Oracle Cloud Infrastructure Documentation

Configure Email Authentication with SPF and DKIM

Configure email authentication with SPF and DKIM to help ensure the security and integrity of email notifications sent from Oracle Integration. These email notifications are used to communicate important information about the status of integrations and related activities. By setting up SPF and DKIM, you help prevent your notification emails from being marked as spam or tampered with during delivery, improving trust and deliverability.

A simple yet effective way to validate emails, avoid spoofing, and reduce fraud attacks is configuring SPF and DKIM. Depending on email infra security, you may need to configure SPF and DKIM.
  • Sender Policy Framework (SPF) lets domain owners identify servers they have approved to send emails on behalf of their domain. In Oracle Integration's case, domain owners need to approve OCI as an approve sender and to add a record for it in their domain.
  • DomainKeys Identified Mail (DKIM) authenticates emails through a pair of cryptographic keys: a public key published in a Domain Name System TXT record, and a private key encrypted in a signature affixed to outgoing messages. The keys are generated by the email service provider.

Follow these steps to configure SPF and DKIM for your domain, then verify the configuration.

  1. Configure SPF (Sender Policy Framework).

    Add an SPF record to the domain of the from address to include the Oracle Cloud Infrastructure email delivery domain.

    Use the format below for the SPF record. The SPF record must identify the continent key of the Oracle Integration instance, as shown in the examples below.

    v=spf1 include:<continentkey>.oracleemaildelivery.com ~all

    Sending Region Example SPF Format

    America

    v=spf1 include:rp.oracleemaildelivery.com ~all

    Asia/Pacific

    v=spf1 include:ap.rp.oracleemaildelivery.com ~all

    Europe

    v=spf1 include:eu.rp.oracleemaildelivery.com ~all

    All Commercial Regions

    v=spf1 include:rp.oracleemaildelivery.com include:ap.rp.oracleemaildelivery.com include:eu.rp.oracleemaildelivery.com ~all

    United Kingdom Government Cloud

    v=spf1 include:rp.oraclegovemaildelivery.uk ~all
    In earlier Oracle Integration instances, sender verification was supported by adding the standard record include:spf_c.oraclecloud.com to the domain of the from address.
  2. Configure DKIM (DomainKeys Identified Mail).

    To configure DKIM keys for Oracle Integration 3 instances, please log a Service Request in My Oracle Support. Include the following details:

    • Selector name

    • Key size

    • from address that will be used to send emails

    Oracle provides you with the details to add the CNAME DNS record for your domain. The instructions to add the DNS record depend on your domain provider. The CNAME contains the location of the public key.

    For example, for a selector name of me-yyz-20200502, a sending domain of mail.example.com, and an email region code of yyz, the CNAME looks like this:

    me-yyz-20200502._domainkey.mail.example.com IN CNAME me-yyz-20200502.mail.example.com.dkim.yyz1.oracleemaildelivery.com

    Once the DNS is updated, update the service request, and Oracle will activate the DKIM settings for your domain.

  3. In Oracle Integration, configure approved senders and confirm SPF and DKIM configuration.
    1. In the navigation pane, click Settings, then Notifications. The Notifications screen is displayed.
    2. In the Senders section, click Add Email Address to add approved senders, and complete the following fields.
      Field Description

      Email Address

      Enter your domain email address as the from address. You must set SPF and DKIM if using your own domain email address.

      Approval Status

      Either Approved or Not Approved, indicating email address approval.

      Email address approval is based on your version of Oracle Integration. In Oracle Integration, a verification email is sent. You must click the verification link you receive in the email. Upon successful verification, status is changed to Approved. In Oracle Integration 3, the email is automatically approved when you add the email ID.

      SPF Status

      This field verifies configuration for the Sender Policy Framework (SPF) for the sender email addresses. The status should be Configured.

      Confirm DKIM

      Check this field to confirm DKIM configuration for the sender.
    3. Click Save.

For information about email notifications in integrations, see Sending Service Failure Alerts, System Status Reports, and Integration Error Reports by Notification Emails in Using Integrations in Oracle Integration 3. Also see Send Notification Emails During Stages of the Integration with a Notification Action in Using Integrations in Oracle Integration 3.