DKIM Setup
I have setup DKIM for my custom domain in Exchange Online and it shows pass when sending a test email and inspecting the headers:
ARC-Authentication-Results
smtp.mailfrom=mydomain.net
header.from=mydomain.net; dkim=pass header.d=mydomain.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mydomain.onmicrosoft.com
h=From:Date:Subject:Messag
bh=DelGf+gWPEhOvltwPFOouDo
b=FF7o+GdJEn3iwuwslLI+FzxA
My question is this, I have an application sending email as mydomain.net using IIS SMTP and I have accounted for this IP in my SPF record so it looks something like this:
v=spf1 ip4:1.2.3.4 include:spf.protection.out
If email is sent from 1.2.3.4 for mydomain.net will it still pass DKIM? How do I account for that IP in my DKIM setup?
ARC-Authentication-Results
smtp.mailfrom=mydomain.net
header.from=mydomain.net; dkim=pass header.d=mydomain.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mydomain.onmicrosoft.com
h=From:Date:Subject:Messag
bh=DelGf+gWPEhOvltwPFOouDo
b=FF7o+GdJEn3iwuwslLI+FzxA
My question is this, I have an application sending email as mydomain.net using IIS SMTP and I have accounted for this IP in my SPF record so it looks something like this:
v=spf1 ip4:1.2.3.4 include:spf.protection.out
If email is sent from 1.2.3.4 for mydomain.net will it still pass DKIM? How do I account for that IP in my DKIM setup?
ASKER
Thank you for the response. If 1.2.3.4 is not relaying through Exchange Online and sending directly to the internet as mydomain.net, will DKIM still pass?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1) SPF != DKIM
No SPF DNS changes will effect DKIM signing or verification.
No DKIM DNS changes will effect SPF authorization checks.
2) As MAS said.
"If 1.2.3.4 is not relaying through Exchange Online and sending directly to the internet as mydomain.net, will DKIM still pass?"
No.
If you have your DKIM DNS records setup correctly + you DKIM signing setup correctly (usually OpenDKIM or rspamd) then messages must be sent through your DKIM signing server before submission to any Mailbox Provider (Google/Yahoo/etc...) so you can't "send directly to the Internet" ever. You must route all message through your DKIM signing server.
No SPF DNS changes will effect DKIM signing or verification.
No DKIM DNS changes will effect SPF authorization checks.
2) As MAS said.
"If 1.2.3.4 is not relaying through Exchange Online and sending directly to the internet as mydomain.net, will DKIM still pass?"
No.
If you have your DKIM DNS records setup correctly + you DKIM signing setup correctly (usually OpenDKIM or rspamd) then messages must be sent through your DKIM signing server before submission to any Mailbox Provider (Google/Yahoo/etc...) so you can't "send directly to the Internet" ever. You must route all message through your DKIM signing server.
Your IP will be checked in SPF not in DKIM.
For DKIM singing receiving server will not check your IP. It will check the DKIM signing and your DNS records.