The following topic explains how the customer can verify outbound email messages when using Office 365.
Customer messages where identified by a combination of origin IP address and the domain name.
When cloud services, such as Office 365 are being used, the IP range is Microsoft IP range which applies to all Microsoft 365 customers, and the Domain name might not always be present in the From header details.
Cyren has utilized an additional mechanism to explicitly identify customer`s emails when sent from the customer in the outbound email channel to outside recipients.
By default, sending an email from Office 365 as a tenant will result with a designated DKIM signature that was inserted by the Office 365-email service.
The DKIM is based on the following structure: <Customer_Domain>.onmicrosoft.com
The first part <Customer_Domain> represents the tenant`s domain , i.e. Cyren`s customer.
Cyren uses this information to extract the tenant`s domain, and identify any captured message, and assign it correctly to the specific customer it belongs to in the outbound path.
This is because Microsoft is adding DKIM signatures to outgoing email, even when customers have not explicitly enabled DKIM-signing for their domain(s).
There are two possible scenarios for insertion of DKIM signature:
Both cases will result with the following structure: