Audience: Technical users, administrators.
If you have emails bouncing or going to recipient’s spam, this is the page to quickly work through to figure issues. The cheat sheet assumes you have Office 365 as your email system.
- Check DKIM is setup properly.
- Go to https://admin.microsoft.com/Adminportal/Home#/Domains/Details/<your_domain_name_without_www> example: https://admin.microsoft.com/Adminportal/Home#/Domains/Details/prasna.ca
- Check the two CNAMES that are required under DKIM are with Green Checkmark.
- Go to https://security.microsoft.com/dkimv2
- Check the “Toggle” value is “Enabled” and that “Status” column is “valid”.
- Click on your custom domain name.
- Click on “Rotate DKIM keys”. Hit “Close”. Refresh page.
- Go to your DNS, check you have valid DMARC record.
- Go to your DNS, check if you have a TXT entry with the value of “SPF1”. Verify it exists and run a validity check by using a GPT platform. If the SPF entry has more than one value for INCLUDE, make sure they have corresponding DKIM keys.
- If you are getting emails bounced back to you, you can copy paste the headers into https://mha.azurewebsites.net/ to have a quick analysis of the associated error in the email.
- Use mtoolbox.com to check for zone records stated above to see if they’re being correctly propagated.
- You can do a complete test of email deliverability by going over to https://mxtoolbox.com/deliverability.
- On mtoolbox.com, do a blacklist check.
- You can also do a message trace to get a record of which emails are being delivered by going to https://admin.exchange.microsoft.com/#/messagetrace
Send an email to Microsoft Support if the above doesn’t work. Do note if you had to make changes to zone records, give it some time propagate before testing.
Note: If you want to do this programmatically via PowerShell, here’s the steps.
- Install the powershell module, ExchangePowerShell (Tip: Use Powershell 7.x)
- Command: Run in PowerShell as administrator
- Install-Module ExchangeOnlineManagement -Scope CurrentUser
- Import-Module ExchangeOnlineManagement
- Connect to Office 365:
- Connect-ExchangeOnline -UserPrincipalName adminuser@yourdomain.com
- Command: Run in PowerShell as administrator
- Now that you’re connected to Office 365, here are a few things you can run:
- Check for DKIM signing
- Get-DkimSigningConfig -Identity yourdomain.com
- DKIM signing with all details published
- Get-DkimSigningConfig -Identity yourdomain.com | Format-List
- MX check
- Resolve-DnsName -Name yourdomain.com -Type TXT
- DMARC check
- Resolve-DnsName -Name _dmarc.yourdomain.com -Type TXT
- Message Trace to a specific domain in the last seven days
- Get-MessageTrace -RecipientAddress “*@gmail.com” -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date)
- Check for DKIM signing
There’s a plethora of other commands available, review https://learn.microsoft.com/en-us/powershell/module/exchange/?view=exchange-ps.