Forum Discussion

Martin Front's avatar
Martin Front
Brass Contributor
Nov 27, 2018

Dkim with multiple domains in Office 365

Hi,

 

I´m about to implement DKIM and DMARC in to an orginzation with multiple domains (7).

Every user uses the same domain name but it´s some shared mailboxes which can have different domain names.

 

As i read some posts where some has experienced issues with DKIM and shared mailboxes in Office 365 I have not activated it on the domains yet.

 

Questions:

- Is it any issue to use shared mailboxes when you activate DKIM?

- Can I set up DKIM only for one domain or i need to set it up on every domain in the tenant? (If I´m not are goin to use DKIM features on the other domains

- Is it anything else that can be tricky with DKIM/Dmarc when you´ve multiple domains or can i as user@domain.com send mail from a shared mailbox named: shared@domain3.com?

 

I have populated the cname-record but not activated it yet since i need an answer on the questions above.

 

//Martin

  • Hi Martin,

     

    No worries, glad I could help. If you did want to run a quick check you can run:

     

    Get-Mailbox |Select DisplayName, GrantSendOnBehalfTo

     

    It should give you an output like in the attached picture.

     

    Take care,

     

     

  • Yes I remember the issue - SendAs works but SendonBehalfOf failed as the DKIM generation was incorrectly set. I believe this was raised to Microsoft and resolved - but I haven't seen any further information on it since. Do you have SendonBehalfOf utilised a lot in your Org?
    • Martin Front's avatar
      Martin Front
      Brass Contributor

      As i know, they are not working with sendasbehalf, so it shouldn´t be any issue then!

       

      Thanks for the clarification!

      • Oliver Moazzezi's avatar
        Oliver Moazzezi
        Brass Contributor

        Hi Martin,

         

        No worries, glad I could help. If you did want to run a quick check you can run:

         

        Get-Mailbox |Select DisplayName, GrantSendOnBehalfTo

         

        It should give you an output like in the attached picture.

         

        Take care,

         

         

  • Hi there,

     

    You can enable DKIM on select domains yes. You do not have to bulk enable all domains.

     

    I am aware of the initial dkim issue for shared mailboxes when the DKIM service was made available in Exchange Online. I believe this is now resolved however. To enable DKIM on a per domain basis simply select 'enable' and ensure you setup the associated CNAME record.

     

    More information: https://docs.microsoft.com/en-us/office365/securitycompliance/use-dkim-to-validate-outbound-email

    • Martin Front's avatar
      Martin Front
      Brass Contributor

      Hi,

       

      Thanks for the answer.

      Okej, so DKIM checks will be legit even if you send from a shared malbox?

       

      As i understood, sendas should work, sendonbehalf is worse?

Resources