We have three domain names in use within our Microsoft 365 tenant. We use Proofpoint Essentials to filter inbound/outbound email to all of them.
Our SPF records have been around for several years before we began using Microsoft 365 and they verify that Proofpoint Essentials can send mail on our behalf.
However, since setting up DKIM and DMARC we are seeing reports which show that while our domain names are passing DKIM the onmicrosoft.com domain name that is used as part of the sending process fails.
DKIM/DMARC allows recipient mail servers to verify that our email is sent via Proofpoint Essentials. We do not have any control over onmicrosoft.com so wondered how other Microsoft 365 customers deal with this.
Please note this is not a question about sending email as firstname.lastname@example.org. We send email using email@example.com.