Set up the required selector DNS records in order to support DKIM

Question

Set up the required selector DNS records in order to support DKIM

Opened this issue 10 months ago · 4 comments

rambo11994 commented 10 months ago

The above gives me "not recommended" against several of my domains despite DNS records being in place for them.

Answer 1 · 2024-01-18T16:47:41.000Z

Just to add to this. I have used this powershell cmdlet Get-DkimSigningConfig -Identity domainamehere | Fl and the domains that are on the report that have "Not Recommended" against them are all OK and show as having selector1 and 2 CNAMES present..

Answer 2 · 2024-01-19T10:23:02.000Z

CNAMES can be present, but if in the DkimSigningConfig it's not set to Enabled = True then EXO won't apply the DKIM signing to the emails

Answer 3 · 2024-01-19T12:17:34.000Z

Hi @jonade,

in DkimSigningConfig the domains are enabled and have valid CNAME records enabled.
Microsoft's very own troubleshooting tool confirms that DKIM has in fact been set up for the domains
But they still show as "not recommended"

Answer 4 · 2024-02-21T21:18:05.000Z

@rambo11994, do you happen to use a split-DNS configuration by any chance? E.g do your domains resolve differently internally & externally? If so, you'll need to specify the -AlternateDNS command when running the report, or alternatively, run the ORCA report from external to your network.

ORCA has DNS checks within it that look for the presence of these records, as if we were a receiver of mail. If we cannot resolve them like a receiver would, then these checks won't work.