DMARC
In order to manage your DMARC, SPF and DKIM records in Valimail Enforce, you'll have to make a few updates in your domain's DNS. Please follow these steps to create and delegate your DMARC, SPF, and DKIM records on dnsmadeeasy.com.
You will need to add a DMARC NameServer (NS) record to your DNS zone to manage a domain’s DMARC policy within the Valimail system.
From the dnsmadeeasy.com configuration dashboard select the domain that you would like to make DNS change.
Under NS Records, select add a new record. The new record should have a name of _dmarc with a value of ns.vali.email. and a TTL of 300. Then submit the change.
It will now show up in the NS Records section.
Best Practice: Delete the “_dmarc” TXT record from your DNS zones after you’ve added the NS record (or CNAME record) if one exists.
We recommend a TTL of 300 seconds, although using a longer TTL (up to 3600 seconds) should be fine if you'd like to reduce the load on your DNS server. Please note that because of existing DNS TTLs it may take some time for Valimail to detect that you've updated your DNS with the correct settings.
SPF
Valimail uses a part of the SPF standard called Macros. These are supported by all email receivers. Macros, along with Valimail’s patented technology, allow Valimail to provide SPF services and directly address the 10 domain lookup limit in the SPF standard. (https://tools.ietf.org/html/rfc7208#section-4.6.4)
To manage SPF for this domain from the Valimail Enforce platform, backup and remove your existing SPF record, then add the following TXT record for the domain to your DNS:
Record Name: Domain.com.
Record Type: TXT
Record Value: "v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all"
We recommend a TTL of 300 seconds, although using a longer TTL (up to 3600 seconds) should be fine if you'd like to reduce the load on your DNS server. Please note that because of existing DNS TTLs it may take some time for Valimail to detect that you've configured the DNS record correctly.
In dnsmadeeasy.com choose the domain that you would like to work on.
Select add a record under the TXT Records section
Add the SPF macro to the Value section
DKIM
Once a domain has pointed its DKIM record to the platform, all future DNS queries for the DKIM keys owned by that domain will be redirected to Valimail. You may need to check in your DNS zones to see if any DKIM keys are missing from the DKIM section in your domain Configuration page from Enforce, before pointing DKIM to Valimail in the following steps.
Point the domain’s DKIM record to Enforce
Once all the DKIM keys have been added to the platform, you can point the DKIM record to the platform. This is done by adding the NameServer record below, into your DNS zones:
Record Name: _domainkey.yourdomain.com.
Record Type: NS (NameServer)
Record Value: ns.vali.email.
From the dnsmadeeasy.com configuration dashboard select the domain that you would like to make DNS change.
Under NS Records, select add a new record.
The new record should have the name of _domainkey with a value of ns.vali.email. and a TTL of 300. Then submit the change.
It will now show up in the NS Records section.