DKIM with multiple mail systems

Holger Nielsen
Holger Nielsen used Ask the Experts™
on
We are planning to set up DKIM for a mail domain, example.dk.
I can find a lot of good advice on the Internet. But there's one question I can't find an answer to.
We Use Exchange online for most of our mail, but we also have an on-premise SMTP server for routing mails from our webservers. And we are using a cloud service for our news letter service. How can DKIM be set up when there's multiple systems sending mail from our example.dk domain?
All the guides I have found on the Internet are about a setup with only one mail system.


Best regards Holger Nielsen
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016

Commented:
Microsoft has complete documentation on this.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email

We Use Exchange online for most of our mail, but we also have an on-premise SMTP server for routing mails from our web servers they should go through office 365.. just identify the ipv4 address in your spf record

And we are using a cloud service for our newsletter service request a dkim record from the cloud service.
MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017

Commented:
You can enable DKIM on onpremise.
It will not effect your O365 mail flow.
But you may have to install DKIM signing software in Exchange server and add a selector and publish in external DNS
Fractional CTO
Distinguished Expert 2018
Commented:
Note: Each system must have their own DKIM signing mechanism.

You must be very careful not to create a conflict, where you publish one DKIM selector DNS record with a signature, then sign your email messages using some other DKIM key.

Suggestion: The easy way to fix all this...

1) Setup one central SMTP relay, through which all mail flows.

2) #1 also has the side effect of boosting IP reputation of your sending IP(s), as using common IP(s) boosts sending volume on these IP(s).

3) Setup 587 authentication for submitting all email to send for #1.

4) Everywhere you send email, use #3 authentication to relay through #1.

This approach will likely save you a massive amount of maintenance time. Also, you can add any number of MTAs, anytime, anywhere, this all use #1 + work instantly, rather than setting up DKIM signing for each new MTA.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial