Has anyone else experienced intermittent failures in DKIM verification within DMARC RUA reports for Exchange Online? Some users are receiving Non-Delivery Reports (NDRs) due to the DMARC policy. Interestingly, this issue seems to happen even with DKIM signatures generated by M365 itself. I found a link discussing similar problems, but it's lacking clarity. I'm curious if anyone has successfully addressed this with Microsoft Support and what specific details to include when filing a support ticket.
3 Answers
Yes, I dealt with this and it seems to be related to a bug in Windows DNS, particularly with the defender anti-spam service. This issue tends to cause SPF and DKIM temporary errors. Unfortunately, the only way to address it is to submit a support ticket to Microsoft and join the others voicing concerns.
It's always a DNS issue, right?
I had similar issues a while back, and I found that changing the TTL of the DKIM records to 3600 fixed the problem. Microsoft Support mentioned that they can't guarantee DKIM will work well with a TTL less than 3600.
Not really! If Google and Yahoo! don't bounce the same messages, it can't just be DNS.