How to implement DKIM and/or DMARC on Microsoft Exchange Server
Although many organizations are migrating to the cloud via Microsoft 365 or Exchange Online, we still see many operating their own on-premises Microsoft Exchange Server.
Over the past few years we’ve seen an increase in implementations of DMARC and DKIM in various platforms. Unfortunately, there is no out-of-the-box support for DKIM and DMARC in Microsoft Exchange, but there are third-party solutions available.
There are two types of choices available:
- Deploying a solution in front of Microsoft Exchange via a virtual appliance that is taking the responsibility of the email filtering/authentication.
- Implementing plugins directly on the Microsoft Exchange Server that introduce the missing functionality.
Note: dmarcian is not affiliated with these solutions, so please choose accordingly.Based on previous experiences we’ve encountered, the following plugins introduce DKIM and/or DMARC to an on-premises Microsoft Exchange Server.
- EmailArchitect – DKIM for Exchange Server and IIS SMTP Service
Our deployment experts often recommend EmailArchitects’ DKIM for Exchange Server and IIS SMTP Service.
- Netal – DkimX
Add-on for MS Exchange Server 2013/2016/2019 which supports DKIM-signing of outgoing messages and verification of incoming messages by using SPF, DKIM and DMARC.
- Exchange DKIM Signer (GNU Lesser General Public License)
DKIM Signing Agent for Microsoft Exchange Server
Whether you choose the route of a plugin or virtual appliance, we hope this provides some clarity on implementing DKIM and DMARC on an on-premises Microsoft Exchange Server. Here are other resources to assist with your DMARC and DKIM records:
We’re Here to Help
With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul.
Want to continue the conversation? Head over to the dmarcian Forum.