In this instructional article, we will walk you through the process of configuring Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) for Proofpoint Essentials. By setting up these email authentication methods, you ensure that Proofpoint passes the DMARC alignment check, which helps eliminate spam and enhances the security of your domain.
What is SPF and DKIM?
SPF: The SPF record identifies the mail servers and domains authorized to send emails on behalf of your domain.
DKIM: DKIM is a DNS TXT record that stores a public key used by receiving mail servers to verify a message's authenticity.
These email authentication mechanisms help Internet Service Providers (ISPs) and mail services verify that emails are being sent by authorized senders, protecting your domain’s reputation.
Configuring the SPF Record
To ensure Proofpoint sends emails on behalf of your domain, you'll need to create or update your SPF record by including the following information:
For US:
a:dispatch-us.ppe-hosted.com
For EU:
a:dispatch-eu.ppe-hosted.com
Steps to Update Your SPF Record:
Use the SPF Generator Tool:
Go to the SPF Record Generator.
Add the necessary includes under the
a:__section.Choose a policy for your SPF record:
Fail: Non-compliant emails are rejected.
SoftFail: Non-compliant emails are accepted but marked.
Neutral: Non-compliant emails are probably accepted.
2. Generate and Copy the SPF Record:
After selecting the policy, click "Generate" and copy the provided SPF record.
Add the Record to Your DNS Provider:
Log into your DNS provider (CloudFlare, GoDaddy, etc.).
Create a new TXT record and paste the SPF record you copied earlier.
Save your changes.
Wait for DNS Propagation: It may take up to 72 hours for the changes to take effect.
Important Note: Ensure that only one SPF TXT record exists per domain. Having multiple SPF records will result in a PermError. If you use multiple IPs, ESPs, or third-party services, include them all in a single SPF record, such as:
lessCopy codev=spf1 ip4:18.57.156.221 a:dispatch-us.ppe-hosted.com include:thirdpartyservice.com ~all
Configuring the DKIM Record
To authenticate emails from Proofpoint Essentials, you'll need to set up a DKIM record.
Steps to Set Up the DKIM Record:
Navigate to the DKIM Configuration:
Go to Administration > Account Management > Domains.
Choose the domain you want to configure.
Click the ellipsis on the right side of the Domains table and select Configure DKIM.
Create a New DKIM Key:
If this is your first time setting up DKIM, there will be no existing keys.
Click Create New DKIM Signing Key.
Choose a selector. This is a unique identifier used to locate the public key in DNS. You can use the pre-populated value or modify it as needed.
Click Create.
Add the DKIM Record to DNS:
A new screen will display the hostname and value for the DNS record. Add these values to your DNS zone through your domain registrar’s website (e.g., GoDaddy, Namecheap).
Verify the DKIM Record:
Once you've added the DKIM record, click Verify Key to ensure it was added correctly.
After verification, outbound DKIM signing will be automatically enabled for your domain.
Important Note: Remember to save the private key to a secure location, as it is only displayed once.
Congratulations!
By following these steps, you’ve successfully authenticated your outgoing mail stream from Proofpoint Essentials with SPF and DKIM, ensuring that your email is protected from spam and malicious activity.