locked
re : SPF, DKIM, and DMARC testing plan required. Does anyone have any experience with these. RRS feed

  • Question

  •  

    Hi does anyone have any experience with testing the implementation of DKIM and other email techniques used to prevent spam and malware coming into your domain. 

    I have setup my SPF record and enabled DKIM an and now I want to be able to test it to see that it actually works.

    Is there some kind of website that or test plan that can send a email to your domain to prove what you have put in place is working as intended? 

    What do you use? 

    I tried one such site and all the emails landed in my inbox when they should have been rejected by O365. 

    Your help is appreciated. 

    Thanks 

    Sunday, February 2, 2020 10:08 AM

All replies

  •  

    Hi does anyone have any experience with testing the implementation of DKIM and other email techniques used to prevent spam and malware coming into your domain. 

    I have setup my SPF record and enabled DKIM an and now I want to be able to test it to see that it actually works.

    Is there some kind of website that or test plan that can send a email to your domain to prove what you have put in place is working as intended? 

    What do you use? 

    I tried one such site and all the emails landed in my inbox when they should have been rejected by O365. 

    Your help is appreciated. 

    Thanks 

    365 doesnt reject inbound messages based on DMARC failures if that is what you are doing.

    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email

    If the DMARC policy of the sending server is p=reject, EOP marks the message as spam instead of rejecting it. In other words, for inbound email, Office 365 treats p=reject and p=quarantine the same way.

    How are you testing?
    Sunday, February 2, 2020 2:12 PM
  • SPF, DKIM and DMARC has become Industry standard to fight against SPAM, Phishing and Spoof

    the Test plan would follow something like this

    1. Spun up dummy SMTP server and try to send email as your own domain

    See the results .

    2. Forward email from one domain to another domain and see if the DKIM Signature changes.

    You can also validate your SPF, DKIM and DMARC by visiting below website 

    https://dmarcian.com/


    Vinny | Freelancer | Microsoft Certified Azure Solutions Architect Expert| Microsoft 365 Certified: Enterprise Administrator | Microsoft 365 Certified: Messaging Administrator Associate| ITILV3 | PMP

    Monday, February 3, 2020 6:44 AM
  • Hi, 

    I am trying to simulate something that gets dropped. 

    I want to be able to send, or have something send a bad spf email to my O365 tenant and see the result and the same with DKIM.

    There must be some inbound monitoring for O365 to see what gets dropped as hard failures and what comes through as soft. 

    Wednesday, February 5, 2020 5:49 PM
  • Hi, 

    I am trying to simulate something that gets dropped. 

    I want to be able to send, or have something send a bad spf email to my O365 tenant and see the result and the same with DKIM.

    There must be some inbound monitoring for O365 to see what gets dropped as hard failures and what comes through as soft. 

    Look in the header of the received message. Should be under the authentication results. 
    Wednesday, February 5, 2020 6:42 PM
  • Hi, I know how to do that. 

    But what about email that gets rejected by SPF and doesn't even come in for example a hard failure. 

    I used to work with Barracuda ESG's and you could see what hit your gateway and it gave a reason. 

    Sorry I know i'm throwing out questions right now but I want to make sure it works as intended. 

    Wednesday, February 5, 2020 8:57 PM
  • Hi, I know how to do that. 

    But what about email that gets rejected by SPF and doesn't even come in for example a hard failure. 

    I used to work with Barracuda ESG's and you could see what hit your gateway and it gave a reason. 

    Sorry I know i'm throwing out questions right now but I want to make sure it works as intended. 

    If it gets rejected as a hard failure, then it will end up either in the 365 user's junk mail or quarantine depending on how the anti -spam policy is set. Other mailers may bounce the message back to the sender. 

    Sorry if I am not understanding your questions. 

    Wednesday, February 5, 2020 9:20 PM
  • Hi,

    Do suggestions above help? If you have any questions or needed further help on this issue, please feel free to post back. If the issue has been resolved, please mark the helpful replies as answers, this will make answer searching in the forum easier and be beneficial to other community members as well.

    Regards,

    Joyce Shen


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, February 10, 2020 9:57 AM