Forum Discussion
Martin Front
Nov 27, 2018Brass Contributor
Dkim with multiple domains in Office 365
Hi,
I´m about to implement DKIM and DMARC in to an orginzation with multiple domains (7).
Every user uses the same domain name but it´s some shared mailboxes which can have different domain names.
As i read some posts where some has experienced issues with DKIM and shared mailboxes in Office 365 I have not activated it on the domains yet.
Questions:
- Is it any issue to use shared mailboxes when you activate DKIM?
- Can I set up DKIM only for one domain or i need to set it up on every domain in the tenant? (If I´m not are goin to use DKIM features on the other domains
- Is it anything else that can be tricky with DKIM/Dmarc when you´ve multiple domains or can i as user@domain.com send mail from a shared mailbox named: shared@domain3.com?
I have populated the cname-record but not activated it yet since i need an answer on the questions above.
//Martin
Hi Martin,
No worries, glad I could help. If you did want to run a quick check you can run:
Get-Mailbox |Select DisplayName, GrantSendOnBehalfTo
It should give you an output like in the attached picture.
Take care,
- Oliver MoazzeziBrass ContributorYes I remember the issue - SendAs works but SendonBehalfOf failed as the DKIM generation was incorrectly set. I believe this was raised to Microsoft and resolved - but I haven't seen any further information on it since. Do you have SendonBehalfOf utilised a lot in your Org?
- Martin FrontBrass Contributor
As i know, they are not working with sendasbehalf, so it shouldn´t be any issue then!
Thanks for the clarification!
- Oliver MoazzeziBrass Contributor
- Oliver MoazzeziBrass Contributor
Hi there,
You can enable DKIM on select domains yes. You do not have to bulk enable all domains.
I am aware of the initial dkim issue for shared mailboxes when the DKIM service was made available in Exchange Online. I believe this is now resolved however. To enable DKIM on a per domain basis simply select 'enable' and ensure you setup the associated CNAME record.
More information: https://docs.microsoft.com/en-us/office365/securitycompliance/use-dkim-to-validate-outbound-email
- Martin FrontBrass Contributor
Hi,
Thanks for the answer.
Okej, so DKIM checks will be legit even if you send from a shared malbox?
As i understood, sendas should work, sendonbehalf is worse?