SOLVED

Dkim with multiple domains in Office 365

Brass Contributor

Hi,

 

I´m about to implement DKIM and DMARC in to an orginzation with multiple domains (7).

Every user uses the same domain name but it´s some shared mailboxes which can have different domain names.

 

As i read some posts where some has experienced issues with DKIM and shared mailboxes in Office 365 I have not activated it on the domains yet.

 

Questions:

- Is it any issue to use shared mailboxes when you activate DKIM?

- Can I set up DKIM only for one domain or i need to set it up on every domain in the tenant? (If I´m not are goin to use DKIM features on the other domains

- Is it anything else that can be tricky with DKIM/Dmarc when you´ve multiple domains or can i as user@domain.com send mail from a shared mailbox named: shared@domain3.com?

 

I have populated the cname-record but not activated it yet since i need an answer on the questions above.

 

//Martin

6 Replies

Hi there,

 

You can enable DKIM on select domains yes. You do not have to bulk enable all domains.

 

I am aware of the initial dkim issue for shared mailboxes when the DKIM service was made available in Exchange Online. I believe this is now resolved however. To enable DKIM on a per domain basis simply select 'enable' and ensure you setup the associated CNAME record.

 

More information: https://docs.microsoft.com/en-us/office365/securitycompliance/use-dkim-to-validate-outbound-email

Hi,

 

Thanks for the answer.

Okej, so DKIM checks will be legit even if you send from a shared malbox?

 

As i understood, sendas should work, sendonbehalf is worse?

Yes I remember the issue - SendAs works but SendonBehalfOf failed as the DKIM generation was incorrectly set. I believe this was raised to Microsoft and resolved - but I haven't seen any further information on it since. Do you have SendonBehalfOf utilised a lot in your Org?

As i know, they are not working with sendasbehalf, so it shouldn´t be any issue then!

 

Thanks for the clarification!

best response confirmed by Martin Front (Brass Contributor)
Solution

Hi Martin,

 

No worries, glad I could help. If you did want to run a quick check you can run:

 

Get-Mailbox |Select DisplayName, GrantSendOnBehalfTo

 

It should give you an output like in the attached picture.

 

Take care,

 

 

Thanks alot!

1 best response

Accepted Solutions
best response confirmed by Martin Front (Brass Contributor)
Solution

Hi Martin,

 

No worries, glad I could help. If you did want to run a quick check you can run:

 

Get-Mailbox |Select DisplayName, GrantSendOnBehalfTo

 

It should give you an output like in the attached picture.

 

Take care,

 

 

View solution in original post