The first screen looks like the following:
Unless you have multiple domains set up in LISTSERV, there should be no reason to change the pre-populated values. If they are correct, simply click Submit. This will yield the report:
The green shields indicate that, so far as LISTSERV is concerned, you have properly configured the DKIM DNS entry, and LISTSERV itself is properly configured to sign outbound messages with DKIM. If either or both of the shields are not green, you need to recheck your DNS entry and LISTSERV configuration, and correct any errors before running the report again.
You can also find the instructions on how to set up DKIM and SPF FOR L-Soft EASE, here.
Add an L-Soft EASE DKIM key in Enforce
1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.
a. Scroll down and add the DKIM key in your configuration, by clicking on Add a DKIM key.
b. Enter the selector name, the DKIM TXT value (the actual value is the entire string after the p= tag), associate the key with L-Soft EASE and then click Add.
You can find more detailed information on how to add a DKIM key in Valimail Enforce here.
Configuring SPF authentication for your L-Soft EASE emails
Once you establish that L-Soft EASE is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.
1. Please go to your domain's Configuration page in Enforce.
2. Click on the + sign from the Enabled Senders section:
3. Choose L-Soft EASE from the list of configurable senders and then click Enable:
We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.
As always, if you have any questions, please don't hesitate to submit a ticket.