PingOne

Setting up a trusted email domain

You can configure PingOne to send emails on your organization’s behalf from a trusted domain. Use PingOne to get the email domain trust records and add them to your DNS configuration. You can also set up DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF).

Before you begin

You’ll need:

  • An existing domain

  • Access to your DNS manager

About this task

  • You can configure up to 50 trusted email domains per environment.

  • To configure trusted email addresses for a trusted email domain, see Configure trusted email addresses.

  • The _pingoneemail text record on the Email Domain Verification screen is optional, but it is highly recommended that you add this record as well to your DNS. If it is not added, each sender email address you add will have to be verified separately via a verification email.

Adding the trusted email domain

You’ll add the trusted email domain to your environment and then configure your DNS manager.

Steps

  1. Go to Settings → Domains.

  2. Click Add Email Trust.

  3. Enter the trusted email domain name, such as auth.example.com and click Save. PingOne validates the domain name to ensure that it is not already in use.

Adding the records to your DNS configuration

After you add the trusted email domain, copy the email domain trust records and add them to your DNS configuration. Ensure that you add the records as TXT records, not CNAME records.

Steps

  1. Go to Settings → Domains.

  2. For the appropriate email domain name entry, click Verify.

  3. In the Email Domain Verification screen, copy the email domain trust records to a secure location.

  4. Go to your DNS manager and update it with these copied email domain entries. You can leave the PingOne window open, or close it and return later.

    The specifics of DNS configuration depend on your DNS manager. We recommend that you wait at least one hour for the DNS changes to propagate through the internet, although it can take up to 24 hours.

Verifying the trusted email domain

Ensure that you have added the trust records to your DNS configuration before starting this task. You cannot verify a trusted email domain until you update the DNS manager to add the trust records.

Steps

  1. Go to Settings → Domains.

  2. For the appropriate email domain name entry, click Verify.

    • A green check mark indicates that the verification check succeeded.

    • A yellow exclamation point indicates that the verification check did not succeed. In this case, we recommend that you wait one hour and try again. Complete DNS propagation can take up to 24 hours.

  3. Click Close.

The email domain name should show a green checkmark to confirm that it has been verified, and the DKIM Setup and SPF Setup buttons should be visible. If there is a yellow exclamation point next to the email domain name, click Verify to retry the verification process.

Setting up DKIM

After you have verified the trusted email domain, you can set up DKIM (DomainKeys Identified Mail). DKIM authenticates email messages and prevents forged sender addresses.

Steps

  1. Go to Settings → Domains.

  2. For the appropriate email domain name entry, click DKIM Setup.

  3. Copy the email trust records.

    If you see multiple regions listed, such as EU-WEST-1, US-EAST-1, US-WEST-1, you should copy the CNAME records for all regions. This is required for SES (Simple Email Service) to sign messages, and can also allow messages to be sent from another region if there is a fault in the primary region.

  4. Go to your DNS manager, and update it with these copied DKIM entries. Ensure that you add the records as CNAME records, not TXT records.

  5. Return to the DKIM Setup screen and click Verify.

    • A green check mark indicates that the verification check completed successfully.

    • A yellow exclamation point indicates that the verification check did not succeed. In this case, we recommend that you wait one hour and try again. Complete DNS propagation can take up to 24 hours.

  6. Click Close.

Setting up SPF

You can set up SPF (Sender Policy Framework), which helps protect senders and recipients from spam, spoofing, and phishing. By adding an SPF record to your DNS, you can specify a list of senders approved to send email from your domain.

Steps

  1. Go to Settings → Domains.

  2. For the appropriate email domain name entry, click SPF Setup.

  3. Copy the email trust records.

  4. Go to your DNS manager, and update it with these copied SPF entries.

  5. Return to the SPF Setup screen and click Verify.

    • A green check mark indicates that the verification check has completed successfully.

    • A yellow exclamation point indicates that the verification check has not succeeded. In this case, we recommend that you wait one hour and try again. Complete DNS propagation can take up to 24 hours.

  6. Click Close.