SPF(supported) / (dedicated subdomain)
DKIM(recommended)



This article covers the SPF and DKIM authentication processes for Trustwave MailMarshal and how they are managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.



TABLE OF CONTENTS





Configuring DKIM authentication for your Trustwave MailMarshal emails


To configure DKIM validation:


1. In the left pane of the Management Console click System Configuration.


2. From the right pane menu expand Receiver Properties and select DKIM.


3. To enable DKIM validation, check the box Enable DKIM Detection. To disable the feature, clear the box.


4. To apply the changes, commit the configuration.



To configure DKIM keys for local domains:


1. In the left pane of the Management Console click System Configuration.


2. In the right pane, click Local Domains. Select a domain, and then click Edit.


3. Click the DKIM tab.


4. Click Add to generate or import a key, and select appropriate settings. For details, see Help.


Note: Keep a copy of the key file in a secure location. DKIM signing keys are not included in the MailMarshal configuration backup.


5. Ensure that you have published a DNS TXT record that includes the related public key. The DKIM Key window provides the appropriate record text for the key.


Important: If you manage DKIM in Valimail for your domain, you will need to add the TXT DKIM key on your domain's Configuration page in Valimail Enforce.



6. To sign messages, once the DKIM key is created and published, use a Content Analysis Rule to apply the DKIM signature. See Apply DKIM signature.



You can also find the instructions on how to set up DKIM and SPF for Trustwave MailMarshal, here.






Add a Trustwave MailMarshal DKIM key in Enforce


1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.


    a. Scroll down and add the DKIM key in your configuration, by clicking on Add a DKIM key

    b. Enter the selector name, the DKIM TXT value (the actual value is the entire string after the p= tag), associate the key with Trustwave MailMarshal and then click Add.




You can find more detailed information on how to add a DKIM key in Valimail Enforce here. 






Configuring SPF authentication for your Trustwave MailMarshal emails


Once you establish that Trustwave MailMarshal is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.


1. Please go to your domain's Configuration page in Enforce.

2. Click on the + sign from the Enabled Senders section:



3. Choose Trustwave MailMarshal from the list of configurable senders and then click Enable:




We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.






As always, if you have any questions, please don't hesitate to submit a ticket.