Email, Configuring Authenticated Email using a vendor DKIM record

This KB provides the steps necessary to set up custom domain authentication for 3rd party and cloud applications

Configuring Authenticated Email using a vendor DKIM record 

This KB provides the steps necessary to set up custom domain authentication for 3rd party and cloud applications 

Configuring Authenticated Email from a 3rd party using the vendor DKIM record; 

This KB provides the steps necessary to set up custom domain authentication for 3rd party and cloud applications who; 

  1. CAN use their own domain in the 'mail from' address (the 'behind the scenes' email address a typical email recipient will not see). 
  2. CANNOT configure a custom DKIM signature for your domain to be used for the 'header from' address (this is the address an email recipient sees when they read their email). 

To improve deliverability of email, SPF and DKIM should both be configured, but do NOT have use matching domains. In this article, you'll learn how to set up DKIM to authenticate email from your desired domain.   

NOTE:   If you intend to send email ‘as’ @illinois.edu, we cannot add additional include statements to the campus SPF record.  This configuration will require that the vendor use their own domain in the ‘mail from’ address of messages, while using ‘illinois.edu’ in the ‘header from’, using the DKIM signature coordinated with Technology Services in the following steps. 


Before You Start:

Here are some things to know before you begin this process: 

  • This configuration will NOT align SPF 'Mail From' your desired domain.  It will rely on the vendor using their own domain in the 'mfrom' address and maintaining their own SPF record appropriately. 
  • This configuration WILL align the DKIM signature to your desired domain, and if the desired domain is used in the 'header from' address your email will align with DMARC and pass authentication tests to help ensure delivery. 

Custom Authentication: 

To set up domain authentication, you must submit the DNS records provided by SendGrid to your DNS or your domain record with the campus host manager. The CNAME record creates an alias for subdomain.yourdomain.com and points to sendgrid.net. This will be what your messages are signed by, so your recipients will be able to see what you have chosen for your CNAME. You set up the CNAME files that SendGrid provides with your DNS host. 

Here's a brief overview of the process:

Working within your 3rd party application interface, or with their support; 

  1. verify your sending domain 
  2. request the identifier and DKIM record they will use to sign email 
  3. using the domainkey DNS record they provide, request the DNS CNAME record from your hostmanager;                    
  4. <identifier>._domainkey.<desireddomain>.com. | CNAME | <DKIM record from the vendor> 

If you intend to send email from '@illinois.edu', you can request creation of 'domainkey.illinois.edu' records from the Campus Email Relays administrators by submitting to consult@illinois.edu.  If you are intending to send email from your own subdomain or second-level domain, you can make this request directly to the campus host manager at hostmgr@illinois.edu


For support articles from various vendors


HELP DESK INTERNAL SECTION:

Where to escalate the ticket to:

  • Request Area: Campus Email Relays
  • Transfer the ticket to: UIUC-TechServices-Campus Email Relays (Group)

Consultants can use Contacts Database to contact the service admin: https://cdb.techservices.illinois.edu/item/3488/



Keywords:
email, DKIM, SPF, DMARC, fraud defense, mailchimp, emma 
Doc ID:
93389
Owned by:
Email Relays E. in University of Illinois Technology Services
Created:
2019-07-25
Updated:
2023-12-12
Sites:
University of Illinois Technology Services