Don’t be fooled; MX records aren’t the last step
Email is a critical tool for business communication, but it's also vulnerable to attacks from malicious actors who can send fraudulent emails to trick recipients into providing sensitive information or clicking on malicious links. To protect your business and your customers from these threats, it's crucial to implement email authentication protocols such as DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance) on your domain in Office 365.
DKIM is a method of email authentication that allows an organization to claim responsibility for a message in a way that can be verified by mailbox providers. When an email is sent with DKIM, the recipient's email server can check the DKIM signature to ensure that the message was not tampered with in transit and that it actually came from the sender's domain.
DMARC is a policy framework that enables a domain owner to specify which authentication methods are employed for their email messages and what actions mailbox providers should take if messages fail authentication checks. DMARC builds on the foundation laid by DKIM and SPF (Sender Policy Framework) to provide a more comprehensive approach to email authentication.
Here are some reasons why it's important to implement DKIM and DMARC together on your domain in Office 365:
Prevent email fraud and abuse: Implementing DKIM and DMARC together provides a strong defense against email fraud and abuse. DKIM verifies that the email was sent by the legitimate sender and has not been tampered with in transit, while DMARC specifies how mailbox providers should handle messages that fail DKIM and SPF checks.
Improve email deliverability: By implementing DKIM and DMARC together, you can improve your email deliverability by reducing the likelihood that your emails will be flagged as spam or sent to the recipient's junk folder. When mailbox providers see that you have implemented DMARC, they are more likely to trust your emails and deliver them to the recipient's inbox.
Build trust with your customers: Implementing DKIM and DMARC on your domain in Office 365 demonstrates to your customers that you take email security seriously and that you are committed to protecting their sensitive information. This can help build trust and improve your brand reputation.
Now that you understand the importance of implementing DKIM and DMARC together on your domain in Office 365, here are the steps to enable them:
Verify your domain in Office 365:
Sign in to the Microsoft 365 admin center and go to the Setup > Domains page.
Select the domain you want to verify and click the Verify button.
Follow the instructions to add a DNS record to your domain's DNS zone. The record will be a TXT record with a specific value that Office 365 provides.
Once you have added the DNS record, click the Verify button in the Microsoft 365 admin center to confirm that the DNS record has propagated and that Office 365 can verify your domain.
Generate DKIM and DMARC records; see more below
There are different tools you can use to generate DKIM and DMARC records, but one commonly used tool is called OpenDKIM. You can install OpenDKIM on a Linux server and use it to generate a public/private key pair for DKIM and a DMARC record.
Once you have generated the key pair and DMARC record, you will need to publish the public key and DMARC record as DNS records in your domain's DNS zone. The DKIM record will be a TXT record with a specific format that includes the selector and the public key value. The selector is a unique identifier for the DKIM record that you can choose.
Enable DKIM and DMARC signing in Office 365:
Once you have added the DKIM and DMARC records to your domain's DNS zone, you can enable DKIM and DMARC signing in Office 365.
Go to the Protection > DKIM page in the Microsoft 365 admin center and select your domain.
Click the Enable button to enable DKIM signing for your domain.
In the Enable DomainKeys Identified Mail (DKIM) pane, select the key length and selector that you used when you created the DKIM record.
Copy the CNAME record value that Office 365 provides and add it as a CNAME record in your domain's DNS zone.
Go to the Protection > DMARC page in the Microsoft 365 admin center and select your domain.
Click the Enable button to enable DMARC for your domain.
In the DMARC pane, specify the DMARC policy you want to use. You can choose to monitor, quarantine, or reject messages that fail authentication checks.
Publish your DMARC record as a DNS TXT record in your domain's DNS zone.
Once you have completed these steps, Office 365 will sign outbound messages from your domain with DKIM and enforce DMARC policies for your domain. This will help protect your business and your customers from email fraud and abuse, improve your email deliverability, and build trust with your customers.
Implementing DKIM and DMARC together on your domain in Office 365 is a critical step to ensure the security and integrity of your email communications. By verifying that your messages are authentic and trusted, you can protect your business and your customers from email-based attacks and build a stronger relationship with your audience.
