DKIM behind Separate MTA

ChrisHoardMVP
MVP
Jun 28, 2019
Thanks Robert,

I’m that case the recommended course of action would be to have SPF, DKIM and DMARC all set up with ProofPoint as opposed to EOP, being your smarthost

This is done regularly in the UK with several other well known brands. I can’t mention them specifically due to house rules but they would be competitors!

Hope that answers your question!

Best, Chris
- Robert Bollinger
  Iron Contributor
  Jun 28, 2019
  ChrisHoardMVP
  
  Do you know of any Microsoft documentation whcih specific covers setting up DKIM (office 365) behind another MTA?
  
  as long as proofpoint doesn't modify the body hash, subject etc or other signed portions of the messages then i don't see how it would be a problem.
  
  I agree with you in principal that we should have Proofpoint do the signing as its the last hop but that isn't always possible.
  
  Thanks,
  
  Robert
  - ChrisHoardMVP
    MVP
    Jun 28, 2019
    No worries!
    
    I can’t find it personally, here’s how to setup DKIM
    
    https://docs.microsoft.com/en-us/office365/securitycompliance/use-dkim-to-validate-outbound-email
    
    Here’s also an account of what happens when you do (as instructed by ProofPoint)
    
    https://www.google.co.uk/amp/s/amp.reddit.com/r/msp/comments/bn5zld/proofpoint_with_office_365_spf_record_and_dkim/
    
    So they do say it’s possible and pass through if you follow the 365 guide, but has some caveats.
    
    I would personally spin up a test domain and a mailbox to simulate it.
    
    Hope that helps
    
    Best, Chris

Forum Discussion

Resources