The following topic explains how the customer can verify outbound email messages when using Office 365.

Customer messages where identified by a combination of origin IP address and the domain name.

When cloud services, such as Office 365 are being used, the IP range is Microsoft IP range which applies to all Microsoft 365 customers, and the Domain name might not always be present in the From header details.

Cyren has utilized an additional mechanism to explicitly identify customer`s emails when sent from the customer in the outbound email channel to outside recipients.

Using DKIM in Office 365 for Customer Validation

By default, sending an email from Office 365 as a tenant will result with a designated DKIM signature that was inserted by the Office 365-email service.

The DKIM is based on the following structure: <Customer_Domain>

The first part <Customer_Domain> represents the tenant`s domain , i.e. Cyren`s customer.

Cyren uses this information to extract the tenant`s domain, and identify any captured message, and assign it correctly to the specific customer it belongs to in the outbound path.

This is because Microsoft is adding DKIM signatures to outgoing email, even when customers have not explicitly enabled DKIM-signing for their domain(s).

There are two possible scenarios for insertion of DKIM signature:

  1. Default Outbound DKIM in Office 365
  2. Customer specific Outbound DKIM in Office 365

Both cases will result with the following structure:


The DKIM signature is not validated and verified at this stage.

Related Topics

  • No labels