In this article are the necessary steps required in order to onboard a domain on Redsift's OnDmarc with the help from our Onboarding tool from Vircom Portal. The steps below will show you all the text records and step by step process to complete an Onboarding of a domain.
The process of created the profile on Redsift is using our Vircom Portal website to create the profile then configure the DNS records required for OnDmarc.
1- Open a browser to www.vircomportal.com
2- At the login screen, please use your local login credentials that is used to login to Proofpoint Essentials.
3- Vircom Portal and Proofpoint Essentials use the same local password used to login each other.
4- Enter your username and password in the Vircom Portal login screen at www.vircomportal.com.
5- Once logged in, on the left hand side menu bar under ONDMARC, select PROVISIONING.
6- Next enter the e-mail address used as a administrator for your Gsuite or Office 365 tenant that is used for your domain in the email address field and click NEXT.
7- If the domain already exists on Proofpoint Essentials, make sure the toggle is set to YES and select domain in question from the drop down menu. Then click NEXT.
8- View and then confirm by clicking FINISH to create the Profile on Redsift.
9- The final page results will vary based on DNS records. The page will provide a login URL for Redsift and some DNS results and what will require your attention to configure in Redsift for OnDmarc. You can even DOWNLOAD the result if you wish. Then click DONE.
-------------------------------------------------------------------------------------------------------------------------
Configuring OnDMARC on Redsift.
1- Once you have completed the profile creation on Redsift you can now login. With the URL obtained from Redsift you can use your admin account to either login with Gsuite or Microsoft O365 credentials.
2- Select the login option for your domain and enter the credentials to sign-in.
3- click ACCEPT to allow permission.
4- On the main page, select "GO TO RED SIFT ONDMARC" button to view your profile.
5- You can now see the list of your domain created by vircomportal. As you can see there is no Dmarc policy but the SPF records were imported in to Redsift.
6- Next click on DMARC and DYNAMIC SERVICES and click the CONFIGURE DYNAMIC SERVICES button to setup SPF DKIM DMARC and MTA-STS.
7- The first tab you will allow you to add all entries listed in the SPF record for that domain. Example if your SPF consists of Proofpoint Essentials and Microsoft SPF record, click ADD NEW INCLUDE and enter each part of the spf record as listed below. Remember each SPF record contains different entries so be aware of the different option on this section.
8- Once all the SPF configuration has been entered. Copy the new SPF TXT and replace your existing SPF record with it in your DNS. If you do not have an existing SPF record, create a new TXT record and add it to your DNS.
9- Next click on the DMARC tab, now depending on some DNS providers, some DNS providers will not allow you to create NS records or Name Server records, But they will allow you create CNAME records or Canonical Name records.
10- Pick the appropriate record that is required for your DNS provider and copy the following records as indicated below. ONLY COPY the sections that are highlighted into your DNS records below. For this example it is a CNAME record. So in your DNS create a CNAME record with the following values.
Name: _dmarc
Value: _dmarc.yourdomain.com._dmarc.smart.ondmarc.com
11- Next click on the DKIM tab, here will begin to add all the existing DKIM records associated with your domain. If you have 2 DKIM records associated with your domain, or 3 DKIM records... etc. they will all need to be listed below.
12- Depending on certain platforms and services some DKIM keys maybe in TXT or in CNAME format. You can simply click the ADD NEW SELECTOR button and from the drop down menu select either a TXT or CNAME entry.
13- When entering the selector, this is no need to ._domainkey as part of the selector record. Enter each records as seen below depending if they are TXT or CNAME records and click the ADD DKIM ENTRY.
14- Once all your DKIM records have been added in, it is now time to enter the main DKIM record in your DNS. The DKIM record is only available in a Name Server record or NS record. It is possible that some DNS providers do not allow the creation of NS records so this step might be avoided. Copy the following entries below that are highlighted and enter them in your DNS.
Name: _domainkey
Value: ns-dkim.ondmarc.com
15- Next will setup the MTA-STS keys used TLS reports and encryption, click the MTA-STS tab and click the GENERATE RECORDS button.
16- Once the keys have been generated, you will be provided with 4 different NS records and CNAME records you will have to enter in your DNS. As mentioned in step 14, if your DNS does not support NS record creation, you can have them changed to CNAME records instead.
17- Then the following rules listed below will have to be entered in DNS as either a CNAME record of NS record. Remember it all depends on if your DNS provider supports NS record creation. Copy all that is highlighted below and that the NAME value does not require the appendix of your domain name.
18- In the MTA-STS tab there is one more CNAME record that needs to be added in DNS. Copy all that is highlighted below and that the NAME value does not require the appendix of your domain name.
19- Once all the records have been added in your DNS. you will need to wait 24 hours before all the DNS records propagate successfully. The end result will indicate a Green color target icon stating "Found in DNS". This will ensure that all records have been validated and ready to receive reports.
