DKIM / DMARC Office 365 for third party senders

%3CLINGO-SUB%20id%3D%22lingo-sub-1799404%22%20slang%3D%22en-US%22%3EDKIM%20%2F%20DMARC%20Office%20365%20for%20third%20party%20senders%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1799404%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20have%20a%20DKIM%20%2F%20DMARC%20question.%3C%2FP%3E%3CP%3EWe%20migrated%20our%20mailboxes%20from%20Onpremise%20to%20Exchange%20Online%20about%20a%20year%20ago.%3CBR%20%2F%3EAt%20the%20time%20we%20had%20setup%20SPF%20records%20so%20that%20our%20external%20partner%20could%20send%20from%20our%20domain%20name.%3C%2FP%3E%3CP%3EFor%202021%20it%20will%20be%20a%20requirement%20for%20the%20company%20to%20also%20use%20DKIM%20and%20DMARC%20on%20our%20email%20domains.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20if%20I'm%20correct%20%3A%3CBR%20%2F%3ETo%20enable%20DKIM%20I%20need%20to%20create%20following%20records%20in%20our%20external%20dns%20%3A%3CBR%20%2F%3Eselector1._domainkey.ourdomain.fr.%20IN%20CNAME%20selector1-ourdomain-fr._domainkey.ourdomain.onmicrosoft.com.%3CBR%20%2F%3Eselector2._domainkey.ourdomain.fr.%20IN%20CNAME%20selector2-ourdomain-fr._domainkey.ourdomain.onmicrosoft.com.%3C%2FP%3E%3CP%3EThen%20I%20enable%20it%20from%20the%20O365%20portal.%3CBR%20%2F%3ESign%20messages%20for%20this%20domain%20with%20DKIM%20signature%3C%2FP%3E%3CP%3ESo%20when%20done%2C%20I%20cover%20my%20emails%20sent%20from%20our%20Office%20365%20tenant%2C%20right%3F%3C%2FP%3E%3CP%3ENow%2C%20I%20wonder%20what%20happens%20if%20our%20external%20partner%20sends%20an%20email%20from%20%40ourdomain.fr%20after%20this%20configuration%3F%3CBR%20%2F%3EWill%20it%20be%20blocked%20by%20antispam%3F%20Or%20will%20it%20just%20send%20out%20without%20DKIM%20signing%3F%3C%2FP%3E%3CP%3EIf%20it%20sends%20out%20without%20DKIM%20signing%2C%20how%20can%20I%20make%20sure%20they%20do%3F%3C%2FP%3E%3CP%3EIf%20we%20then%20decide%20to%20do%20DMARC%20too%2C%20how%20can%20we%20go%20from%20there%3F%20And%20will%20third%20party%20senders%20will%20still%20be%20able%20to%20send%20if%20we%20only%20configure%20DKIM%2FDMARC%20for%20our%20Office365%20tenant%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1799404%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
New Contributor

Hi,

I have a DKIM / DMARC question.

We migrated our mailboxes from Onpremise to Exchange Online about a year ago.
At the time we had setup SPF records so that our external partner could send from our domain name.

For 2021 it will be a requirement for the company to also use DKIM and DMARC on our email domains.

 

So if I'm correct :
To enable DKIM I need to create following records in our external dns :
selector1._domainkey.ourdomain.fr. IN CNAME selector1-ourdomain-fr._domainkey.ourdomain.onmicrosoft.com.
selector2._domainkey.ourdomain.fr. IN CNAME selector2-ourdomain-fr._domainkey.ourdomain.onmicrosoft.com.

Then I enable it from the O365 portal.
Sign messages for this domain with DKIM signature

So when done, I cover my emails sent from our Office 365 tenant, right?

Now, I wonder what happens if our external partner sends an email from @ourdomain.fr after this configuration?
Will it be blocked by antispam? Or will it just send out without DKIM signing?

If it sends out without DKIM signing, how can I make sure they do?

If we then decide to do DMARC too, how can we go from there? And will third party senders will still be able to send if we only configure DKIM/DMARC for our Office365 tenant?

0 Replies