I'm having some trouble with a dedicated Linux mail server at work that sends automated messages. We're running into warnings in the logs regarding SPF and DKIM. Here's the log entry I'm seeing:
```
470EC4024D18C 6398 Fri Sep 19 15:15:38 [email protected]
(host cbsoregon-com.mail.protection.outlook.com[2a01:111:f403:f805::] said: 450 4.7.26 Service does not accept messages sent over IPv6 [2604:d200::45] unless they pass either SPF or DKIM validation (message not signed) (S825).
```
We don't send a lot of emails, around 100 a day, and I believe our SPF record is set up correctly for the domain web-ster.com, including the associated IPv6 address. However, I haven't set up DKIM, and the warning indicates that messages are not signed. Some messages are experiencing delays, showing as "deferred" and arriving 10-20 minutes late. Is the warning just a standard alert for all IPv6 messages, or might it indicate a more serious issue?
2 Answers
You definitely want to prioritize setting up DKIM over SPF. DKIM can solve a lot of the limitations that SPF has, and many email providers are leaning heavily on DKIM for determining email delivery. Just a heads-up, Google rates your domain’s reputation largely on your DKIM status.
DKIM is pretty crucial for all major email providers like Gmail and Microsoft. They usually require both DKIM and SPF to ensure your emails are trusted. It might be worth setting up DKIM for your server to avoid these kinds of issues in the future. Also, don't forget that DMARC is becoming important too!
The log message mentions that messages sent over IPv6 need either SPF or DKIM validation. I haven’t seen anything specific saying O365 requires DKIM to send emails, but it’s definitely a best practice.