Turning on DKIM is done using a PowerShell command, which you’ll want to run in the same window as above. Once you get logged in to O365, you need to enable DKIM for the domain. You’ll need to bypass MFA for your public IP address for this to work.
#OFFICE 365 EMAIL SETTINGS FOR QUICKBOOKS CODE#
Keep in mind that if you have MFA enabled (which you should have), this code won’t work.
#OFFICE 365 EMAIL SETTINGS FOR QUICKBOOKS PASSWORD#
Enter the username and password of your account that has admin rights within your O365 environment. Once you run that, it’ll prompt you for a username and password. Import-PSSession $Session -DisableNameChecking $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection You’ll need to run the PowerShell window in Admin mode. This is done using a simple bit of code that you can run in PowerShell. To create this in Office 365 (where DCAC hosts its email), the first thing you need to do is to connect to Office 365 in PowerShell. Since we use Office 365, we need to set up DKIM in Office 365. Your email provider will give you the values that you need to put in place. This is another set of DNS records that need to be created. DKIMĪfter you set up SPF, you will want to set up DKIM. It means to ignore SPF and do other checking and use that to decide if it’s junk email or not. This is the same as not having “all” and tells the receiving server that the email isn’t from a valid server, but it shouldn’t fail it either. The final value you can use is “?” which means that anything which matches “all” is given a match of Neutral. Eventually, we’ll change this from “~” to “-“. The “~” which we use means that any emails that match “all” are given a soft failure. You can use a “-” which means that all emails will fail SPF checking if they match “all”. You can use a “+” which means that all emails will pass SPF checking, you probably don’t want this as unauthorized emails would be marked as valid. There are a few values that can be used instead of the “~”. The “~” before “all” says that an email that matches “all” will be marked as a soft failure. So if the email is sent through another email server that isn’t listed, then it’s processed by the “all” record. The values within the SPF record are processed in the order listed. The final part is the “~all” section of the record. Again, since you can’t send email as someone else’s domain without verifying that it’s your domain, we can trust this setup. The “include:” section is the SPG section for SendGrid. The “include:” section is the SPF section for MailChimp. As Office 365 will send all emails from severs that come back to that DNS name, this marks all the records as valid and since you can’t send email through Office 365 without authenticating, we can trust this setup. This section says that any emails that are sent from Office 365’s outbound email servers are valid. The “include:” section is the SPF section for Office 365. QuickBooks Online uses a bunch of outbound email servers, and they are all contained within the three subnets listed. If version 2 of SPF comes out, then this would need to be changed to that.
The “v=spf1” part says that this is SPF version 1. Let me explain how this specific record works.
This all needs to be added to our SPF record so that emails sent by any of these services are marked as valid from an SPF perspective. In the case of DCAC, we use Office 365 as well as SendGrid, QuickBooks Online, and MailChimp. To add this in, you first need to know what servers will be sending emails for your domain. This record is a text record at the root of the domain. There’s a couple of different records that need to be created. When the emails are then received by the receiving email server, it checks these DNS records against the email that was just received to see if the email was sent from an SMTP server that is listed in the DNS record. This involves setting a few DNS records in the DNS domain for that company. One of the ways that companies can help others ensure that emails are coming from where they claim to be coming from, is to set up outbound email security. Anyone can send email as another person, which is one of the reasons that we have junk email.
Email is the wild wild west of the internet.