Configure Email Authentication Settings for SPF and DKIM

Configure email authentication settings for SPF and DKIM as needed for integrations and processes.

  1. SPF (Sender Policy Framework): In earlier versions of Oracle Integration, sender verification was supported by adding the standard record to the domain of the from address to include the Oracle Cloud Infrastructure email delivery domain.

    In Oracle Integration Generation 2 instances, the SPF record must identify the continent key of the Oracle Integration instance. (Also see Configure SPF.)

    Use this format for the SPF record for Oracle Integration Generation 2 instances:

    v=spf1 include:<continentkey> ~all


    • America: v=spf1 ~all

    • Asia/Pacific: v=spf1 ~all

    • Europe: v=spf1 ~all

  2. DKIM (DomainKeys Identified Mail): To configure DKIM keys for Oracle Integration Generation 2 instances, please log a Service Request in My Oracle Support and add the newly created public key to the DNS record of the from address domain. You'll need to provide the following values; otherwise, default values are used.
    • selector name

    • key size

    After the public-private key pair is generated, the public key will be shared with you. The private key is used to sign the email sent from Oracle Integration using the corresponding from address.

    Below are two DNS TXT records added to the domain's DNS zone. They use sample values for illustration purposes; replace their values with actual values. Follow these steps to complete the DKIM configuration process:

    1. Add a _domainkey sub-domain under the sending domain itself (

    2. Under the _domainkey sub-domain you just added, create a TXT record with this value:


    3. Add a sub-domain under _domainkey with the same name as the selector ( Here default is the selector name.

    4. Under the selector sub-zone you just added, create a single TXT record with this value (with a space between the k and p assignments, not a hard return):

      k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17OmCozSzQyyBCqjz8Uz9vAdnq62tdYKPUdvVxg3hzOgLUuEtzAP7HrnZ7JUQyg2t+/8O3fU/WWu6QaVjHs+evn9vbQ68pT9dLCtXuZxXQ/87cW9td5m0pRmB6RDtLrpQr2bLiMVP68rDBjc503Q8p8Uy8/EoDQFKuN2qJb2x8auwOSf+g8wNYXBVnnz7Hv5Abf5kzksBUJUt4FF82vLsS2XKVdrPQO+CtBJb5GX693/A4WcVwac+NFJ5jt3PvcnputJiDp4kXlyJrPNrP+JLirl/bwgyuC2O4HUoEo0A9N4HSpDQhwhpNQAoZ3ClRkJyB3ZVpBuXOFuIUHcM0SkeQIDAQAB

For information about email notifications in integrations, see Send Notification Emails During Stages of the Integration with a Notification Action in Using Integrations in Oracle Integration.

For information about email notifications in processes, see Enable Email Notifications in Using Processes in Oracle Integration.

Oracle Cloud Infrastructure Email Configuration Recommendations

Follow these recommendations to correctly configure and use the default from address and suppression list.

Default From Address

  • Don't use as the from address.
  • Don't use the oracle domain.
  • Change the default from address from to

    The region attribute is provided by Oracle Integration.

  • Change the from address in your integrations from to

    The region attribute is provided by Oracle Integration.

Suppression List

  • Add To addresses to the suppression list for a number of reasons:
    • As of now, the recipient address when a hard bounce occurs (emails go undelivered for permanent reasons), when a soft bounce occurs (emails go undelivered for temporary reasons), and when a large number of emails are received are some of the reasons to add the To address to the suppression list.
  • If DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) are not configured for the from address domain, the likelihood of having a bounce or messages being silently dropped by the receiving infrastructure is higher.
  • The suppression list cannot currently be viewed in Oracle Integration. Raise a service request to remove emails from the suppression list.