thanks bro - in an interview someone asked me what spf, DKIM and DMARC was - I only knew what a SPF record was and why its useful to have one and how to create it - I did not know anything about DKIM and DMARC - thank you for teaching me this
Thanks for the best explanation I've seen. Most tutorials need another tutorial to explain what they've just said, they tie you in knots. This is the most human way of explaining that I've heard, even just saying "it's not important what DKIM stands for," is a real help.
This is awesome video, got a ticket where multiple users could not email outbound. Struggled a lot on it since I'm not to experienced with SPF, DKIM, or DMARC but man this video would've 100% helped me a lot if I found it sooner lol.
Yet another super helpful tutorial! Some questions: How long should you monitor before switching DMARC from none to quarantine to reject? How do I monitor it, just by the report option? What am I looking for? Lastly, how do I make sure my O365 is processing DMARC for my inbound mail correctly?
Thanks for your video. I have two email addresses to my business do you know if I should add both to my dmarc records? There seems to be conflicting ideas out there saying it is possible but, they can cause problems adding more than one email address to the dmarc record?
I have set all of these up as per the video and I still find some of my emails going to spam on test emails. I only set up the domain and emails yesterday so maybe it will take a few days to sort itself out? Some will go into the inbox I send them to and others will go into spam just seems to be the luck of the draw. Is there anything I may be missing or do new domains usually take a few days to work properly? Thank you. Great video for setting everything up!
Thank you for the clear definitions of each email security checks. Do you have any recommendations for passing the new google strict policies that are being enforced? Wondering if you will make a video regarding those changes? Cheers.
Fantastic video. I look after 365 for a charity I work with and they started getting rejections for email shots to members from Yahoo and it looks like Dkim and Dmarc need setting. It all looks a bit daunting but I think I can give it a go after watching this. Many thanks. Subscribed.
@@recentupdates3272 Thanks. Just getting all my stuff in order as to what to do and where to do it and ill give it a go. Hosting is Zen and I have support for 365 through Microsoft so I should be ok.
What do you do when you go to the DNS settings at your registrar and discover that there are already CNAME values in the record, but they are not the same ones provided by your email host? Do you edit the values? Do you add the new values? Do you delete the existing CNAME values and start over? Thanks for the content!
This is very helpful. Thank you! That said, I am getting an error on DKIM and DMARC within MXtoolbox. Do you have the exact text to copy for DMARC or know where I can find? Also, my CNAME defaults to 14400 TTL. Should I have used 3600 for the DKIM?
Thanks! Great info. Sucks that M$ doesn't at least create a DKIM record by default when they hold the DNS for a domain in their own nameservers. And FFS, they could at least link from the DNS page to the authentications settings where this is created.
I set up an automatic reply, but it only works in Teams. Recipients inside and outside the organization aren't receiving an email reply. However, they can see the message header at the top of the email, which displays the automatic reply message in red. Note: This problem only happens with my custom domain. No rules have been set up, and I sued a private window, but it didn't work. I used another domain, and it worked. What could be the reason, and how can I figure it out?
Great video Jonathan. Two questions. Can I remove the TXT record when the SPF has been verified in O365. Where are the DMARC settings I need to put into my public DNS console? Thanks
No, don’t remove the SPF TXT record For the DMARC settings look at step 4 learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dmarc-configure?view=o365-worldwide#set-up-dmarc-for-outbound-mail-from-microsoft-365
Thank you so much @JonathanEdwardsTech. You have just made this thing so much easier to understand and now implement. Am so much more confident in being able to deploy this to my own domain and then go on from there. Keep up the great videos you keep posting.
Excellent video. Is MXtoolbox a good test for DKIM? It never seems to find my DKIM records. I not sure if I'm not using the correct format in my DKIM lookup for what, but I'm sure the DNS records are correct as you've done them here.
@@bearded365guy Arrr I figured out what I was doing wrong with the MXtoolbox DKIM checker. For the selector I was putting email like is shown in the MXtoolbox example. But for M365 the selector is selector1. If I use selector1 in the checker then the result comes back as valid.
Hi when I use the MXTOOLS for DMARC there's an error can you help me? here's the error.... DMARC Policy Not Enabled What you see when your domain has this problem No DMARC Protection
Thanks for the content it was super helpful my 365 domains now have the 3 of them. One question, if Im getting what i think is spoofed emails from a company(they contain weird attachments and htmls with phishing) and when I check they dont have DMARC or DKIM but spf is correct. I might be wrong but doesnt SPF should avoid anyone from spoofing their emails? Does that mean that the emails are being sent from a genuine person in their company? Thank you!
Haha i answered myself while reading more about this, the other company is using an SPF record with the ~all which means it will allow softFails, i checked the spoofed mail in question and it said it softFailed. Does that mean that there is no other way to avoid spoofed emails if the companies I work with dont implement DMARC? THx!
This seems be mostly applicable to sending emails outside of our domain, does these setting helps in curbing malicious phising email sent from outside of the domain? or the security is only meant for sending emails outside?
SPF, DKIM and DMARC are all designed to protect against malious use of your domain by others, by enabling recipient systems to identify mail sent by your domain as being genuine - or not! So yes, you're correct, they only apply to mail sent by your domain, they don't provide any protection or filtering against incoming phishing or other malicious or junk email. That's done by your email host and their mail filtering, or by a 3rd party mail filtering service if you use one.
Hey mate, I am tearing my hair out. I'm trying to authenticate a subdomain with Brevo which is an email platform but I use Microsoft for my main domain for emailing. The records are entered in Microsoft but will not authenticate on Brevo's side. Microsoft agents are absooutely useless. I purchased my domain with Crazydomains but they say I have to enter the records with MS as they host my emails which is fine. They are updated. Any ideas?
Dude, I did the configuration and after a month my emails went back to the spam folder. Even not sending it to a large number of users. Can you help me with a solution?
Man your content is premium but you give it for free you deserve every like and subscribe
Thanks mate
I couldn't agree more. Jonathan is the BEST!
thanks bro - in an interview someone asked me what spf, DKIM and DMARC was - I only knew what a SPF record was and why its useful to have one and how to create it - I did not know anything about DKIM and DMARC - thank you for teaching me this
Blew my mind! So simply explained and demonstrated. Keep them coming.
Thanks for the best explanation I've seen. Most tutorials need another tutorial to explain what they've just said, they tie you in knots. This is the most human way of explaining that I've heard, even just saying "it's not important what DKIM stands for," is a real help.
Thank you
An excellent video. I was totally lost on the dkim and dmarc thing until I watch this tutorial. Subscribed! :)
Thanks Robert!
very helpful bud. now my DKIM and DMARC has been setup properly. thank you
Awesome videos! Just a note: I had to remove the " " from the _dmarc TXT entry for it to work.
This is amazing. This is the clearest explanation I have seen on DMARC.
This is awesome video, got a ticket where multiple users could not email outbound. Struggled a lot on it since I'm not to experienced with SPF, DKIM, or DMARC but man this video would've 100% helped me a lot if I found it sooner lol.
A very clear and concise video. The tools you shared are great. Thanks!
Thank you
Yet another super helpful tutorial! Some questions: How long should you monitor before switching DMARC from none to quarantine to reject? How do I monitor it, just by the report option? What am I looking for? Lastly, how do I make sure my O365 is processing DMARC for my inbound mail correctly?
Exactly the video I needed! Thank you so much for your help Jonathan. Please keep them coming, in the meantime I'll check out your previous videos.
Excellent, content - very useful! Love the voice changers for variety.
Excellent tutorial, incredibly clear and concise.
Thanks, the best explainer for this topic I've had. great work
Bravo, to your content and superb delivery. This solved my customers issues and more importantly helped me understand more about Microsoft 365 🙏
wow. Complex topic, but It cant be explained any more simply than this. Nice. Planning to read all your contents now. Subscribed as well
Thanks for your video. I have two email addresses to my business do you know if I should add both to my dmarc records? There seems to be conflicting ideas out there saying it is possible but, they can cause problems adding more than one email address to the dmarc record?
incredible tutorial - nothing else online compares
Very helpful video Jonathan. I manage a few tenants and valimail will definitely come in handy for me. Cheers!
I have set all of these up as per the video and I still find some of my emails going to spam on test emails. I only set up the domain and emails yesterday so maybe it will take a few days to sort itself out? Some will go into the inbox I send them to and others will go into spam just seems to be the luck of the draw. Is there anything I may be missing or do new domains usually take a few days to work properly? Thank you. Great video for setting everything up!
Thank you for the clear definitions of each email security checks. Do you have any recommendations for passing the new google strict policies that are being enforced? Wondering if you will make a video regarding those changes? Cheers.
Many thanks! you save my life! Best Regards!!!!!!
really excellent, i just updated my domain !
Thanks Jonathan, awesome video, clear and great level of detail.
tid bits of gold nuggets, thank Jonathan.
Great video. Question. What about parking a domain that isn’t being used for email. How do you set that up?
Fantastic video. I look after 365 for a charity I work with and they started getting rejections for email shots to members from Yahoo and it looks like Dkim and Dmarc need setting. It all looks a bit daunting but I think I can give it a go after watching this. Many thanks. Subscribed.
It should work bro, i just solved for a company that could not send to yahoo wit the same method
@@recentupdates3272 Thanks. Just getting all my stuff in order as to what to do and where to do it and ill give it a go. Hosting is Zen and I have support for 365 through Microsoft so I should be ok.
Quick and easy to follow 🎉
This is awesome!! What coding language did you use to create this?
Congrats for the content! What if I use a third party email filtering with O365? Do I need to set that policies on that side as well ?
Came for the knowledge, stayed for the beard. Both of which are absolutely brilliant. Thanks a bunch!
What do you do when you go to the DNS settings at your registrar and discover that there are already CNAME values in the record, but they are not the same ones provided by your email host? Do you edit the values? Do you add the new values? Do you delete the existing CNAME values and start over? Thanks for the content!
@@ericmatthaei9711 Add new values…. The other CNAME’s records are probably there for a reason……
This is very helpful. Thank you! That said, I am getting an error on DKIM and DMARC within MXtoolbox. Do you have the exact text to copy for DMARC or know where I can find? Also, my CNAME defaults to 14400 TTL. Should I have used 3600 for the DKIM?
Thanks! Great info. Sucks that M$ doesn't at least create a DKIM record by default when they hold the DNS for a domain in their own nameservers. And FFS, they could at least link from the DNS page to the authentications settings where this is created.
Best video and explaination
GOD BLESS YOU! It was better than any other video or material online. Well done on explaining it so well. You saved me hours man! Next beer on me.
I set up an automatic reply, but it only works in Teams. Recipients inside and outside the organization aren't receiving an email reply. However, they can see the message header at the top of the email, which displays the automatic reply message in red.
Note: This problem only happens with my custom domain.
No rules have been set up, and I sued a private window, but it didn't work.
I used another domain, and it worked.
What could be the reason, and how can I figure it out?
Very good explanation and you made it easy to understand
Very useful information. Many thanks.
Great video Jonathan. Two questions. Can I remove the TXT record when the SPF has been verified in O365. Where are the DMARC settings I need to put into my public DNS console? Thanks
No, don’t remove the SPF TXT record
For the DMARC settings look at step 4
learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dmarc-configure?view=o365-worldwide#set-up-dmarc-for-outbound-mail-from-microsoft-365
Perfect thank you, I appreciate your help.@@bearded365guy
Thank you so much @JonathanEdwardsTech. You have just made this thing so much easier to understand and now implement. Am so much more confident in being able to deploy this to my own domain and then go on from there. Keep up the great videos you keep posting.
Thank you
Excellent Video!!! Thank you so much
Thank you very much sir!
All setup now, so easy!
It’s a great explanation 😮
Bro its an wonderful content and i learnt the things in few minutes, Subscribed :)
Hello, does every domain/ sub domain need a separate DKIM key uploaded to DNS?
Yes
Excellent overview.
Great walkthrough!! Keep up the great content
But isnt it that if you use the nameservers of microsoft, it will automatically configure this for you if you choose that option?
What do you think about Cloudflare DMARC checker?
I’ve not seen it or used it. Have you?
Excellent video. Is MXtoolbox a good test for DKIM? It never seems to find my DKIM records. I not sure if I'm not using the correct format in my DKIM lookup for what, but I'm sure the DNS records are correct as you've done them here.
@@MendocAWB there are a few DKIM checkers. I usually use a couple of them.
@@bearded365guy Cool. Which ones would you suggest?
@@MendocAWB This one is good - dmarcian.com/dmarc-inspector/
@@bearded365guy Thanks, but thats a DMARC checker, I'm looking for a DKIM checker?
@@bearded365guy Arrr I figured out what I was doing wrong with the MXtoolbox DKIM checker. For the selector I was putting email like is shown in the MXtoolbox example. But for M365 the selector is selector1. If I use selector1 in the checker then the result comes back as valid.
Wow... This is awesome. Very easy to follow. Thanks v much
Hi when I use the MXTOOLS for DMARC there's an error can you help me? here's the error....
DMARC Policy Not Enabled
What you see when your domain has this problem
No DMARC Protection
OK, it looks like you haven’t implemented DMARC yet?
Will a dmarc of v=DMARC1; p=none; be sufficient for microsoft?
Thanks for the content it was super helpful my 365 domains now have the 3 of them.
One question, if Im getting what i think is spoofed emails from a company(they contain weird attachments and htmls with phishing) and when I check they dont have DMARC or DKIM but spf is correct. I might be wrong but doesnt SPF should avoid anyone from spoofing their emails? Does that mean that the emails are being sent from a genuine person in their company?
Thank you!
Haha i answered myself while reading more about this, the other company is using an SPF record with the ~all which means it will allow softFails, i checked the spoofed mail in question and it said it softFailed. Does that mean that there is no other way to avoid spoofed emails if the companies I work with dont implement DMARC? THx!
Great stuff, could you please make the video regarding the outlook connector.
This seems be mostly applicable to sending emails outside of our domain, does these setting helps in curbing malicious phising email sent from outside of the domain? or the security is only meant for sending emails outside?
SPF, DKIM and DMARC are all designed to protect against malious use of your domain by others, by enabling recipient systems to identify mail sent by your domain as being genuine - or not! So yes, you're correct, they only apply to mail sent by your domain, they don't provide any protection or filtering against incoming phishing or other malicious or junk email. That's done by your email host and their mail filtering, or by a 3rd party mail filtering service if you use one.
Would like to thank you for making this concise, helpful video.!
Thanks John
Excellent video, thanks a lot!
Hey mate, I am tearing my hair out. I'm trying to authenticate a subdomain with Brevo which is an email platform but I use Microsoft for my main domain for emailing. The records are entered in Microsoft but will not authenticate on Brevo's side. Microsoft agents are absooutely useless. I purchased my domain with Crazydomains but they say I have to enter the records with MS as they host my emails which is fine. They are updated.
Any ideas?
I found our DKIM disabled and not published to our public DNS, How i can republish it again?
Thank you for the video - it was a great help!
Great video, explained everything perfectly. Thanks so much, keep up the great work 🙂
Thank you
Great video, you have saved the day.
Dude....Thank you!👊
Great explanation! beardedguy365 suits you well, hahaha.
You are amazing
Dude, I did the configuration and after a month my emails went back to the spam folder. Even not sending it to a large number of users. Can you help me with a solution?
Great video, thanks.
Excellent explanation, thank you. RD CAPITAL SL LTD
When checking mail health in MXToolbox "May be an open relay" is normal?
Yeah, I got the same thing!
@@cca8161IIn an interview about the theme, someone with experience told me that free tool are not exact. In my opinion is de ~all not an exact Ip.
Hello, can you make a video on how to implement MTA-STS? Thank you.
Thanks a lot
Thanks man
Atlanta
You da man
Heeyy Jonathan, You're the best in teaching. I enjoyed your tutorial! I'm giving you a thumbs up and a subscribe click right away. Thanks so much!
Thanks!
Great video, you said you can't have DMARC without DKIM and SPF. My understanding is this is incorrect
the sound popping it killing me , but nice explanation
Who else is here because of Yahoo? Wow this issue won't go well for small business owners not understanding how to edit DNS etc.😮
im here bro, i just solved an issue with the same method, all my customers been disturbing me with the same issue
Brilliant explanation, thank you!
Thanks a lot for this, Jonathan! 🫡
Great video. Question. What about parking a domain that isn’t being used for email. How do you set that up?