Support for validation of DKIM signed messages

Exchange Online Protection (EOP) and Exchange Online support inbound validation of Domain Keys Identified Mail (DKIM) messages. DKIM is a method for validating that a message was sent from the domain it says it originated from and that it was not spoofed by someone else. It ties an email message to the organization responsible for sending it. DKIM verification is automatically used for all messages sent over IPv6 communications. Office 365 also now supports DKIM when mail is sent over IPv4. (For more information about IPv6 support, see Support for anonymous inbound email messages over IPv6.)

DKIM validates a digitally signed message that appears in the DKIM-Signature header in the message headers. The results of a DKIM-Signature validation is stamped in the Authentication-Results header which conforms with RFC 7001 (Message Header Field for Indicating Message Authentication Status). The message header text appears similar to the following (where is the sender):

Authentication-Results: <>; dkim=pass (signature was verified);

Admins can create Exchange mail flow rules (also known as transport rules) on the results of a DKIM validation to filter or route messages as needed.