Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: SOCIAL ENGINEERING
- CIS: M365 4.11 - (L1) Ensure that DKIM is enabled for all Exchange Online Domains
This Customer Check verifies whether DKIM is correctly configured for all domains linked to Exchange Online.
Why this check?
DKIM is an important feature to demonstrate the authenticity of your email messages. Conversely, it serves to block emails that are falsely sent in your name, for example by phishers and spammers. This indirectly serves the reputation of your organization, as without this protection, an attacker could supposedly impersonate you to deceive someone.
DKIM stands for DomainKeys Identified Mail. This feature prevents email spoofing by allowing the recipient of your emails to verify whether the sending email server is authorized to email on behalf of your domain. DKIM works through certificates and is recommended along with SPF (CHK-1033) and DMARC (CHK-1030) to optimize the reliability of email traffic.
CIS Benchmarks
This measure aligns with the following item from the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:
- CIS M365 4.11 - (L1) Ensure that DKIM is enabled for all Exchange Online Domains
What are the possible outcomes of the check?
This check has several possible outcomes. In Attic, this is reflected as follows:
- Okay: DKIM is correctly configured for all email domains, including the necessary DNS records
- Error: DKIM is enabled in Exchange Online, but not yet properly configured in DNS
- Warning: DKIM is not enabled in Exchange Online, and possibly not properly configured in DNS either
How should this be followed up?
If the output is Error or Warning , we advise setting up DKIM for all domains where this is not yet or not fully the case. Unfortunately, we cannot automate this for you with a Fix.
Follow the instructions on implementing DKIM here:
Use DKIM for email in your custom domain - Office 365 | Microsoft Docs.
Comments
0 comments
Please sign in to leave a comment.