As most companies we use our own domain name with M365 and setup DKIM years ago on an appliance that sends/receives all email. I discovered that Microsoft appears to have turned DKIM on by default for the onmicrosoft.com domain as I am 100% sure we did not configure since we do NOT use that domain and we ONLY sign on the appliance.
Is there any potential value at configuring DKIM on this domain that we do NOT use?
Hey erowe configuring DKIM on your onmicrosoft.com domain wouldn’t hurt anything, but we would recommend at least setting up DMARC on this domain to protect it from being spoofed.
I concur with Joshua as well. Any Domains unused or not should be protected with DMARC
Microsoft configures DKIM on these onmicrosoft.com domains whether you want to do so or not. The issue that I have observed seems to be that some vendors do not seem to like more than one DKIM signature. Vendors like Microsoft and Google have no issues with multiple DKIM signatures… Of course it is just conjecture since I do not have a way to get that entity to explain why the DKIM fails for the couple of emails per day when we send thousands per day to other domains.