How Using DKIM and DMARC Can Ensure More of Your Emails Are Delivered
Learn tips regarding the proper setup of DKIM and DMARC records for your Office 365 email.
With roughly 281 billion emails sent each day, it’s critical that organizations are doing all they can to ensure they’re receiving and sending legitimate emails while blocking any emails that are fraudulent.
Because email is the preferred form of communication for many organizations, it’s important that proper safeguards are in place to prevent spoofing and spam whenever possible. One way that organizations can ensure that their emails are delivered and that their accounts are protected is through the use of DKIM and DMARC records. While these records can be difficult to set up, they can increase your email deliverability and also protect your email accounts from being spoofed.
What is DMARC?
DMARC, or Domain-based Messaging and Reporting Compliance, is used to ensure legitimate email is properly authenticated using DKIM and SPF standards, and that any fraudulent activity from a domain used by an organization is blocked. DMARC works as follows:
- Matches the domain in the “header from” field with the “envelope from” domain that is used during an SPF check, and
- Matches the domain in the “header from” field with the “d=domain name” in the DKIM signature.
To pass DMARC, a message must pass SPF alignment and SPF authentication and/or DKIM alignment and DKIM authentication.
In short, DMARC is the only way that organizations can ensure that an email is legitimately being sent from the domain that’s in the “header from” address.
Having a DMARC record is beneficial for organizations because it helps their own emails appear more trustworthy and also discourages cybercriminals who are typically less likely to attempt to attack a domain with a valid DMARC record.
What is DKIM?
DKIM, or Domain Keys Identified Mail, is another email standard that’s used to prevent fraudulent emails from being sent from unauthorized domains, which is also commonly referred to as email spoofing. If you’re not familiar with email spoofing, it’s when a portion of the email content is changed to have the message appear as if it is coming from a different source.
DKIM uses an encrypted signature that’s added to the header of outgoing emails. Email servers that receive these messages then use DKIM to verify the header to ensure the message wasn’t changed after it was sent.
What is an SPF record?
One final email authentication topic to cover is the use of SPF records. An SPF or Sender Policy Framework record is used to determine the IP address or host that’s authorized to send email for a particular domain.
How to enable DKIM, DMARC, and SPF records
If you’re looking to protect the deliverability of your organization’s email, you’ll want to enable SPF, DKIM, and DMARC for Office 365. This process can be a bit complex, and our team at MessageOps is always available if you run into any issues along the way.
You’ll want to create a TXT record in your domain zone that will look something like this:
TXT Name: @
Value: “v=spf1 include:spf.protection.outlook.com -all”
Depending on how your domain DNS records are set up, the format of this record could look a bit different. Be sure to check with your registrar, or with our team if you’re having issues setting up your SPF record.
You’ll need to add two CNAME records for each domain where you’d like to add a DKIM signature. Office 365 will automatically rotate the two records that you provide.
Once the CNAME records have been added to your domain’s DNS records, you’ll also need to enable DKIM signing from within Office 365. To do this, you’ll need to follow the following steps:
- Sign in to Office 365
- Choose Admin, which can be accessed using the app launcher icon.
- Choose Exchange
- Navigate to Protection à DKIM
- Select the domain name that you have been working with and Enable the option to Sign messages for this domain with DKIM signatures.
With Office 365, you don’t need to do anything to setup DMARC for email that you receive. If you’re using a custom domain, you’ll need to add a TXT record for your domain to ensure DMARC will be enabled on the email you send. Setting up this TXT record can vary depending on your registrar.
Still have questions about using setting up SPF, DKIM, and DMARC?
As you can see, properly setting up SPF, DKIM, and DMARC records is vital to increase email deliverability for your organization. If your struggling with how to properly set up these various records, it’s likely time to call MessageOps.
We’ve helped countless organizations migrate to Office 365 and are well versed in setting up SPF, DKIM, and DMARC records regardless of your domain registrar. Give us a call today at 877-788-1617 or reach us through our contact form if you have any questions throughout this process.a