This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 88%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMQ%3C/text%3E%3C/svg%3E)
I am sending an email from application using my tenant domain. SPF and DKIM were getting sign in from the application domain , however DMARC getting failed because the from address is from my tenant domain.
Please correct me if i am wrong, i can fix this if i will update application domain DKIM key in my tenant domain DNS. Now the email DKIM will show from my domain and DMAR will get pass.
What value i need to get from application to update in my tenant domain DNS , i.e. TXT OR CNAME..?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @Microsoft Q & A ,
Just checking in to follow up with this thread. If you found Andy's reply helpful, you can accept his answer to help increase visibility of this question for other members of the Microsoft Q&A community. If you still have any concerns on this, feel free to comment down below.
The DKIM records themselves are TXT. https://www.cloudflare.com/learning/dns/dns-records/dns-dkim-record/ You can point to them with a CNAME from another domain, but if you hosting the actual DKIM record, its a TXT record
You need a CNAME typically. that CNAME points to the source sender who manages the actual DKIM stamping.
Example:
i guess my question pointed wrong. I want to send email from an application using from address of my domain. In order to look the email to be authenticated DKIM sign in should be look from my domain i.e. under DKIM signature d=nokia.com, in that scenario only if i will use from address of my domain then DMAR will also pass. I just want to know which records the application team will give me to update in my DNS. As per MS Article application (third party) will share DKIM key and that need to update in my company DNS. DKIM key should be txt records or CNAME records or both.