Office 365 DKIM and Anti-Spam

Nobody likes to get spam in their inbox. Thankfully, many email providers offer built-in spam filters. For example, Office 365 DKIM anti-spam tools include email authentication, connection filtering, outbound filtering, and transport rules (essentially custom settings). As many Xink users rely heavily on Office 365 for email, we thought it would be helpful to go over these various filter options. Particularly email authentication and transport rules.

First some naming

Email signature and digital signature, what is the difference? Sometimes the two are referred to as just the ‘signature’ but we need to clarify what is what. So:

  • The email signature is your email footer, the greeting in the bottom of your email containing your contact details, logos and signature campaigns
  • The digital signature is added to your email when it is sent to guarantee that the content of the email is genuine. DKIM is in particular a finger print used to sort out your email from spam. Hence guaranteeing that your email/domain is genuine and real.

However there is one unfortunate side effect when using Office 365’s own anti-spam functionality (and DKIM) when rerouting emails to apply the email signature. If you use DKIM then the digital signature will break, but the email signature will be added as expected. This is in fact not a bug, but by design! DKIM is there to ensure that the email content has not been changed after it was sent. And if you reroute the email to replace the signature, then the digital signature will break because the email signature itself is modified.

Luckily Xink has a solution to that! Simply use our Xink client app instead for Windows and Mac! I.e. do not reroute your emails in this case, and then your emails stay digitally signed all the way through.. And you still have your email signature branding (and see it while you compose the email). Then your Office 365 DKIM setup will work.

Just a brief explanation to what the Office 365 DKIM and anti-spam tools do:

Connection and Outbound Filtering 101

These filters check both inbound and outbound messages to ensure they are legitimate and free of malware. Any inbound messages that are from an unknown or untrustworthy source are automatically dispatched to the spam folder.

To ensure that email messages are always received from trusted IP addresses or IP address ranges, Office 365 allows you to set up Allow lists and Block lists. These Office 365 anti-spam tools are fairly common, and easily understood, so let’s continue on to two lesser known anti-spam tools: transport rules and email authentication.

Office 365 Transport Rules

Taking things one step further, Office 365 allows you to create custom rules tailored to your own internal business policies and practices. As you can see, Office 365 anti-spam tools are far more advanced and capable than you may have originally thought. The Transport rules feature acts as a filter but the difference is that it gives you complete control over the settings. As an example, with the Transport rules, you can set values for Office 365’s spam confidence level, or SCL. This enables you to create values for messages that meet specific criteria or conditions. In fact Xink’s rerouting feature uses the transport rules.

Email Authentication (DKIM, SPF and DMARC)

Office 365 anti-spam tools include a number of email authentication technologies. These can be used to filter inbound messages and help ensure safe delivery of outbound messages (by inserting verifiable information about the sender into the email). These technologies include:

  • Sender Policy Framework (SPF): SPF verifies the IP address of the sender by cross-referencing it against the known or alleged owner of the sending domain. Through this process, Office 365 can validate the email’s origin and determine if it is legitimate or not.
  • DomainKeys Identified Mail (DKIM): DKIM lets you attach a digital signature to all outbound email messages. This digital signature acts as a fingerprint, which enables your messages to be verified on the receiving end. Messages which include this signature are known to be trustworthy.
  • Domain-based Message Authentication, Reporting, and Conformance (DMARC): If an email message fails an SPF or DKIM test for any reason, the DMARC Office 365 anti-spam tool helps receiving email systems determine what to do with these messages. In simple terms, DKIM provides an additional level of trust for email partners.

With these tools, you can not only reduce the amount of spam that appears in your inbox, but also take steps to ensure that your company’s outbound messages are received as they should be. Remember, if your messages land in someone else’s junk folder, the content within those messages is pointless. — They might as well not have been sent in the first place. Don’t let this happen..

So how does Office 365’s DKIM and anti-spam work with Xink?

So now we get to the point. If you rely on the above for your anti-spam, the rerouting solution is not for you. In that case you need to use our Xink Client App which in fact also allows you to see the signature as you compose the email.

Office 365 DKIM

With the Xink client app you just install it on all PC’s via Group Policy. It will automatically connect to your Xink account via the cloud and retrieve the signatures. Everything is visible to the user when they compose the email. They can even choose more signatures if you have added optional signatures to choose from.

So with this solution you have full visual identity and you can see the signature as the email is composed. If you do not have digital signatures to preserve, you can just use the rerouting feature or use it as a supplement for your mobiles while your enjoy the Xink client app on Windows and Mac. Here is more about how the Xink client app works and hot to set up:

So all in all you can still use Office 365 DKIM and anti-spam tools and ensure your branded email signatures. All with Xink…

Try Xink now!


Share Xink.ioEmail this to someoneShare on FacebookShare on Google+Share on LinkedInTweet about this on TwitterShare on StumbleUponShare on Tumblr