Thanks for the best explanation I've seen. Most tutorials need another tutorial to explain what they've just said, they tie you in knots. This is the most human way of explaining that I've heard, even just saying "it's not important what DKIM stands for," is a real help.
This is awesome video, got a ticket where multiple users could not email outbound. Struggled a lot on it since I'm not to experienced with SPF, DKIM, or DMARC but man this video would've 100% helped me a lot if I found it sooner lol.
Thank you for the clear definitions of each email security checks. Do you have any recommendations for passing the new google strict policies that are being enforced? Wondering if you will make a video regarding those changes? Cheers.
Thank you so much @JonathanEdwardsTech. You have just made this thing so much easier to understand and now implement. Am so much more confident in being able to deploy this to my own domain and then go on from there. Keep up the great videos you keep posting.
Fantastic video. I look after 365 for a charity I work with and they started getting rejections for email shots to members from Yahoo and it looks like Dkim and Dmarc need setting. It all looks a bit daunting but I think I can give it a go after watching this. Many thanks. Subscribed.
@@recentupdates3272 Thanks. Just getting all my stuff in order as to what to do and where to do it and ill give it a go. Hosting is Zen and I have support for 365 through Microsoft so I should be ok.
I have set all of these up as per the video and I still find some of my emails going to spam on test emails. I only set up the domain and emails yesterday so maybe it will take a few days to sort itself out? Some will go into the inbox I send them to and others will go into spam just seems to be the luck of the draw. Is there anything I may be missing or do new domains usually take a few days to work properly? Thank you. Great video for setting everything up!
Thanks! Great info. Sucks that M$ doesn't at least create a DKIM record by default when they hold the DNS for a domain in their own nameservers. And FFS, they could at least link from the DNS page to the authentications settings where this is created.
Thanks for your video. I have two email addresses to my business do you know if I should add both to my dmarc records? There seems to be conflicting ideas out there saying it is possible but, they can cause problems adding more than one email address to the dmarc record?
What do you do when you go to the DNS settings at your registrar and discover that there are already CNAME values in the record, but they are not the same ones provided by your email host? Do you edit the values? Do you add the new values? Do you delete the existing CNAME values and start over? Thanks for the content!
This is very helpful. Thank you! That said, I am getting an error on DKIM and DMARC within MXtoolbox. Do you have the exact text to copy for DMARC or know where I can find? Also, my CNAME defaults to 14400 TTL. Should I have used 3600 for the DKIM?
I set up an automatic reply, but it only works in Teams. Recipients inside and outside the organization aren't receiving an email reply. However, they can see the message header at the top of the email, which displays the automatic reply message in red. Note: This problem only happens with my custom domain. No rules have been set up, and I sued a private window, but it didn't work. I used another domain, and it worked. What could be the reason, and how can I figure it out?
Great video Jonathan. Two questions. Can I remove the TXT record when the SPF has been verified in O365. Where are the DMARC settings I need to put into my public DNS console? Thanks
No, don’t remove the SPF TXT record For the DMARC settings look at step 4 learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dmarc-configure?view=o365-worldwide#set-up-dmarc-for-outbound-mail-from-microsoft-365
Hi when I use the MXTOOLS for DMARC there's an error can you help me? here's the error.... DMARC Policy Not Enabled What you see when your domain has this problem No DMARC Protection
Excellent video. Is MXtoolbox a good test for DKIM? It never seems to find my DKIM records. I not sure if I'm not using the correct format in my DKIM lookup for what, but I'm sure the DNS records are correct as you've done them here.
@@bearded365guy Arrr I figured out what I was doing wrong with the MXtoolbox DKIM checker. For the selector I was putting email like is shown in the MXtoolbox example. But for M365 the selector is selector1. If I use selector1 in the checker then the result comes back as valid.
Hey mate, I am tearing my hair out. I'm trying to authenticate a subdomain with Brevo which is an email platform but I use Microsoft for my main domain for emailing. The records are entered in Microsoft but will not authenticate on Brevo's side. Microsoft agents are absooutely useless. I purchased my domain with Crazydomains but they say I have to enter the records with MS as they host my emails which is fine. They are updated. Any ideas?
Thanks for the content it was super helpful my 365 domains now have the 3 of them. One question, if Im getting what i think is spoofed emails from a company(they contain weird attachments and htmls with phishing) and when I check they dont have DMARC or DKIM but spf is correct. I might be wrong but doesnt SPF should avoid anyone from spoofing their emails? Does that mean that the emails are being sent from a genuine person in their company? Thank you!
Haha i answered myself while reading more about this, the other company is using an SPF record with the ~all which means it will allow softFails, i checked the spoofed mail in question and it said it softFailed. Does that mean that there is no other way to avoid spoofed emails if the companies I work with dont implement DMARC? THx!
This seems be mostly applicable to sending emails outside of our domain, does these setting helps in curbing malicious phising email sent from outside of the domain? or the security is only meant for sending emails outside?
SPF, DKIM and DMARC are all designed to protect against malious use of your domain by others, by enabling recipient systems to identify mail sent by your domain as being genuine - or not! So yes, you're correct, they only apply to mail sent by your domain, they don't provide any protection or filtering against incoming phishing or other malicious or junk email. That's done by your email host and their mail filtering, or by a 3rd party mail filtering service if you use one.
Dude, I did the configuration and after a month my emails went back to the spam folder. Even not sending it to a large number of users. Can you help me with a solution?
Man your content is premium but you give it for free you deserve every like and subscribe
Thanks mate
I couldn't agree more. Jonathan is the BEST!
This is amazing. This is the clearest explanation I have seen on DMARC.
Best video and explaination
Blew my mind! So simply explained and demonstrated. Keep them coming.
An excellent video. I was totally lost on the dkim and dmarc thing until I watch this tutorial. Subscribed! :)
Thanks Robert!
Thanks for the best explanation I've seen. Most tutorials need another tutorial to explain what they've just said, they tie you in knots. This is the most human way of explaining that I've heard, even just saying "it's not important what DKIM stands for," is a real help.
Thank you
A very clear and concise video. The tools you shared are great. Thanks!
Thank you
very helpful bud. now my DKIM and DMARC has been setup properly. thank you
Awesome videos! Just a note: I had to remove the " " from the _dmarc TXT entry for it to work.
This is awesome video, got a ticket where multiple users could not email outbound. Struggled a lot on it since I'm not to experienced with SPF, DKIM, or DMARC but man this video would've 100% helped me a lot if I found it sooner lol.
Exactly the video I needed! Thank you so much for your help Jonathan. Please keep them coming, in the meantime I'll check out your previous videos.
wow. Complex topic, but It cant be explained any more simply than this. Nice. Planning to read all your contents now. Subscribed as well
Excellent, content - very useful! Love the voice changers for variety.
Bravo, to your content and superb delivery. This solved my customers issues and more importantly helped me understand more about Microsoft 365 🙏
Thanks, the best explainer for this topic I've had. great work
Excellent tutorial, incredibly clear and concise.
Very helpful video Jonathan. I manage a few tenants and valimail will definitely come in handy for me. Cheers!
Great video, you said you can't have DMARC without DKIM and SPF. My understanding is this is incorrect
Thank you for the video - it was a great help!
Came for the knowledge, stayed for the beard. Both of which are absolutely brilliant. Thanks a bunch!
tid bits of gold nuggets, thank Jonathan.
GOD BLESS YOU! It was better than any other video or material online. Well done on explaining it so well. You saved me hours man! Next beer on me.
really excellent, i just updated my domain !
Thanks Jonathan, awesome video, clear and great level of detail.
Thank you for the clear definitions of each email security checks. Do you have any recommendations for passing the new google strict policies that are being enforced? Wondering if you will make a video regarding those changes? Cheers.
Thank you so much @JonathanEdwardsTech. You have just made this thing so much easier to understand and now implement. Am so much more confident in being able to deploy this to my own domain and then go on from there. Keep up the great videos you keep posting.
Thank you
Fantastic video. I look after 365 for a charity I work with and they started getting rejections for email shots to members from Yahoo and it looks like Dkim and Dmarc need setting. It all looks a bit daunting but I think I can give it a go after watching this. Many thanks. Subscribed.
It should work bro, i just solved for a company that could not send to yahoo wit the same method
@@recentupdates3272 Thanks. Just getting all my stuff in order as to what to do and where to do it and ill give it a go. Hosting is Zen and I have support for 365 through Microsoft so I should be ok.
I have set all of these up as per the video and I still find some of my emails going to spam on test emails. I only set up the domain and emails yesterday so maybe it will take a few days to sort itself out? Some will go into the inbox I send them to and others will go into spam just seems to be the luck of the draw. Is there anything I may be missing or do new domains usually take a few days to work properly? Thank you. Great video for setting everything up!
Thanks! Great info. Sucks that M$ doesn't at least create a DKIM record by default when they hold the DNS for a domain in their own nameservers. And FFS, they could at least link from the DNS page to the authentications settings where this is created.
Thanks for your video. I have two email addresses to my business do you know if I should add both to my dmarc records? There seems to be conflicting ideas out there saying it is possible but, they can cause problems adding more than one email address to the dmarc record?
Thank you very much sir!
All setup now, so easy!
Wow... This is awesome. Very easy to follow. Thanks v much
Dude....Thank you!👊
It’s a great explanation 😮
Bro its an wonderful content and i learnt the things in few minutes, Subscribed :)
Great explanation! beardedguy365 suits you well, hahaha.
Congrats for the content! What if I use a third party email filtering with O365? Do I need to set that policies on that side as well ?
Very good explanation and you made it easy to understand
This is awesome!! What coding language did you use to create this?
Excellent Video!!! Thank you so much
What do you do when you go to the DNS settings at your registrar and discover that there are already CNAME values in the record, but they are not the same ones provided by your email host? Do you edit the values? Do you add the new values? Do you delete the existing CNAME values and start over? Thanks for the content!
@@ericmatthaei9711 Add new values…. The other CNAME’s records are probably there for a reason……
Great video. Question. What about parking a domain that isn’t being used for email. How do you set that up?
Would like to thank you for making this concise, helpful video.!
Thanks John
Excellent overview.
Great walkthrough!! Keep up the great content
Great video, explained everything perfectly. Thanks so much, keep up the great work 🙂
Thank you
Great stuff, could you please make the video regarding the outlook connector.
Excellent video, thanks a lot!
This is very helpful. Thank you! That said, I am getting an error on DKIM and DMARC within MXtoolbox. Do you have the exact text to copy for DMARC or know where I can find? Also, my CNAME defaults to 14400 TTL. Should I have used 3600 for the DKIM?
Excellent explanation, thank you. RD CAPITAL SL LTD
Thanks man
I set up an automatic reply, but it only works in Teams. Recipients inside and outside the organization aren't receiving an email reply. However, they can see the message header at the top of the email, which displays the automatic reply message in red.
Note: This problem only happens with my custom domain.
No rules have been set up, and I sued a private window, but it didn't work.
I used another domain, and it worked.
What could be the reason, and how can I figure it out?
Great video, you have saved the day.
You are amazing
Atlanta
Great video, thanks.
Hello, does every domain/ sub domain need a separate DKIM key uploaded to DNS?
Yes
Great video Jonathan. Two questions. Can I remove the TXT record when the SPF has been verified in O365. Where are the DMARC settings I need to put into my public DNS console? Thanks
No, don’t remove the SPF TXT record
For the DMARC settings look at step 4
learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dmarc-configure?view=o365-worldwide#set-up-dmarc-for-outbound-mail-from-microsoft-365
Perfect thank you, I appreciate your help.@@bearded365guy
Hi when I use the MXTOOLS for DMARC there's an error can you help me? here's the error....
DMARC Policy Not Enabled
What you see when your domain has this problem
No DMARC Protection
OK, it looks like you haven’t implemented DMARC yet?
Will a dmarc of v=DMARC1; p=none; be sufficient for microsoft?
Hello, can you make a video on how to implement MTA-STS? Thank you.
What do you think about Cloudflare DMARC checker?
I’ve not seen it or used it. Have you?
Thanks a lot
Excellent video. Is MXtoolbox a good test for DKIM? It never seems to find my DKIM records. I not sure if I'm not using the correct format in my DKIM lookup for what, but I'm sure the DNS records are correct as you've done them here.
@@MendocAWB there are a few DKIM checkers. I usually use a couple of them.
@@bearded365guy Cool. Which ones would you suggest?
@@MendocAWB This one is good - dmarcian.com/dmarc-inspector/
@@bearded365guy Thanks, but thats a DMARC checker, I'm looking for a DKIM checker?
@@bearded365guy Arrr I figured out what I was doing wrong with the MXtoolbox DKIM checker. For the selector I was putting email like is shown in the MXtoolbox example. But for M365 the selector is selector1. If I use selector1 in the checker then the result comes back as valid.
Heeyy Jonathan, You're the best in teaching. I enjoyed your tutorial! I'm giving you a thumbs up and a subscribe click right away. Thanks so much!
Thanks!
Hey mate, I am tearing my hair out. I'm trying to authenticate a subdomain with Brevo which is an email platform but I use Microsoft for my main domain for emailing. The records are entered in Microsoft but will not authenticate on Brevo's side. Microsoft agents are absooutely useless. I purchased my domain with Crazydomains but they say I have to enter the records with MS as they host my emails which is fine. They are updated.
Any ideas?
Thanks for the content it was super helpful my 365 domains now have the 3 of them.
One question, if Im getting what i think is spoofed emails from a company(they contain weird attachments and htmls with phishing) and when I check they dont have DMARC or DKIM but spf is correct. I might be wrong but doesnt SPF should avoid anyone from spoofing their emails? Does that mean that the emails are being sent from a genuine person in their company?
Thank you!
Haha i answered myself while reading more about this, the other company is using an SPF record with the ~all which means it will allow softFails, i checked the spoofed mail in question and it said it softFailed. Does that mean that there is no other way to avoid spoofed emails if the companies I work with dont implement DMARC? THx!
I found our DKIM disabled and not published to our public DNS, How i can republish it again?
This seems be mostly applicable to sending emails outside of our domain, does these setting helps in curbing malicious phising email sent from outside of the domain? or the security is only meant for sending emails outside?
SPF, DKIM and DMARC are all designed to protect against malious use of your domain by others, by enabling recipient systems to identify mail sent by your domain as being genuine - or not! So yes, you're correct, they only apply to mail sent by your domain, they don't provide any protection or filtering against incoming phishing or other malicious or junk email. That's done by your email host and their mail filtering, or by a 3rd party mail filtering service if you use one.
Dude, I did the configuration and after a month my emails went back to the spam folder. Even not sending it to a large number of users. Can you help me with a solution?
You da man
the sound popping it killing me , but nice explanation
When checking mail health in MXToolbox "May be an open relay" is normal?
Yeah, I got the same thing!
@@cca8161IIn an interview about the theme, someone with experience told me that free tool are not exact. In my opinion is de ~all not an exact Ip.
Who else is here because of Yahoo? Wow this issue won't go well for small business owners not understanding how to edit DNS etc.😮
im here bro, i just solved an issue with the same method, all my customers been disturbing me with the same issue
Brilliant explanation, thank you!
Thanks a lot for this, Jonathan! 🫡
Great video. Question. What about parking a domain that isn’t being used for email. How do you set that up?