How to authenticate outbound email with SPF, DKIM, and DMARC records in EXO?

Hi @ Vinod Survase ,

For outbound emails, DKIM signatures are mainly required.

The process of enabling DKIM signing in EXO involves creating two DNS CNAME records that point to Microsoft 365 or Office 365.

These records allow EXO to sign outgoing e-mail messages with a digital signature that can be verified by the receiving mail server. This signature helps ensure that the e-mail message has not been tampered with in transit.

You can refer to this link to create a DKIM record for your domain：How to use DKIM for email in your custom domain | Microsoft Learn

In addition, I recommend that you configure all three records for your domain, and the remaining two records function as follows:

SPF: This record helps prevent spoofing and phishing by verifying the origin of the email. To create an SPF record for EXO, you need to include the following values in your DNS TXT record：

v=spf1 include:spf.protection.outlook.com -all.

This value tells the receiving mail server to accept email from your domain only if it comes from Microsoft 365 or the IP address specified by Office 365. If an email fails the SPF check, it is rejected with a hard fail (-all).

DMARC: This record specifies how incoming mail servers should handle email from your domain that doesn't pass SPF or DKIM checks. This record helps you control the delivery and reporting of unauthenticated email messages.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.