Understanding SPF and DKIM for Custom Email Senders
Jul 26, 2024
Okta Classic Engine
Okta Identity Engine
Administration
Overview
The goal of this knowledge article is to clarify aspects of SPF and DKIM configuration when creating a custom email sender within Okta.
NOTE: This does not apply to scenarios where admins use their own email provider. For those cases, please consult the documentation provided by the email provider, as each have their own steps for generating the data needed for DKIM configuration, as well as their own IPs used for email delivery.
Applies To
- SPF
- DKIM
- Custom Email Sender
- SendGrid
Cause
During custom email sender setup, admins may request the information needed to configure SPF and DKIM records in their DNS settings in order to increase their email domain's security.
Solution
When configuring an email sender, three CNAME records are generated:
- subdomain.{domain}.com (by default, the subdomain is mail, however, this can be changed when creating the email domain)
- {value}._domainkey.{domain}.com
- {value}2._domainkey.{domain}.com
Performing an SPF lookup on the first CNAME will show that an SPF record is already created for the sender, which includes all the IPs used by SendGrid to send Okta emails. Similarly, performing a DKIM lookup on the last two CNAME names will show that the DKIM configuration is already set up.
