This instructional article will demonstrate the Cornerstone OnDemand configuration process of Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures to ensure Cornerstone OnDemand passes the DMARC alignment check and eliminate spam from your domain and increase security.
The SPF record identifies the mail servers and domains that are allowed to send email on behalf of your domain. The DKIM record, on the other hand, is a specially formatted DNS TXT record that stores the public key the receiving mail server will use to verify a message’s signature. These email authentication methods will be used to prove to ISPs and mail services that senders are truly authorized to send email from a particular domain and are a way of verifying your email sending server is sending emails through your domain.
The process of configuring SPF
In order to authenticate Cornerstone OnDemand on SPF, you should add to the SPF record, the relevant IPs for the region in which you are hosted. If you are unsure, speak to Cornerstone Support team to confirm your Swimlane location.
Cornerstone Email Server IP addresses:
208.185.229.41 | la4prd1.mx.csod.com |
208.185.229.42 | la4prd2.mx.csod.com |
208.185.229.43 | la4prd3.mx.csod.com |
208.185.229.44 | la4prd4.mx.csod.com |
208.185.229.45 | la4prd5.mx.csod.com |
For customers using Cornerstone AWS Data Centers, please note these IPs are different and are as follows:
ues1.mx.csod.com / 35.80.141.6 (US) |
ues2.mx.csod.com / 44.229.121.55 (US) |
les1.mx.csod.com / 18.168.51.200 (UK) |
les2.mx.csod.com / 18.168.140.58 (UK) |
ees1.mx.csod.com / 3.123.206.219 (EU – FRA SL1) |
ees2.mx.csod.com / 3.68.129.51 (EU – FRA SL1) |
ees2.mx.csod.com / 3.68.129.51 (EU – FRA SL1) |
aes2.mx.csod.com / 3.106.50.25 (AU) |
jes1.mx.csod.com / 18.180.127.81 (JP) |
jes2.mx.csod.com / 54.64.30.13 (JP) |
For customers on FR please also add the EU IPs above:
fes1.mx.csod.com/ 35.181.156.191 (FR – CDG SL1) |
fes2.mx.csod.com/ 13.36.253.151(FR – CDG SL1) |
frs1.mx.csod.com/15.236.171.222(FR RESTRICTED- CDG SL4) |
frs2.mx.csod.com/13.37.17.159(FR RESTRICTED – CDG SL4) |
Please follow these steps:
- Login and head to your DNS Zone provider
- Create a new TXT record
- Input the DNS name as @ or your domain name
- Input the DNS value as v=spf1 ip4:208.185.229.44 ~all
Important Note: you must replace the highlighted IP address with your email server IP address mentioned above.
- Save the record
- Wait up to 72 hours to allow your DNS to process the changes
The screenshot below will show you an example of the SPF record. We’ll be using CloudFlare for this example.
Important Note: Each domain must have only one SPF TXT Record. If you have multiple SPF Records, SPF will return a PermError.
If you are using multiple IPs, ESPs, Third-Party services for your various email strategies, you should include them in a single SPF Record.
E.g v=spf1 ip4:18.57.156.221 ip4:208.185.229.44 include:thirdpartyservice.com ~all
The process of configuring DKIM
In order to authenticate Cornerstone OnDemand on DKIM, please reach out to your CSOD account manager to assist you on configuring your DKIM on your domain.
Congratulations, you now successfully authenticated your outgoing mail stream from Cornerstone OnDemand with SPF and DKIM.
The post Cornerstone OnDemand SPF and DKIM configuration: Step By Step Guideline appeared first on EasyDMARC.
*** This is a Security Bloggers Network syndicated blog from EasyDMARC authored by EasyDmarc. Read the original post at: https://easydmarc.com/blog/cornerstone-ondemand-spf-and-dkim-configuration-step-by-step-guideline/