Cisco ESA - DKIM signatures do not verify on outlook, hotmail
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2019 01:35 AM
Morning,
We have just deployed our new ESA and when an email is sent from my organization to my organization email addresses, yahoo.co.uk, Gmail, iCloud, etc the DKIM signature passes and all emails are delivered to the 'Inbox' with the exception of Outlook/Hotmail, all my organization email go directly to the Junk folder:
Fail header note:
Authentication-Results: spf=pass (sender IP is xx.xx.xx.xx)
smtp.mailfrom=mydomain.co.uk; hotmail.com; dkim=fail (signature
did not verify) header.d=mydomain.co.uk;hotmail.com; dmarc=pass
action=none header.from=mydomain.co.uk;
Received-SPF: Pass (protection.outlook.com: domain of
mydomain.co.uk designates xx.xx.xx.xx as permitted sender)
receiver=protection.outlook.com; client-ip=xx.xx.xx.xx;
helo=blah2.hx5555-55.x1x2.iphmx.com;
Thanks,
Hernan
- Labels:
-
Email Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2019 04:11 AM
We ran into similar issues with our customer facing domains a while back.
After verifying that all outbound message are correctly DKIM signed and the alignment is correct we did some further research.
Having an older - even no longer officially required - SenderID DNS entry helped us overcome the issue for our outbound patient emails sent to Hotmail, Outlook, AOL and comcast.net to be classified as junk.
All those providers have a stricter validation policy.
Such a DNS record would just be a TXT record for your email domain with spf2.0/pra ?all as content.
Hope that helps you as well.
