cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
1519
Views
0
Helpful
1
Replies

Cisco ESA - DKIM signatures do not verify on outlook, hotmail

Hernan69
Level 1
Level 1

Morning, 

 

We have just deployed our new ESA and when an email is sent from my organization to my organization email addresses, yahoo.co.uk, Gmail, iCloud, etc the DKIM signature passes and all emails are delivered to the 'Inbox' with the exception of Outlook/Hotmail, all my organization email go directly to the Junk folder:

Fail header note:

Authentication-Results: spf=pass (sender IP is xx.xx.xx.xx)
smtp.mailfrom=mydomain.co.uk; hotmail.com; dkim=fail (signature
did not verify) header.d=mydomain.co.uk;hotmail.com; dmarc=pass
action=none header.from=mydomain.co.uk;
Received-SPF: Pass (protection.outlook.com: domain of
mydomain.co.uk designates xx.xx.xx.xx as permitted sender)
receiver=protection.outlook.com; client-ip=xx.xx.xx.xx;
helo=blah2.hx5555-55.x1x2.iphmx.com;

Thanks,
Hernan

1 Reply 1

marc.luescherFRE
Spotlight

We ran into similar issues with our customer facing domains a while back.

 

After verifying that all outbound message are correctly DKIM signed and the alignment is correct we did some further research.

Having an older - even no longer officially required - SenderID DNS entry helped us overcome the issue for our outbound patient emails sent to Hotmail, Outlook, AOL and comcast.net to be classified as junk.

 

All those providers have a stricter validation policy.

 

Such a DNS record would just be a TXT record for your email domain with spf2.0/pra ?all as content.

 

Hope that helps you as well.