Minimize Your Emails Ending up as Junk Mail by Leveraging SPF, DMARC, DKIM in Office 365
Do your important emails end up in your recipient's Junk / SPAM folder and you don't always understand why? Many times it is a handful of configuration settings in your email system that haven't been set yet to raise the "reputation level" of your email environment to let your messages flow into Inboxes more often than into SPAM folders.
Why Do Good Messages End up in SPAM / Junk Folders?
Many times emails end up in Junk folders because the content of the message is SPAM-ish, like a generic email blast of some event or newsletter you're trying to send, or you're bcc'g a lot of people on a message. Those you kind of know might get caught up in SPAM filters more frequently.
Other times, someone in your organization has just sent out a bunch of SPAM-ish messages (like your marketing department or sales team) and by no direct fault of yours, your entire organization's email reputation takes a hit so receiving systems will tend to drop more messages into Junk folders because your organization's reputation has been (temporarily) tarnished. If someone in your organization sends out a lot of messages too frequently, you might end up on an email "blacklist" where your emails will most certainly be tightly scrutinized (typically for a 24-hour period).
And then at times when there's a high alert of bad actors sending ransomware type messages, email systems tighten up and will send messages into SPAM/Junk folders more frequently.
What is SPF, DMARC, and DKIM that Tells Recipient Email Systems My Company is Not That Bad of an Organization?
Email systems can be configured with Sender Policy Framework (SPF), Domain-based Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) that effectively informs an email recipient system that your messages are coming from a mostly-valid environment.
It's like when an organization sends you an email for you to "verify" that you are a valid owner or user of the mailbox, these SPF, DMARC, DKIM configurations is one extra step that many spammers don't go through when configuring SPAM mailboxes to blast out messages. Thus if your organization took the extra steps, then there's a higher likelihood you're not a terrible email spammer.
How Difficult is it to Setup SPF, DMARC, and DKIM?
This is the key to this article. A decade ago, setting up SPF took 15-30 minutes, DMARC another 15-30 minutes, and DKIM took a about a day to get through everything needed, and thus it was generally "difficult" to do that spammers didn't take the time to do.
But now with Office 365, setting up SPF and DMARC takes 10 minutes to do (total), and DKIM about an hour (if you've never done it before). If you've done this stuff before, you can get all 3 done in about 15 minutes!
While the bad guys can now do this configuration quite quickly too, it is a few more steps, and most of them don't do it, and since it is so quick and easy for someone in YOUR organization to do, EVERY real organization using Office 365 SHOULD click through the settings to get it done!
How to Configure SPF, DMARC, and DKIM in Office 365?
Here's the step by step guide from Microsoft to setup this SPF, DMARC, and DKIM - https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dkim-configure
For setting up SPF, it's literally going into your Office 365 Admin portal, go to settings, and click a checkbox and click "YES" and the thing automatically configures the SPF records for you and can take care of your DMARC records at the same time.
DKIM requires you to follow another Office 365 Admin link (in the M365 Defender Portal) and click through a handful of steps to have that configured automatically for you.
Again, just a few years ago, this stuff was kind of complicated and required you to get 3rd party certificates and things that cost money and was kind of confusing. Now, it's all built into the Office 365 Admin portal as clicks and checkboxes, it's quick and simple to do.
How Do I Check if My Company has SPF, DMARC, and DKIM Configured?
The easiest thing to do to confirm your company's domain address (the .com, .org, etc) is setup properly is go to a site like MX Toolbox - https://mxtoolbox.com/googleyahoo.aspx which has you send an email to the email address noted, and after you send a message and then type in the source email you send the message to as instructed, it'll tell you the status of your SPF, DMARC, and DKIM.
Wrap-up
Now just because you configure SPF, DMARC, and DKIM won't mysteriously allow all your emails through to your recipients, however for email systems that check whether your SPF, DMARC, and DKIM are configured properly, there's a "better chance" your emails will get to your intended recipient than having it always end up in their junk mail folder...