This article covers the SPF and DKIM authentication processes for AON Assessment Solutions and how they are managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.


Configuring DKIM authentication for your AON Assessment Solutions emails

Since DKIM requires an active key management that affects the mail server configuration as well as

the DNS, the public keys are not published in the client DNS directly. Instead, AON Assessment Solutions asks you to set

up CNAME records that point to your key sets:

Type Record Location Value

CNAME aas.1._domainkey.<sender domain> dkim.<sender domain>.1.aas.services.

CNAME aas.2._domainkey.<sender domain> dkim.<sender domain>.2.aas.services.

CNAME aas.3._domainkey.<sender domain> dkim.<sender domain>.3.aas.services.

All installed keys are domain-specific; please do not point CNAME records for different sender

domains to the same keys, since this will not be reflected by Aon's server configuration.

Please note that the DKIM selector, being part of an automated solution, cannot be customized.

Important: If you manage DKIM for your domain in Valimail, you will need to add those 3 CNAME DKIM keys on your domain's Configuration page in Valimail Enforce, as outlined in the Add an AON Assesment Solutions DKIM key in Enforce section below.

You can also find the instructions on how to set up DKIM and SPF for AON Assessment Solutions, here.

Add an AON Assessment Solutions DKIM key in Enforce

1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.

    a. Scroll down and add the two DKIM keys in your configuration, by clicking on Add a DKIM key

    b. Enter the selector name, CNAME target value, associate the key/s with AON Assessment Solutions and then click Add.

Add a DKIM key in Enforce

You can find more detailed information on how to add a DKIM key in Valimail Enforce here. 

Configuring SPF authentication for your AON Assessment Solutions emails

Once you establish that AON Assessment Solutions is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.

1. Please go to your domain's Configuration page in Enforce.

2. Click on the + sign from the Enabled Senders section:

3. Choose AON Assessment Solutions from the list of configurable senders and then click Enable:

Add Aon to the authorized service in Enforce

We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.

As always, if you have any questions, please don't hesitate to submit a ticket.