Thank you so much! You were so clear on what needed to be done, and step by step, was excellent. I was having problems with my setup and realized what I was doing wrong. Thank you! I'm now a Global Cyber Alliance subscriber.
You can copy and paste. To do it, you have to highlight the text with your mouse and without letting off the mouse button hit Ctrl+C on the keyboard and it should copy the text. Might take a try or two to get it.
In your DNS you have to create a CNAME record type and apply the appropriate record name and values. The record name will always be selector1._domainkey. and selector2._domainkey., and the value is provided in o365 under DKIM. . Please feel free to reachout to gca-dmarc@globalcyberalliance.org if you have any additional questions.
Thanks for the great information. One question I have... when the TXT record is created and you set the p=none for DMARC policy, where would you configure this policy or is it even necessary?
When adding DKIM and DMARC, will the end user notice any changes or require anything additional on their end? Thanks for this video, its been very informative.
Hi, great video ! My organization would like to enable Office 365 DKIM/DMARC however we send bulk email via a number of internet smtp service providers, specifically Blue State Digital (BSD) and Sendgrid. What modification would we have to make in DNS to make sure that mail sent via BSD and Sendgrid continues to flow once Office 365 DKIM/DMARC are enabled ? I've presented this scenario to BSD, Sendgrid and Microsoft and none have given me a clear answer to this question. I appreciate any help you are able to provide.
This site has a ton of information related to your concern - hopefully it's helpful: dmarcian.com/how-to-send-dmarc-compliant-email-on-behalf-of-others/
FYI I'm trying to setup DKIM and DMARC with office365 and microsoft's instructions say not to use the default onmicrosoft signature and to generate your own keys instead
Yes, when you go into the exchange settings for your organization, Go to Protection --> DKIM, and you can work on DKIM using your domain rather than onmicrosoft.com. In the video, we explain this starting at the 5:05 minute mark.
Cool video. So I am looking for something that explains what to do after you get all this setup. Obviously you have the policy for DMARC set for none. I am guessing that is only a temporary mode and you eventually want to move to a stricter policy? How do you determine when to do that? How do you evaluate the DMARC aggregate reports?
Thank you so much! i was trying to understand how to add DMARC and DKIM records in my DNS. i followed your steps and everything looks good. when i went on MXtoolbox to check to see if all is correct and i get all green lights, except for the following: DMARC Policy Not Enabled DMARC Quarantine/Reject policy not enabled how would i set that up?
So how do you handle email address that are not under office365 and using an ISP smtp server for example, would you just need to place them under the office365 DMARC environment or is there a DNS record for this?
This site has a ton of information related to your concern - hopefully it's helpful: dmarcian.com/how-to-send-dmarc-compliant-email-on-behalf-of-others/
The setup is somewhat the same but will require additional steps depending on what the other servers are and if there is a mail gateway. Please contact us at gca-dmarc@globalcyberalliance and we would be happy to assist you.
When we add values in host field for CNAME records, you have used "selector1._domainkey" but Microsoft Technet website suggests the following format " selector1._domainkey. " . Do you suggest that both the format work ? Actually, none of them worked for me!! Any suggestions ? Thanks in advance.
You use "selector1._domainkey" because since you are adding this into your external DNS, it SHOULD append your domain onto the end. Same premise as adding EXAMPLE as A host and not EXAMPLE.domain.com into the field. But this does differentiate with your dns hosting service procedures
Helpful video, thank you. For those using this video as a set up guide, note that 24 hours is 86400 seconds, not 84600.
Thank you so much! You were so clear on what needed to be done, and step by step, was excellent. I was having problems with my setup and realized what I was doing wrong. Thank you! I'm now a Global Cyber Alliance subscriber.
We also have a bootcamp coming up in May - some or all of which may be of interest to you: bootcamp.globalcyberalliance.org/dmarc-bootcamp-2020
All the bubbles in my end were all answered by just 1 video! Great tutorial!
Great Explanation Shezad. Many Thanks
Very helpful video, I can't imagine why anybody will bother to dislike it. Thank you for your time and effort
This was exactly what I needed, thank you! Hopefully our spoofing issues are resolved!
Awesome video. Makes DKIM and DMARC simple.
Very, very good and clear explanation. Thank you as DKIM/DMARC getting more and more important today.
This is really informative content. Thank you for sharing the knowledge with everyone
Thanks! awesome information. No fluff. just the good stuff.
It was great video explained with simple language. Double Thumbs up.
Great Video!!!
thanks man
Glad you found it useful!!
Excellent tutorial. Saving this one for future use. Well explained thank you.
Thanks for the feedback! Glad you found it helpful.
Superb. Thank you very much for your clear explanation.
Super Tutorial !
big help! thx
So glad! Thanks for the feedback!
8:26 Actually, you can indeed copy and paste the CNAME record shown in the EAC, just click and drag the text using your mouse and Control + C to copy.
Thank you so much for this explanatory video. You're a lifesaver!
Excellent video. Thanks!!!
You can copy and paste. To do it, you have to highlight the text with your mouse and without letting off the mouse button hit Ctrl+C on the keyboard and it should copy the text. Might take a try or two to get it.
great video very clear - thank you for doing this
This video made me understand clearly that how DKIM n DMARC works. Thanks..
A question- If Cname for DKIM is to create whats the methods.
In your DNS you have to create a CNAME record type and apply the appropriate record name and values. The record name will always be selector1._domainkey. and selector2._domainkey., and the value is provided in o365 under DKIM. . Please feel free to reachout to gca-dmarc@globalcyberalliance.org if you have any additional questions.
Thanks for the vid!!! It's a little different for Network Solutions but not too hard to translate it over, much appreciated!!!
Thanks for the great information. One question I have... when the TXT record is created and you set the p=none for DMARC policy, where would you configure this policy or is it even necessary?
Brilliant video - thank you so much :-)
Thanks for the feedback! So glad it was helpful.
Do you have to disable signing for the ''example.onmicrosoft.com" domain once you enable the other?
You could copy from the domain name to up and u will get all the text ! Thanks for the informative video
@16:50 isn't is 86,400 seconds? Good video.
very interesting tutor
When adding DKIM and DMARC, will the end user notice any changes or require anything additional on their end? Thanks for this video, its been very informative.
The end user should not notice any changes as nothing is required on their end.
thank you
Very nice job!!! Thank You!
Thanks, grate video. Quick question, when consider changing policy from none (v=DMARC1; p=none;) to quarantine (v=DMARC1; p= quarantine;)?
Once you have reviewed the DMARC reports and are confident that SPF and DKIM are setup correctly, then you should move to p=reject.
Hi, great video ! My organization would like to enable Office 365 DKIM/DMARC however we send bulk email via a number of internet smtp service providers, specifically Blue State Digital (BSD) and Sendgrid. What modification would we have to make in DNS to make sure that mail sent via BSD and Sendgrid continues to flow once Office 365 DKIM/DMARC are enabled ? I've presented this scenario to BSD, Sendgrid and Microsoft and none have given me a clear answer to this question. I appreciate any help you are able to provide.
This site has a ton of information related to your concern - hopefully it's helpful:
dmarcian.com/how-to-send-dmarc-compliant-email-on-behalf-of-others/
Great, Thanks!
Thumbs up! Well done.
FYI I'm trying to setup DKIM and DMARC with office365 and microsoft's instructions say not to use the default onmicrosoft signature and to generate your own keys instead
Yes, when you go into the exchange settings for your organization, Go to Protection --> DKIM, and you can work on DKIM using your domain rather than onmicrosoft.com. In the video, we explain this starting at the 5:05 minute mark.
Wanted to upvote this ... and then saw Godaddy.
Cool video. So I am looking for something that explains what to do after you get all this setup. Obviously you have the policy for DMARC set for none. I am guessing that is only a temporary mode and you eventually want to move to a stricter policy? How do you determine when to do that? How do you evaluate the DMARC aggregate reports?
Thank you so much! i was trying to understand how to add DMARC and DKIM records in my DNS.
i followed your steps and everything looks good. when i went on MXtoolbox to check to see if all is correct and i get all green lights, except for the following:
DMARC Policy Not Enabled DMARC Quarantine/Reject policy not enabled
how would i set that up?
Your DMARC policy statement in your DNS TXT record should be higher than none, i.e. p=quarantine or p=reject
So how do you handle email address that are not under office365 and using an ISP smtp server for example, would you just need to place them under the office365 DMARC environment or is there a DNS record for this?
This site has a ton of information related to your concern - hopefully it's helpful:
dmarcian.com/how-to-send-dmarc-compliant-email-on-behalf-of-others/
Hi. is the process the same with office 365 on-premise/hybrid environment?
The setup is somewhat the same but will require additional steps depending on what the other servers are and if there is a mail gateway. Please contact us at gca-dmarc@globalcyberalliance and we would be happy to assist you.
Thanks mate !! That's a good one.
I am not getting DMARC reports. I have my email in there correctly.
When we add values in host field for CNAME records, you have used "selector1._domainkey" but Microsoft Technet website suggests the following format " selector1._domainkey. " . Do you suggest that both the format work ?
Actually, none of them worked for me!!
Any suggestions ?
Thanks in advance.
I followed the video's example and not what the Technet article stated and it worked. I tried it with the technet suggestion and it DIDN'T work.
You use "selector1._domainkey" because since you are adding this into your external DNS, it SHOULD append your domain onto the end. Same premise as adding EXAMPLE as A host and not EXAMPLE.domain.com into the field. But this does differentiate with your dns hosting service procedures
im trying to do this to shopify dns, but it wont allow me to add dkim... :(
To the best of our knowledge, Shopify currently does not support DKIM
Thank you :)
thank you!