Here’s a way to ensure your outgoing emails include DKIM and SPF details all setup correctly. DKIM email verification is becoming more important for deliverability of emails.
This is mostly for anyone using Microsoft 365 email hosting, especially individual or small business users who have change their email verification setup. Once you’ve enabled DKIM for your domain, this is how to make sure it’s working.
DKIM is a way to verify the sender of an email is really from the owner of that domain name. It helps prevent fake messages from banks and other companies. DKIM and other email security measures can prevent an email being mistaken for spam and either quarantined or deleted.
This does NOT apply if you’re using a common mail service like Gmail, Outlook.com or email from your Internet provider (ISP). It’s only for those of us with their own domain name (personal or business).
Look for DKIM in outgoing messages
In short: look in the email message header for the text “dkim=pass” in an email you send to another mailbox.
Send a short email from the account you want to test to another mailbox you have control over. (most people have some alternative mailbox on Gmail, Outlook.com etc).
The content of the email doesn’t matter, a simple subject like ‘This is a DKIM test’ is enough.
Open the received email and look at the message header which is usually hiding away behind a menu option like ‘Show Original’.
The message header is often very long and confusing to us mere humans, but all you need to do is search for the text “dkim=pass”.
You should be able to search in a browser window (Ctrl + F) but in some cases (like Outlook desktop) you’ll have to copy/paste the header to a text editor (e.g. Notepad or Word) and search from there.
About dkim=pass
dkim=pass is added to the email header by the receiving mail system after it has checked the incoming DKIM signature. This is a more reliable check than looking for the sent DKIM details because ‘dkim=pass’ means the receiving mail system has accepted it.
That key phrase will be in an authentication line that might look something like this, added by Gmail.
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=selector1 header.b=Wzso6tuP;
arc=pass (i=1 spf=pass spfdomain=xxxxx.com dkim=pass dkdomain=xxxxx.com dmarc=pass fromdomain=xxxxx.com);The exact look of the authentication line depends on the receiving system and will vary.
(BTW, as you can see, there should also be “spf=pass” and probably ‘dmarc=pass’ to indicate that the SPF and DMARC details are also OK).
DKIM-Signature
If you’re really interested in seeing the DKIM details included with the sent message, search for ‘DKIM-Signature’. In a typical email it’ll look like this, mostly an encrypted ‘hash’ that verifies the message content.
A vital setting that Microsoft 365 admins should check now
Make sense of an Outlook email header
What does ‘Unverified’ mean in Outlook?
