asked on DKIM Setup
I have setup DKIM for my custom domain in Exchange Online and it shows pass when sending a test email and inspecting the headers:
ARC-Authentication-Results
smtp.mailfrom=mydomain.net
header.from=mydomain.net; dkim=pass header.d=mydomain.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mydomain.onmicrosoft.com
h=From:Date:Subject:Messag
bh=DelGf+gWPEhOvltwPFOouDo
b=FF7o+GdJEn3iwuwslLI+FzxA
My question is this, I have an application sending email as mydomain.net using IIS SMTP and I have accounted for this IP in my SPF record so it looks something like this:
v=spf1 ip4:1.2.3.4 include:spf.protection.out
If email is sent from 1.2.3.4 for mydomain.net will it still pass DKIM? How do I account for that IP in my DKIM setup?
ARC-Authentication-Results
smtp.mailfrom=mydomain.net
header.from=mydomain.net; dkim=pass header.d=mydomain.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mydomain.onmicrosoft.com
h=From:Date:Subject:Messag
bh=DelGf+gWPEhOvltwPFOouDo
b=FF7o+GdJEn3iwuwslLI+FzxA
My question is this, I have an application sending email as mydomain.net using IIS SMTP and I have accounted for this IP in my SPF record so it looks something like this:
v=spf1 ip4:1.2.3.4 include:spf.protection.out
If email is sent from 1.2.3.4 for mydomain.net will it still pass DKIM? How do I account for that IP in my DKIM setup?
ExchangeMicrosoft 365
Last Comment
David Favor
ASKER
Thank you for the response. If 1.2.3.4 is not relaying through Exchange Online and sending directly to the internet as mydomain.net, will DKIM still pass?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
1) SPF != DKIM
No SPF DNS changes will effect DKIM signing or verification.
No DKIM DNS changes will effect SPF authorization checks.
2) As MAS said.
"If 1.2.3.4 is not relaying through Exchange Online and sending directly to the internet as mydomain.net, will DKIM still pass?"
No.
If you have your DKIM DNS records setup correctly + you DKIM signing setup correctly (usually OpenDKIM or rspamd) then messages must be sent through your DKIM signing server before submission to any Mailbox Provider (Google/Yahoo/etc...) so you can't "send directly to the Internet" ever. You must route all message through your DKIM signing server.
No SPF DNS changes will effect DKIM signing or verification.
No DKIM DNS changes will effect SPF authorization checks.
2) As MAS said.
"If 1.2.3.4 is not relaying through Exchange Online and sending directly to the internet as mydomain.net, will DKIM still pass?"
No.
If you have your DKIM DNS records setup correctly + you DKIM signing setup correctly (usually OpenDKIM or rspamd) then messages must be sent through your DKIM signing server before submission to any Mailbox Provider (Google/Yahoo/etc...) so you can't "send directly to the Internet" ever. You must route all message through your DKIM signing server.
Your IP will be checked in SPF not in DKIM.
For DKIM singing receiving server will not check your IP. It will check the DKIM signing and your DNS records.