Good afternoon Qian, thank you for your reply but unfortunaltey the articles you linked to are all for Microsoft 365 for business users and require changes to be made in Exchange online that M365 personal/family users cannot make.
Videos
So it seems 365 Family only supports SPF, no DKIM. Has anyone noticed issues with this? I'm seeing reports online with folks getting a lot of their email dumped into their recipients' spam folders.
I was really hoping this was going to be the silver bullet =\
Good afternoon Qian, thank you for your reply but unfortunaltey the articles you linked to are all for Microsoft 365 for business users and require changes to be made in Exchange online that M365 personal/family users cannot make.
Hi Nick_Parker,
Thank you for choosing Microsoft community.
Regarding your concern, since we're Office 365 online support for business, so far as I know, you may refer to Set up DMARC for outbound mail from Microsoft 365 to implement DMARC for your custom domain.
If you need further assistance based on your M365 Family subscription, to better assist you, you may post additional threads under M365 Family category to get the help from moderators and experts there. Thank you very much for your understanding!
Hope it helps! If any update, welcome to share with us.
Thanks & Stay safe,
Qian
Doing my homework on the MS365 Family option and I came across three statements in this thread:
https://www.reddit.com/r/gsuitelegacymigration/comments/u0j1mo/why_isnt_microsoft_365_family_the_obvious_choice/
...that MS does not support DKIM, and one of those goes on to say that MS doesn't support DMARC.
That would indeed be a big deal. I looked it up though and I don't get it but it appears both (plus SPF) are supported in MS365 generally:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-worldwide
...and is it too much to hope that these docs also apply to the Family product?
I will say that it seems unfortunately cumbersome to actually set these up -- with Google I never even needed to learn that these technologies existed. I could expect to have to learn these details with a low cost provider but doing so with MS is a disappointment.
Experts, have I gone astray here?
How do I generate a DKIM key pair for a domain I host through my M365 family plan? All the documentation I have found applies to the enterprise version of M365.
Hi. I'm Brian and I'll try to help.
Since you are using a custom domain, the domain's DNS service is where you set up DKIM, SPF and DMARC. Microsoft doesn't control your DNS. That's up to you.
Thanks Brian.
I have a custom domain that has an mx record that sends my email to 656339899.pamx1.hotmail.com. The DNS was configured at GoDaddy by the onboarding wizard during onboarding my family subscription.
I know how to set up DMARC, SPF and DKIM what I am struggling to get are the specific keys or CNAMEs to use for DKIM.
The exact issue causing me problems is that I am receiving emails spoofing my email address as the sender. They are being generated by someone exploiting their own legitimate access to the protection.outlook.com infrastructure which in turn means they pass SPF. If DKIM was in place the spoofed emails would fail DKIM and could be rejected.
What worries me is the thought that this same miscreant could be spoofing my address to send spam to others with M365 email address and those emails would also be being delivered with no way for the recipients to tell that they weren’t sent by me.
Thanks for the reply and you may well be correct. Out of interest, I was getting my emails rejected by gmail until I found out how to get DMARC to pass. Apparently DMARC requires either SPF or DKIM with both being preferable but not mandatory to have both.
I used an excellent website called https://learndmarc.com it asks you to send it an email and then goes through each of SPF, DKIM and DMARC showing if it passes and, if not, giving clues about what is missing. There was enough information in there for me to setup the required entries in my DNS after a bit of googling. Enough, in fact, to get a DMARC pass and hence get through to gmail.
Regarding DKIM, I have the public part of that in my DNS but also need to add the private part to my email provider and that's where I come unstuck.
Whilst this is enough for now, I wonder how long it will be until DKIM is also a mandatory requirement resulting in rejected emails again.
Anyway, I hope this was of some value to you.
Regards
Steve
I posted on exactly the same issue a few days ago: https://answers.microsoft.com/en-us/outlook_com/forum/all/dkim-support-for-personalised-domains-on-microsoft/d5e58d05-23b4-4a7e-a3b6-400f7e8cc3ae
Microsoft have abandoned us by not implementing DKIM. We can either face up to our emails being destined for spam folders or give up and move elsewhere.
Hi,
Is there any practical downside that I should be aware of before switching from gsuite legacy to M365 Family if there will be no DKIM/DMARC support? Is spf only enough to always treat my mails as valid or should I expect occasional marking my mails as spam (by gmail or other vendor) or maybe something else?
https://answers.microsoft.com/en-us/outlook_com/forum/all/microsoft-365-family-with-custom-domain-dkim-and/3b739764-93ea-4558-8161-732f09d34992
I wouldn't expect so. Microsoft isn't operating from their mums basement, so I’d expect email servers to take that into consideration when classifying spam.
If you were hosting yourself, definitely do both but I doubt it’s a major problem here.
I just made this move over the weekend and thus far, I haven't had any complaints about mail delivery from my 6 users. I purposely sent emails to all of the major consumer email platforms (gmail, other outlook.com users, yahoo, etc) and everything landed in the inbox.
I also sent emails to some folks I know in government, higher education, and the corporate world and thus far I'm at 100% success rate in terms of delivery to inbox.
If I stumble on an organization that I need to communicate with that drops my [email protected] into Junk, I can just communicate with them using my [email protected] address instead.
So far. So good.