How to authenticate outbound email with SPF, DKIM, and DMARC records in EXO?

Vinod Survase 4,781 Reputation points
2023-09-25T14:40:49.9833333+00:00

How to authenticate outbound email with SPF, DKIM, and DMARC records in EXO?

Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,185 questions
Exchange | Exchange Server | Other
Exchange | Exchange Server | Management
Exchange | Other
{count} vote

1 answer

Sort by: Most helpful
  1. Aholic Liang-MSFT 13,886 Reputation points Microsoft External Staff
    2023-09-26T05:30:11.6233333+00:00

    Hi @ Vinod Survase ,

    For outbound emails, DKIM signatures are mainly required.

    The process of enabling DKIM signing in EXO involves creating two DNS CNAME records that point to Microsoft 365 or Office 365.

    These records allow EXO to sign outgoing e-mail messages with a digital signature that can be verified by the receiving mail server. This signature helps ensure that the e-mail message has not been tampered with in transit.

    You can refer to this link to create a DKIM record for your domain:How to use DKIM for email in your custom domain | Microsoft Learn

    In addition, I recommend that you configure all three records for your domain, and the remaining two records function as follows:

    SPF: This record helps prevent spoofing and phishing by verifying the origin of the email. To create an SPF record for EXO, you need to include the following values in your DNS TXT record:

    v=spf1 include:spf.protection.outlook.com -all.
    

    This value tells the receiving mail server to accept email from your domain only if it comes from Microsoft 365 or the IP address specified by Office 365. If an email fails the SPF check, it is rejected with a hard fail (-all).

    DMARC: This record specifies how incoming mail servers should handle email from your domain that doesn't pass SPF or DKIM checks. This record helps you control the delivery and reporting of unauthenticated email messages.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.