Alan Dala
asked on
SPF, DKIM, DMARC
Hello -
I'm trying to figure out if our email delivery measures are set up correctly.
We use Office365. With that being said, is it necessary to add our public IP address into the SPF record? Would it help with anything or it's enough to add "v=spf1 include:spf.protection.out
Second,
When emails are sent internally, analyzing the 'header', it says dkim=none (message not signed), dmarc=none. Is this normal? I do see the correct info when sending to external address, though.
Thank you for your help!
I'm trying to figure out if our email delivery measures are set up correctly.
We use Office365. With that being said, is it necessary to add our public IP address into the SPF record? Would it help with anything or it's enough to add "v=spf1 include:spf.protection.out
Second,
When emails are sent internally, analyzing the 'header', it says dkim=none (message not signed), dmarc=none. Is this normal? I do see the correct info when sending to external address, though.
Thank you for your help!
You can test mails using: https://www.mail-tester.com/spf-dkim-check
In addition to noci's suggestion, setup a report only DMARC record... something like...
Each Mailbox Provider (like Gmail/Apple/etc...) will generate immediate + nightly reports for you to review.
These reports will give you a percentage pass/fail for both SPF + DKIM checks.
_dmarc.yourdomain.com. 600 IN TXT "v=DMARC1; p=none; sp=none; fo=1; adkim=s; aspf=s; pct=100; rf=afrf; ri=86400; ruf=mailto:dmarc@yourdomain.com; rua=mailto:dmarc@yourdomain.com;"Each Mailbox Provider (like Gmail/Apple/etc...) will generate immediate + nightly reports for you to review.
These reports will give you a percentage pass/fail for both SPF + DKIM checks.
If you have hybrid exchange, then message exchange between exchange online and onpremise exchange are tagged as 'internal' and did not get signed with dkim, so its perfectly fine
Further regarding adding onpremise servers in spf depend on how you send external emails?
If onpremise and O365 both are sending external emails, you do need to add onpremise host ips in SPF record OR if any other servers directly sending emails to internet via relaying through O365, then again you do need to add those servers public ip as well in SPF record
Further regarding adding onpremise servers in spf depend on how you send external emails?
If onpremise and O365 both are sending external emails, you do need to add onpremise host ips in SPF record OR if any other servers directly sending emails to internet via relaying through O365, then again you do need to add those servers public ip as well in SPF record
ASKER
No hybrid exchange server. Everything is hosted in the cloud. The reason I was thinking about putting our public IP in the SPF is that in the header it show that IP as the 'X-Originating-IP'.
Would that be helpful regarding spam filtering when our staff send emails?
Thanks!
Would that be helpful regarding spam filtering when our staff send emails?
Thanks!
put your onpremise public IP in SPF record only if that IP is used to relay emails to internet / O365 to avoid messages dropped in spam, else step is not required
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.