Sophos Email Security DMARC Configuration : Valimail Support

SPF(supported)
DKIM(recommended)

This article covers the SPF and DKIM authentication processes for Sophos Email Security and how they are managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.

TABLE OF CONTENTS

Configuring DKIM authentication for your Sophos Email Security emails
Add a Sophos Email Security DKIM key in Enforce
Configuring SPF authentication for your Sophos Email Security emails

Configuring DKIM authentication for your Sophos Email Security emails

1. Go to Global Settings -> Domains settings/status and click on the domain you want to add a DKIM key to.

2. Click Add key.

3. Copy the DKIM information that is generated automatically and use it to create a DNS TXT record for your domain.

Important: If you manage DKIM in Valimail for your domain, you will need to add the TXT DKIM key on your domain's Configuration page in Valimail Enforce.

4. Once your DNS TXT record has been published, click on Test record to check that your DNS TXT record matches the information in Sophos Email.

5. Activate the DKIM key then click Save.

You can also find the instructions on how to set up DKIM and SPF for Sophos Email Security, here.

Add a Sophos Email Security DKIM key in Enforce

1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.

a. Scroll down and add the DKIM key in your configuration, by clicking on Add a DKIM key.

b. Enter the selector name, the DKIM TXT value (the actual value is the entire string after the p= tag), associate the key with Sophos Email Security and then click Add.

You can find more detailed information on how to add a DKIM key in Valimail Enforce here.

Configuring SPF authentication for your Sophos Email Security emails

Once you establish that Sophos Email Security is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.

1. Please go to your domain's Configuration page in Enforce.

2. Click on the + sign from the Enabled Senders section:

a screenshot of a email

3. Choose Sophos Email Security from the list of configurable senders and then click Enable:

We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.

As always, if you have any questions, please don't hesitate to submit a ticket.