I am noticing the following when I look at the message headers sent from our O365 mailboxes - "dkim=permerror (no key for signature)". However, when I do a DKIM check on various web sites (mxtoolbox.com for example) I get green checks for everything. Our SPF passes too. So, I can't tell if this is something to be concerned about. When we send email externally it goes from O365 (Exchange Online) down to our spam filter appliance and then out to the world. We don't have DKIM setup on our spam appliance, so we are using DKIM in O365. I don't know if I should disable DKIM in O365 and enable it on our spam appliance since that is the last thing that our email passes through or have it enabled in both places (O365 and appliance). I've heard that doing it that way can cause problems even that it is supported.