Important: Starting February 2024, Gmail will require the following for senders who send 5,000 or more messages a day to Gmail accounts: Authenticate outgoing email, avoid sending unwanted or unsolicited email, and make it easy for recipients to unsubscribe. Read the Google documentation here.

With email security being a paramount concern in today’s digital landscape, staying compliant with the latest email sending guidelines is critical for organizations. Microsoft 365 users, particularly those with domains hosted on platforms like GoDaddy, Crazy Domains, Blue Host, and Melbourne IT, need to be especially mindful of these updates. This guide offers a step-by-step approach to ensure your domain aligns with the latest requirements, focusing on essential email authentication protocols.

Understanding the Shift

Microsoft 365 has set forth guidelines that emphasize the importance of email authentication methods such as SPF, DKIM, and DMARC. These protocols are vital in combating issues like email spoofing, phishing, and spam, which can significantly impact your organization’s credibility and email deliverability.

Step-by-Step Guide for Microsoft 365 Users

Step 1: Implement SPF (Sender Policy Framework)

SPF is designed to prevent unauthorized use of your domain in email headers.

1. Access DNS Settings:
   • Log into the DNS management tool of your domain provider (GoDaddy, Crazy Domains, etc.).
2. Add/Update SPF Record:
   • Type: TXT
   • Host: @
   • Value: v=spf1 include:spf.protection.outlook.com -all
   • This record authorizes Microsoft’s servers to send emails on behalf of your domain.

Step 2: Configure DKIM (DomainKeys Identified Mail)

DKIM helps ensure the content of your emails remains tamper-free from sender to recipient.

1. Get DKIM Keys from Microsoft 365:
   • In your Microsoft 365 admin center, navigate to the DKIM settings under the ‘Protection’ section.
   • Microsoft will provide you with two CNAME records for DKIM.
2. Add DKIM Records in DNS:

   • Adding DKIM record

     Step 1: Click on the domain you wish to configure DKIM on DKIM page (https://security.microsoft.com/dkimv2)

     

     Step 2: Slide the toggle to Enable. You will see a pop-up window, click on “Create DKIM keys” button. Wait a few seconds.

     

   • Type: CNAME
   • Host/Name: Provided by Microsoft (e.g., selector1._domainkey).
   • Points to: Specific value provided by Microsoft 365.

Step 3: Set Up DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC uses SPF and DKIM to authenticate emails and gives instructions for handling authentication failures.

1. Create DMARC Record:
   • Type: TXT
   • Host: _dmarc
   • Value: v=DMARC1; p=none; rua=mailto:your_email@yourdomain.com
   • This DMARC policy is for monitoring and does not affect email deliverability.

Additional Steps for Different Hosts

• GoDaddy/Crazy Domains/Blue Host/Melbourne IT:
  • Log into your hosting account.
  • Navigate to your domain’s DNS settings.
  • Follow the above steps to add SPF, DKIM, and DMARC records.
• PTR Records: If your emails are sent from a dedicated IP, make sure you have a PTR record for reverse DNS lookup, typically managed by your hosting provider.
• Verification and Monitoring:
  • Use tools like MXToolbox to verify your DNS records.
  • Regularly monitor your email deliverability and check for any issues.

Adapting to these essential email security protocols is not just about adhering to standards; it’s about protecting your organization’s digital communication ecosystem. By properly configuring SPF, DKIM, and DMARC records, you ensure the integrity of your emails and safeguard your domain against misuse. As the digital domain continues to evolve, staying proactive in email security will remain a cornerstone of successful digital communication.

By following these guidelines, Microsoft 365 users with domains hosted on popular platforms like GoDaddy, Crazy Domains, Blue Host, and Melbourne IT can enhance their email security and compliance.