Dec 22 2018 05:40 PM - last edited on Nov 09 2023 10:07 AM by andresquiros
Dec 22 2018 05:40 PM - last edited on Nov 09 2023 10:07 AM by andresquiros
Hey Guys,
Using Exchange Online here and have some questions regarding Outbound DMARC checking, and Mail-from vs From: address checking for SPF. (All cloud based no local on prem servers).
1) I see that office 365 supports outbound DMARC checking for outbound messages. I see this in the documentation: https://docs.microsoft.com/en-us/office365/securitycompliance/use-dmarc-to-validate-email#what-is-a-...
Under how office 365 handles outbound mesages that fail dmarc. I thought that DMARC was only checked by the inbound mail servers of the destination domain?
For instance if i send an email to user@gmail.com from my office 365 domain, wouldn't only GMAIL check the DMARC/DKIM/SPF of the messages as its received?
2) Assuming that DMARC/DKIM is not enabled, when a message is sent an Office 365 Mailbox, (all cloud, using EOP), is both Mail from and From: Checked for SPF alignment? I think no but i want to be sure.
3) Does Office365/EOP perform PRA/HELO checking on inbound messages for users whose mailboxes are on the cloud?
4) Is there anyway to use your own DKIM Key Pair with office 365? For instance you use your own private key to sign messages? (Keeping all mail on premise, not relays or 3rd party solutions).
5) Does Office 365/EOP support SenderID: https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antispam-protection/sender-id?vie...
On-Prem Exchange Does and you can add the necessary records to support sender ID. But I dont see any mention of it for office 365.
Here is an example of SenderID: "spf2.0/pra,mfrom a include:spf.protection.outlook.com -all" checking to see if that type of TXT record is also supported in office 365.
(You would remove the standard v=spf record)
Thanks,
Robert
Dec 22 2018 06:03 PM - edited Dec 22 2018 06:04 PM
Dec 22 2018 06:06 PM
Thanks Chris. Thats so strange becuase On-Prem exhcange servers check mail from, from and HELO. I would have expected EOP to do the same. I guess not. without using DKIM.
Thanks,
Robert