Oracle Cloud Infrastructure Documentation

Configure Email Authentication Settings for SPF and DKIM

Configure email authentication settings for SPF and DKIM for integrations and processes. Apply these settings to your domain, then verify their configuration.

A simple yet effective way to validate emails, avoid spoofing, and reduce fraud attacks is configuring SPF and DKIM. Depending on email infra security, you may need to configure SPF and DKIM.

  • Sender Policy Framework (SPF) lets domain owners identify servers they have approved to send emails on behalf of their domain. In Oracle Integration's case, domain owners need to approve OCI as an approve sender and to add a record for it in their domain.

  • DomainKeys Identified Mail (DKIM) authenticates emails through a pair of cryptographic keys: a public key published in a Domain Name System TXT record, and a private key encrypted in a signature affixed to outgoing messages. The keys are generated by the email service provider.

Follow these steps to configure settings for SPF and DKIM. Also see An Advanced Guide to OIC Notification via Emails.

  1. Configure SPF (Sender Policy Framework).

    Add an SPF record to the domain of the from address to include the Oracle Cloud Infrastructure email delivery domain.

    Use the format below for the SPF record. The SPF record must identify the continent key of the Oracle Integration instance, as shown in the examples below.

    v=spf1 include:<continentkey>.oracleemaildelivery.com ~all

    Sending Region Example SPF Format

    America

    v=spf1 include:rp.oracleemaildelivery.com ~all

    Asia/Pacific

    v=spf1 include:ap.rp.oracleemaildelivery.com ~all

    Europe

    v=spf1 include:eu.rp.oracleemaildelivery.com ~all

    All Commercial Regions

    v=spf1 include:rp.oracleemaildelivery.com include:ap.rp.oracleemaildelivery.com include:eu.rp.oracleemaildelivery.com ~all

    United Kingdom Government Cloud

    v=spf1 include:rp.oraclegovemaildelivery.uk ~all
    In earlier Oracle Integration instances, sender verification was supported by adding the standard record include:spf_c.oraclecloud.com to the domain of the from address.
  2. Configure DKIM (DomainKeys Identified Mail).

    To configure DKIM keys for Oracle Integration Generation 2 instances, please log a Service Request in My Oracle Support. Include the following details:

    • selector name

    • key size

    • from address that will be used to send emails

    Oracle provides you with the details to add the CNAME DNS record for your domain. The instructions to add the DNS record depend on your domain provider. The CNAME contains the location of the public key.

    For example, for a selector name of me-yyz-20200502, a sending domain of mail.example.com, and an email region code of yyz, the CNAME looks like this:

    me-yyz-20200502._domainkey.mail.example.com IN CNAME me-yyz-20200502.mail.example.com.dkim.yyz1.oracleemaildelivery.com

    Once the DNS is updated, update the service request, and Oracle will activate the DKIM settings for your domain.

  3. In Oracle Integration, configure approved senders and confirm SPF and DKIM configuration.
    1. From the navigation pane, select Settings, then Integrations, then Notifications. The Notifications screen is displayed.
    2. In the Senders section, click + to add approved senders, and complete the following fields.
      Field Description
      Email Address

      Enter your domain email address as the from address. You must set SPF and DKIM if using your own domain email address.

      Approval Status Indicates email address approval. Green indicates the address is approved. Yellow indicates the address is not yet approved.

      Email address approval is based on your version of Oracle Integration. In Oracle Integration, a verification email is sent. You must click the verification link you receive in the email. Upon successful verification, status is changed to green. In Oracle Integration Generation 2, the email is automatically approved when you add the email ID.

      SPF Status

      This field verifies configuration for the Sender Policy Framework (SPF) for the sender email addresses. The status should be Configured.

      Confirm DKIM

      		 Check this field to confirm DKIM configuration for the sender.
    3. Click Save.

For information about email notifications in integrations, see Sending Service Failure Alerts, System Status Reports, and Integration Error Reports by Notification Emails in Using Integrations in Oracle Integration Generation 2. Also see Send Notification Emails During Stages of the Integration with a Notification Action in Using Integrations in Oracle Integration Generation 2.

For information about email notifications in processes, see Enable Email Notifications in Using Processes in Oracle Integration Generation 2.

Troubleshoot Oracle Cloud Infrastructure Notification Email Configuration to Ensure Proper Delivery

Follow these recommendations to correctly configure and use the default from address and suppression list. These recommendations help you to avoid email delivery issues.

Default From Address

  • Don't use no-reply@oracle.com as the from address.
  • Don't use the oracle domain.
  • Change the default from address from no-reply@oracle.com to no-reply@mail.integration.region.ocp.oraclecloud.com.

    The region attribute is provided by Oracle Integration.

  • Change the from address in your integrations from no-reply@oracle.com to no-reply@mail.integration.region.ocp.oraclecloud.com.

    The region attribute is provided by Oracle Integration.

Suppression List

  • Add To addresses to the suppression list for a number of reasons:
    • As of now, the recipient address when a hard bounce occurs (emails go undelivered for permanent reasons), when a soft bounce occurs (emails go undelivered for temporary reasons), and when a large number of emails are received are some of the reasons to add the To address to the suppression list.
  • If DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) are not configured for the from address domain, the likelihood of having a bounce or messages being silently dropped by the receiving infrastructure is higher.
  • You can remove email addresses from the suppression list. See Remove Email Addresses from the Suppression List in Using Integrations in Oracle Integration Generation 2.