This article covers the SPF and DKIM authentication processes for Zoho Sign and how they are managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.
TABLE OF CONTENTS
- Configuring DKIM authentication for your Zoho Sign emails
- Add a Zoho Sign DKIM key in Enforce
- Configuring SPF authentication for your Zoho Sign emails
Configuring DKIM authentication for your Zoho Sign emails
Add domain name
This step is necessary for Zoho Sign to recognize your domain, and generate a key (hostname, value) for that domain.
1. Navigate to Settings -> Account settings -> Email domain verification status.
2. Click Verify now.
3. Enter your domain name. For example, if your email is firstname.lastname@example.org, the domain name you'll have to enter is zylker.com.
4. Click the Generate Key button. This will generate a hostname and value.
Add TXT record
In this step, you need to publish your domain's public key as a TXT record in your DNS Manager. Every outgoing email from Zoho Sign will have a signature added to its header generated using the private key of your domain. Your recipient's email server will validate emails sent from Zoho Sign using the public key published in your DNS record.
Important: If you manage DKIM in Valimail for your domain, you will need to add the TXT DKIM key on your domain's Configuration page in Valimail Enforce.
1. Login to your DNS Manager.
2. Select the TXT Method tab in the Domain Verification page.
3. Create a TXT record in your DNS with the title as the hostname. For example, zoho._domainkey.zylker.org should be the name of the TXT record if that was the hostname provided.
4. In the TXT record value, paste the content you copied from the Value field in Zoho Sign.
5. Save the TXT record in the DNS Manager.
6. Go to Zoho sign and click the Next button in the step-2 (Add TXT record).
Verify domain ownership
1. Ensure you have completed adding the TXT record in the DNS Manager.
2. Click the Verify Domain button.
3. If the entry has been added correctly, your domain would be marked as verified and emails sent from Zoho Sign will be signed and verified using the key pairs.
4. You should not remove this TXT record from your domain hosting console as long as you continue to use that email address in Zoho Sign. If not your email domain will be marked as not verified again and your emails may land in spam.
You can also find the instructions on how to set up DKIM and SPF for Zoho Sign, here.
Add a Zoho Sign DKIM key in Enforce
1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.
a. Scroll down and add the DKIM key in your configuration, by clicking on Add a DKIM key.
b. Enter the selector name, the DKIM TXT value (the actual value is the entire string after the p= tag), associate the key with Zoho Sign and then click Add.
You can find more detailed information on how to add a DKIM key in Valimail Enforce here.
Configuring SPF authentication for your Zoho Sign emails
Once you establish that Zoho Sign is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.
1. Please go to your domain's Configuration page in Enforce.
2. Click on the + sign from the Enabled Senders section:
3. Choose Zoho Sign from the list of configurable senders and then click Enable:
We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.
As always, if you have any questions, please don't hesitate to submit a ticket.