Sign DKIM and spam emails from recipient

Question

Good morning, some months ago we have initially posted the question in Italian Microsoft community that suggest us to post the question on this Microsoft Community in english language.

So, We have posted the same question also in english language but we haven't received any reply.

For this reason, following the last suggestion of Italian Community to re-post in english language our question using the tag "Exchange Server", at follow re-post our problem hoping to receive some instructions.

In our company we use Windows Server 2022 with Outlook 2019.

Some recipients with different domains (e.g. @gmail.com, @live.it, etc.) have reported to us that some of our e-mails are received in their spam (junk e-mail).

We carried out a test for our domain on website MailTester where a good score emerged, however 1 point was lost due to the fact that the message does not contain the DKIM signature.

Our IT manager set the DKIM signature according to the procedure foreseen and confirmed by the reference provider but, inexplicably, with the DKIM signature set, the test score of our domain dropped by 4 points.

After various checks we are told that the DKIM signature setting is correct but we don't know why following its setting the score of our domain drops... and we assume that our e-mails can also reach some recipients in the Spam folder for this reason.

Would it be possible to have your support in this regard?

Are there any settings or particular instructions to follow for setting the DKIM signature?

Thank you

Fabio

Answer 1

Hi @fabio mas,

Welcome to the Microsoft Q&A platform!

It sounds like you’re dealing with a tricky issue. Setting up DKIM (DomainKeys Identified Mail) correctly is crucial for ensuring your emails are authenticated properly and not marked as spam.

Here are some steps and considerations to help you troubleshoot and correctly configure DKIM on your Windows Server 2022 with Outlook 2019:

Steps to Configure DKIM

1. Generate DKIM Keys:
   • Use a DKIM key generator to create a public and private key pair. The private key will be used to sign your emails, and the public key will be published in your DNS records.
2. Update DNS Records:
   • Add a TXT record to your DNS settings with the public key. The record should look something like this:
   Host: selector._domainkey.yourdomain.com Type: TXT Value: v=DKIM1; k=rsa; p=yourpublickey
3. Configure DKIM in Your Email Server:
   • For Exchange Server, you can use tools like the DKIM Exchange Plugin. Install the plugin and configure it to use the private key for signing outgoing emails.
4. Enable DKIM Signing:
   • Ensure that DKIM signing is enabled for your domain. This can usually be done through your email server’s admin console or via PowerShell commands.

Troubleshooting Tips

1. After updating your DNS records, it may take some time for the changes to propagate. Use tools like MXToolbox to verify that your DKIM record is correctly published.
2. Send a test email to a service like MailTester or DKIM Validator to ensure that the DKIM signature is being applied correctly.
3. Check the headers of your sent emails to see if the DKIM signature is present and valid. Look for the DKIM-Signature header.
4. Review your email server logs for any errors or warnings related to DKIM signing.

Common Issues

1. Incorrect DNS Records:
   • Ensure that the DNS records are correctly formatted and that there are no typos.
2. Key Length:
   • Some email providers require a minimum key length (e.g., 1024 bits). Ensure your keys meet these requirements.
3. Multiple DKIM Signatures:
   • If your emails are being signed by multiple DKIM signatures (e.g., by a third-party service and your own server), this can sometimes cause issues. Ensure that only one DKIM signature is being applied.

---

Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.

Best,

Jake Zhang