SOLVED

Some clarification regarding DKIM use needed

Copper Contributor

Hi All,

 

I know the principals of DKIM setup but here is few things I still have questions:

 

1) If I have multiple source senders and unable to set DKIM signer for some of the sources - would that cause domain reputation issues when some/most items then would have the DKIM signed and some/few would not? I cannot get rid of those unable to get DKIM signed at this time so I need to understand how this affect the whole...?

 

2) Second question is regarding setting up 'Exchange DKIM Signer' from Github - Can it be put to exchange server with only mail role or would I need to get edge server to be able to use it? I think I read somewhere a long while ago that any kind of DKIM signer solution would need edge role but the documentation of 'Exchange DKIM Signer' does not actually say so...

 

Kindly,

Em.

4 Replies
best response confirmed by EmMabel (Copper Contributor)
Solution
Yes, emails from different sources may have different DomainKeys Identified Mail (DKIM) signers, and domain reputation issues may occur if DKIM signers cannot be set up for all sources.
If the DKIM signature is missing or inconsistent, recipients may suspect that the email may be spoofed. This can damage your domain's reputation, and future emails sent from this domain are more likely to be classified as spam.

When using GitHub's 'Exchange DKIM Signer', you typically do not need the Edge Transport server role in Microsoft Exchange Server.
Although the Edge Transport role is often associated with handling external mail flow, DKIM signing is typically performed on Mailbox servers.

@TAE_YOUN_ANN

Thank you for your response!

I kinda knew the response for the DKIM question, just needed someone to confirm the thought.

I will proceed testing out the 'Exchange DKIM Signer' on the test mail server. Did not want to spend a lot of time trying to install it on the mail server if it's not even supposed to work there.

 

Kindly,

Em.

 

@EmMabel 

 

Did you succeed to get it working?

I did it on Exchange 2016 CU23 15.1.2507.6 running on Win 2012 R2 using the Git-Hub DKIM Signer ver 3.4.0 and unfortunately did not work.

 

 

@Dead101 

By default Exchange server does not have this option to sign for emails with DKIM.

We need to have an MTA agent to perform this job on the Exchange server or the best way is to enable this feature for signing out all emails through an SMTP gateway for an on-premises setup.

Almost every SMTP gateway in the market is having this option to enable DKIM and DMARC.

On-Premises Exchange: DKIM and DMARC setup 

1 best response

Accepted Solutions
best response confirmed by EmMabel (Copper Contributor)
Solution
Yes, emails from different sources may have different DomainKeys Identified Mail (DKIM) signers, and domain reputation issues may occur if DKIM signers cannot be set up for all sources.
If the DKIM signature is missing or inconsistent, recipients may suspect that the email may be spoofed. This can damage your domain's reputation, and future emails sent from this domain are more likely to be classified as spam.

When using GitHub's 'Exchange DKIM Signer', you typically do not need the Edge Transport server role in Microsoft Exchange Server.
Although the Edge Transport role is often associated with handling external mail flow, DKIM signing is typically performed on Mailbox servers.

View solution in original post