Brass Contributor


We have run into an issue with DKIM and DMARC.

We have three domain names in use within our Microsoft 365 tenant. We use Proofpoint Essentials to filter inbound/outbound email to all of them.

Our SPF records have been around for several years before we began using Microsoft 365 and they verify that Proofpoint Essentials can send mail on our behalf.

However, since setting up DKIM and DMARC we are seeing reports which show that while our domain names are passing DKIM the domain name that is used as part of the sending process fails.

DKIM/DMARC allows recipient mail servers to verify that our email is sent via Proofpoint Essentials. We do not have any control over so wondered how other Microsoft 365 customers deal with this.

Please note this is not a question about sending email as We send email using

Thank you.

2 Replies

@PK Player 

Same here. I have searched all there is to be searched to no avail :( Our main problem is with D/L. DKIM alignment fails when a D/L member (with outside domain) sends out to D/L. Furthermore, while our passes all DKIM/Dmarc, when we check for, DKIM fails for all existing selectors. smh.

Well, I assume that it does not matter so much. Email from our tenant originates from Microsoft's mail servers which are Microsoft-owned IP addresses. I expect that so long as the IP addresses match Microsoft's servers the part of the domain name is accepted and that the DKIM/DMARC reports are purely for show and are not acted upon.
There's probably a whole level of authentication we are unaware of.