Forcepoint SPF and DKIM configuration | EasyDMARC

Forcepoint SPF and DKIM configuration: Step By Step Guideline

4 Min Read
Forcepoint SPF and DKIM configuration

This instructional article will demonstrate the Forcepoint configuration process of Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures to ensure Forcepoint passes the DMARC alignment check and eliminates spam from your domain, and increases security.

The SPF record identifies the mail servers and domains that are allowed to send email on behalf of your domain. The DKIM record, on the other hand, is a specially formatted DNS TXT record that stores the public key the receiving mail server will use to verify a message’s signature. These email authentication methods will be used to prove to ISPs and mail services that senders are truly authorized to send emails from a particular domain and are a way of verifying your email-sending server is sending emails through your domain.

The process of configuring SPF

In order to authenticate Forcepoint on SPF, please follow these steps:

  1. Login and head to your DNS Zone provider
  2. Create a new TXT record
  3. Input the DNS name as @ or your domain name
  4. Input the DNS value as v=spf1 ~all
  5. Save the record
  6. Wait up to 72 hours to allow your DNS to process the changes

Screenshot below will show you an example of the SPF record. We’ll be using CloudFlare for this example.

Important Note: Each domain must have only one SPF TXT Record. If you have multiple SPF Records, SPF will return a PermError

If you are using multiple IPs, ESPs, Third-Party services for your various email strategies, you should include them in a single SPF Record.
E.g v=spf1 ip4: ~all

The process of configuring DKIM

In order to authenticate Forcepoint on DKIM, you need to configure a DKIM signing key, create a DKIM signing rule, and enable DKIM verification.

Use the following steps to create a DKIM signing key:

  1. Head to your ForcePoint platform
  2. Head to the Settings > Inbound/Outbound > DKIM Settings page
  3. Click Add in the DKIM Signing Keys section to open the Add Signing Key page.
  4. Enter a name for your key in the Key name entry field.
  5. Select one of the following options for creating your key:
  • Generate key (default) to create the private key. Only 1024-bit keys are supported.
  • Private key to enter a key you have already created. Paste the key in the entry box.

6. Click OK.

Use the following steps to create a DKIM signing rule in the Settings > Inbound/Outbound > DKIM Settings page:

  1. Click Add in the DKIM Signing Rules section to open the Add Signing Rule page
  2. Enter a name for your rule in the Rule name entry field
  3. Enter the name of the domain to which this signing rule applies
  4. If desired, mark the Include user identifier check box to include the identity of the user or agent for whom the message is signed
  5. Enter the user identifier in the User identifier entry field (optional). This field is not enabled if the Include user identifier check box is not marked
  6. Enter the domain name selector in the Selector entry field. A selector is a name component provided in addition to the domain name used in the DNS public key query. A given domain may have multiple selectors
  7. Select the signing key you want to associate with this rule from the Signing key drop-down list of existing keys

Import Note: you can click Advanced Options to open a box with additional optional rule settings if you intend to create additional rules.

8.From the Signing rule options drop-down list, select Sign email messages. Then create a list of email addresses to which this option applies.

9.Click OK

To enable DKIM verification, please follow the steps below:

  1. Head to the Settings > Inbound/Outbound > DKIM Settings page
  2. In the DomainKeys Identified Mail (DKIM) Verification section, mark the following check box to activate DKIM verification:
  • Enable DomainKeys Identified Mail (DKIM) verification for outbound messages

3.Save the changes

Congratulations, you now successfully authenticated your outgoing mail stream from Forcepoint with SPF and DKIM.

Various authors from EasyDMARC teams have contributed to our blog during company's lifetime. This author brings everyone together.


Inline Feedbacks
View all comments

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us