cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DKIM/DMARC and onmicrosoft.com

PK Player
Brass Contributor

‎May 21 2021 04:27 AM

‎May 21 2021 04:27 AM

DKIM/DMARC and onmicrosoft.com

Hello

We have run into an issue with DKIM and DMARC.

We have three domain names in use within our Microsoft 365 tenant. We use Proofpoint Essentials to filter inbound/outbound email to all of them.

Our SPF records have been around for several years before we began using Microsoft 365 and they verify that Proofpoint Essentials can send mail on our behalf.

However, since setting up DKIM and DMARC we are seeing reports which show that while our domain names are passing DKIM the onmicrosoft.com domain name that is used as part of the sending process fails.

DKIM/DMARC allows recipient mail servers to verify that our email is sent via Proofpoint Essentials. We do not have any control over onmicrosoft.com so wondered how other Microsoft 365 customers deal with this.

Please note this is not a question about sending email as user@our-domain-name.onmicrosoft.com. We send email using user@our-domain-name.com.

Thank you.

Labels:
3,956 Views
2 Likes
2 Replies
Reply
2 Replies
ItsRefik

‎Jul 08 2021 01:57 PM

‎Jul 08 2021 01:57 PM

Re: DKIM/DMARC and onmicrosoft.com

@PK Player 

Same here. I have searched all there is to be searched to no avail :( Our main problem is with D/L. DKIM alignment fails when a D/L member (with outside domain) sends out to D/L. Furthermore, while our customdomain.com passes all DKIM/Dmarc, when we check for customdomain.onmicrosoft.com, DKIM fails for all existing selectors. smh.

0 Likes
Reply
PK Player

‎Aug 03 2021 01:36 AM

‎Aug 03 2021 01:36 AM

Re: DKIM/DMARC and onmicrosoft.com

Well, I assume that it does not matter so much. Email from our tenant originates from Microsoft's mail servers which are Microsoft-owned IP addresses. I expect that so long as the IP addresses match Microsoft's servers the onmicrosoft.com part of the domain name is accepted and that the DKIM/DMARC reports are purely for show and are not acted upon.
There's probably a whole level of authentication we are unaware of.
0 Likes
Reply