SPF(supported) / (dedicated subdomain) DKIM(recommended)
This article covers the SPF and DKIM authentication processes for SAP Cloud for Customer and how they are managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.
TABLE OF CONTENTS
- Configuring DKIM authentication for your SAP Cloud for Customer emails
- Add a SAP Cloud for Customer DKIM key in Enforce
- Configuring SPF authentication for your SAP Cloud for Customer emails
Configuring DKIM authentication for your SAP Cloud for Customer emails
1. Create an incident to request a DKIM key. Include your complete list of domains for outbound e-mail.
DKIM keys can’t be generated for the following domains:
- gmail.com
- hotmail.com
- outlook.com
- sap.com
- your tenant domain (myxxxxxx.mail.crm.ondemand.com)
2. SAP responds to the incident with your public DKIM key and selector details.
3. Use the public DKIM key and selector details to maintain a DKIM TXT record in your DNS server.
Note: If you manage your domain in Valimail, you will need to add the TXT DKIM key on your domain's Configuration page in Valimail Enforce.
4. You respond to the incident to confirm that you’ve added the DKIM key in your DNS server.
5. SAP activates the DKIM key for your solution and closes the incident.
You can also find the instructions on how to set up DKIM and SPF for SAP Cloud for Customer, here.
Add a SAP Cloud for Customer DKIM key in Enforce
1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.
a. Scroll down and add the DKIM key in your configuration, by clicking on Add a DKIM key.
b. Enter the selector name, the DKIM TXT value (the actual value is the entire string after the p= tag), associate the key with SAP Cloud for Customer and then click Add.
You can find more detailed information on how to add a DKIM key in Valimail Enforce here.
Configuring SPF authentication for your SAP Cloud for Customer emails
Once you establish that SAP Cloud for Customer is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.
1. Please go to your domain's Configuration page in Enforce.
2. Click on the + sign from the Enabled Senders section:
3. Choose SAP Cloud for Customer from the list of configurable senders and then click Enable:
We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.
As always, if you have any questions, please don't hesitate to submit a ticket.