OnDMARC

To authorize Proofpoint to send emails on your behalf you will have to include it in your SPF record. Refer to your Deployment Information email for the details, as the SPF is unique to each PPS cluster.

It usually follows the format: <code>include:spf-{clusterid}.pphosted.com</code>

To setup DKIM on PPS, follow these steps:

Navigate to Email Protection tab &gt; Email Authentication &gt; DKIM Signing &gt; Keys

Click Generate Key to create a key for a domain and selector. Each key must have a unique domain and a unique selector within the domain. Proofpoint-generated domain keys are 2048-bits in length.

At the Generate Key Entry dialog box type or specify your domain, the selector, the scope of the key, and the policy routes. For the policy routes, only check Disable processing for selected policy routes… Under Available scroll down and select default_inbound Click the &gt;&gt; to add it to Disable For Any Of:

Click View in the DNS Text Record column to see the text record for a DKIM key.

A pop-up window displays the DNS text record that contains the public key. Copy the DNS text record for each domain-selector pair to your DNS servers

Once the DNS record has been created, wait a few minutes to ensure the record has time to propagate.

On the PPS Admin Console and click on Test to verify if the DNS record was created correctly.

The feedback for the test will appear above the navigation tabs (System, Email Protection, Information Protection).

Once the DNS record has been validated click the Enabled box and then click Save Changes.

Turn on DKIM Signing by navigating to Email Protection tab &gt; Email Authentication &gt; DKIM Signing &gt; General Click On next to Enable Click Save Changes

1. Navigate to Email Protection tab &gt; Email Authentication &gt; DKIM Signing &gt; Keys
2. Click Generate Key to create a key for a domain and selector. Each key must have a unique domain and a unique selector within the domain. Proofpoint-generated domain keys are 2048-bits in length.
3. At the Generate Key Entry dialog box type or specify your domain, the selector, the scope of the key, and the policy routes. For the policy routes, only check Disable processing for selected policy routes… Under Available scroll down and select default_inbound Click the &gt;&gt; to add it to Disable For Any Of: 
4. Click on Add Entry.
5. Click View in the DNS Text Record column to see the text record for a DKIM key.
6. A pop-up window displays the DNS text record that contains the public key. Copy the DNS text record for each domain-selector pair to your DNS servers
7. Once the DNS record has been created, wait a few minutes to ensure the record has time to propagate.
8. On the PPS Admin Console and click on Test to verify if the DNS record was created correctly.
9. The feedback for the test will appear above the navigation tabs (System, Email Protection, Information Protection).
10. Once the DNS record has been validated click the Enabled box and then click Save Changes.
11. Turn on DKIM Signing by navigating to Email Protection tab &gt; Email Authentication &gt; DKIM Signing &gt; General Click On next to Enable Click Save Changes

For more details, or for detailed screenshots refer to the Proofpoint documentation <a href="https://proofpointcommunities.force.com/community/s/article/How-to-enable-DKIM-signing-in-POD-PPS" target="_blank" rel="nofollow noopener noreferrer">here</a>.

Create a free OnDMARC account to test your configuration using our Investigate tool.

Increase the deliverability of your outbound emails by correctly configuring SPF and DKIM. After configuration test your results.