Jason Crawford
asked on
DKIM Setup
I have setup DKIM for my custom domain in Exchange Online and it shows pass when sending a test email and inspecting the headers:
ARC-Authentication-Results : i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=mydomain.net ; dmarc=pass action=none
header.from=mydomain.net; dkim=pass header.d=mydomain.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mydomain.onmicrosoft.com ; s=selector2-mydomain-onmic rosoft-com ;
h=From:Date:Subject:Messag e-ID:Conte nt-Type:MI ME-Version :X-MS-Exch ange-Sende rADCheck;
bh=DelGf+gWPEhOvltwPFOouDo JUz05MJ7aN Gn/c7H8Dro =;
b=FF7o+GdJEn3iwuwslLI+FzxA 8zlUPoVwwv RHIEbQpIrm Oc5tPOtAjK YR6E8OD1ZE qJ7aj7q2Qp w4DZPFm8i5 iTg/WLwv9v WBTW/2Z8ha VXJ9OuJLCd Z91pLscP36 byQPzDJ4QP IoWQlCRqrj wyawoBiz0c 5YWAmOp321 GU0LLh8=
My question is this, I have an application sending email as mydomain.net using IIS SMTP and I have accounted for this IP in my SPF record so it looks something like this:
v=spf1 ip4:1.2.3.4 include:spf.protection.out look.com -all
If email is sent from 1.2.3.4 for mydomain.net will it still pass DKIM? How do I account for that IP in my DKIM setup?
ARC-Authentication-Results
smtp.mailfrom=mydomain.net
header.from=mydomain.net; dkim=pass header.d=mydomain.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mydomain.onmicrosoft.com
h=From:Date:Subject:Messag
bh=DelGf+gWPEhOvltwPFOouDo
b=FF7o+GdJEn3iwuwslLI+FzxA
My question is this, I have an application sending email as mydomain.net using IIS SMTP and I have accounted for this IP in my SPF record so it looks something like this:
v=spf1 ip4:1.2.3.4 include:spf.protection.out
If email is sent from 1.2.3.4 for mydomain.net will it still pass DKIM? How do I account for that IP in my DKIM setup?
ASKER
Thank you for the response. If 1.2.3.4 is not relaying through Exchange Online and sending directly to the internet as mydomain.net, will DKIM still pass?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1) SPF != DKIM
No SPF DNS changes will effect DKIM signing or verification.
No DKIM DNS changes will effect SPF authorization checks.
2) As MAS said.
"If 1.2.3.4 is not relaying through Exchange Online and sending directly to the internet as mydomain.net, will DKIM still pass?"
No.
If you have your DKIM DNS records setup correctly + you DKIM signing setup correctly (usually OpenDKIM or rspamd) then messages must be sent through your DKIM signing server before submission to any Mailbox Provider (Google/Yahoo/etc...) so you can't "send directly to the Internet" ever. You must route all message through your DKIM signing server.
No SPF DNS changes will effect DKIM signing or verification.
No DKIM DNS changes will effect SPF authorization checks.
2) As MAS said.
"If 1.2.3.4 is not relaying through Exchange Online and sending directly to the internet as mydomain.net, will DKIM still pass?"
No.
If you have your DKIM DNS records setup correctly + you DKIM signing setup correctly (usually OpenDKIM or rspamd) then messages must be sent through your DKIM signing server before submission to any Mailbox Provider (Google/Yahoo/etc...) so you can't "send directly to the Internet" ever. You must route all message through your DKIM signing server.
Your IP will be checked in SPF not in DKIM.
For DKIM singing receiving server will not check your IP. It will check the DKIM signing and your DNS records.