Link to home
Start Free TrialLog in
Avatar of bigbrotherc
bigbrothercFlag for United States of America

asked on

EOP MX and DMARC records and SPF string for Exchanged On Prem using Google MX records

I am a jack of all trades master of none admin....We are using G-Suite within Google Admin to peel off some marketing CRM email accounts for analytics and our MX records are pointed at their DNS. I am using Office 365 Administration Microsoft EOP and running a hybrid environment with mostly On Prem Exchange 2013 mailboxes. My problem is that my SPF and DMARC are not setup the way Microsoft says is best practice and we are getting spoofed addresses bypassing EOP into our domain because supposedly the MX is not pointed 1st or only to mail.protection.domain. I am trying to accommodate everyone but not sure how to make sure we are protected 1st before our gmail using CRM marketing side.
Avatar of David Favor
David Favor
Flag of United States of America image
Never think you can understand SPF + DKIM + DMARC records, at a glance.

Use one of the many tester sites. https://dmarcian.com/ provides a great set of test tools.

There are many other sites like Dmarcian with other great test tools.

Tip: When using DMARC, always setup to do report only first, never any loose or strict enforcement.

Once your daily DMARC reports show SPF + DKIM working at 100%, then you can upgrade your mode to enforcement.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.