DKIM is an authentication method designed to protect email recipients from spoofed messages. The DKIM signing feature, available on the Encryption tab of your email policies, can be used to digitally sign outbound messages, providing sender address and message integrity validation for message recipients.

When DKIM signing is enabled, the cloud service signs outgoing messages from specified sender domains/subdomains with a private key, adding a DKIM-Signature header. Recipient servers can use the information in this header to verify the message signature against Forcepoint's public key, validating that the sender address has not been forged, and the message has not been altered in transit.

DKIM signing rules can be configured on the Email > Policies > [policy name] > Encryption tab. Define DKIM signing rules to authenticate sender domains or subdomains, using one of your domains as a signing domain. Granular sender/recipient options are available to include or exclude specific sender addresses, or sender/recipient combinations.

In order to improve the customer log on experience, the default landing page for Security Portal administrators has been changed to the Account > Licenses screen. Note that you can change your default landing page at any time, by clicking the arrow next to your logon account name and selecting Set Landing Page.

The encrypted message settings, found on the Antivirus tab of an email policy, are used to quarantine messages that contain encrypted archive files, and messages encrypted using a standard such as PGP or S/MIME. Such messages pose a security risk because the service cannot scan the content of encrypted messages and attachments. With these settings enabled, encrypted messages are quarantined in order to prevent potential virus infection.

The option appears beneath the Encrypted messages settings in both the inbound rule and outbound rule sections of the Antivirus tab of your policies. Click the Encrypted Message Bypass link to enter a set of sender/recipient email addresses, groups, or domains that are permitted to send or receive encrypted messages through the service.

For more information on using this feature, see Antivirus exceptions in the Forcepoint Email Security Cloud help.

If your firewall policies allow specific IP addresses for SMTP delivery, you should ensure that all Forcepoint Email Security Cloud IP subnets are permitted. The full list of IP addresses for the cloud email service can be found in the Forcepoint Security Portal by navigating to Email > Settings > Service IP Addresses, or in the following knowledge base article: Cloud service data center IP addresses and port numbers.

For outbound connections to the cloud service, configure your mail server to use your customer-specific outbound mail DNS entry, which is listed in the Forcepoint Security Portal under Email > Settings > Service IP Addresses > MX Record DNS Entries.

Please also ensure that your SPF record is updated to include our full set of IP ranges. An incorrect or incomplete SPF record may cause message delivery failures. For detail on how to configure your SPF record, refer to the knowledge base article Setting up an SPF record if the outbound email uses Forcepoint Email Security Cloud.

An issue with the current implementation of the new outbound DKIM signing feature has been identified. In Forcepoint's ongoing commitment to excellence, we are temporarily removing the DKIM signing feature from the Security Portal. If you have already enabled this feature, please contact Forcepoint Technical Support for assistance. Forcepoint is committed to delivering outbound DKIM signing, and we will alert you when it is available.

The Help > Data Privacy menu within the Security Portal has been revised to include updated documentation on the management of personal data within the Forcepoint cloud infrastructure. The relevant menu options appear depending on your product licensing, and provide updated information on Forcepoint Web Security Cloud and Forcepoint Email Security Cloud. The updated documents replace the previous Data Privacy FAQ.

The documents are intended to answer customer queries on the use of personal data by the Forcepoint cloud service, and form part of the wider Forcepoint Cloud Trust Program. Details available at: https://www.forcepoint.com/forcepoint-cloud-compliance

To review the updated documents, use the links in the Help menu within the Forcepoint Security Portal:

For details of new features added, and issues resolved during 2017, please see the Forcepoint Email Security Cloud 2018 Release Notes.