Pro User
explore our new search
Boost Email Security with Top 3 MS 365 Settings
Dec 18, 2023 5:30 AM

Boost Email Security with Top 3 MS 365 Settings

by HubSite 365 about Jonathan Edwards

No-Faffing Managed IT Support & Cyber Security Support. Made in Yorkshire, built for the UK.

AdministratorSecurityLearning Selection

Boost Microsoft 365 Email Defense with SPF, DKIM, & DMARC Settings!

Key insights


Improve your Microsoft 365 email security with these three key settings:

  • SPF (Sender Policy Framework) helps verify email sender domains to combat spam or phishing.
  • DKIM (DomainKeys Identified Mail) adds a digital signature to emails for authenticity checks.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance) combines SPF and DKIM, rejecting emails that don't verify.

Enabling these settings can significantly reduce spam, phishing, and email attacks for your organization.


To enable these features, you need to make DNS record changes as follows:

  • Add an SPF record with your domain details to confirm the sender's identity.
  • Create and add a DKIM key pair to ensure email authenticity.
  • Implement a DMARC record, with options for how to handle policy violations such as 'none,' 'quarantine,' or 'reject.'

By taking these steps, you can enhance your organization's protection against malicious email activity.

Email Protection in Microsoft 365

Within Microsoft 365, there are three essential settings that can enhance your email protection. Implementing these measures is critical for defending against unwanted email threats. The first setting is the SPF, which stands for Sender Policy Framework.

SPF functions by authenticating the email sender against a DNS record. If the domain of the sender does not match the record, the email is treated as a potential threat. The second key setting is DKIM, which is a system for email verification.

DKIM ensures the authenticity of an email by attaching a digital stamp. This stamp confirms that the email was indeed sent from the claimed sender. The third setting is DMARC, which is a robust security protocol.

DMARC incorporates both SPF and DKIM checks. It mandates that emails from a domain are verified through these two methods. Emails failing to meet the criteria are typically discarded.

To activate these settings, specific steps must be taken. For SPF, a DNS record is added to your domain. The record will include specific information to ensure proper setup.

  • SPF should be enabled with an appropriate DNS entry.

  • DKIM requires generating a key pair and updating the DNS record accordingly.

  • DMARC is set up by adding its record to DNS and defining the policy action.

These actions are key to enhancing your email's protection in Microsoft 365. By implementing these settings, you reduce the risk of spam, phishing, or other email-based attacks targeting your organization.

The guidelines for enabling these protocols are straightforward. To set up SPF, you will need to include specific syntax in your DNS. For DKIM, a key pair creation is essential, which is then recorded in the DNS. DMARC also requires DNS record entry, with policy actions ranging from no action to rejection of violating emails.

Embracing these steps will significantly improve your organization's email integrity on the Microsoft 365 platform. While the configurations may seem technical, they play a crucial role in safeguarding communications against advanced email threats modern organizations face.

Security - Boost Email Security with Top 3 MS 365 Settings


Microsoft 365 Email Security Best Practices, Enhance Microsoft 365 Email Protection, Optimize Email Security Settings, Strengthen Office 365 Mail Security, Advanced Email Security Techniques, Secure Microsoft 365 Email Configuration, Microsoft Email Security Improvements, Office 365 Email Security Features, Increase Microsoft Email Safety, Protecting Email in Microsoft 365