On-premises Microsoft Exchange Server and IIS SMTP Service do not natively support DKIM signing out of the box. To implement DomainKeys/DKIM on these systems, you must utilize a third-party Transport Agent or plugin. Implementing DKIM is a critical step in preventing email spoofing, reducing spam flags, and achieving DMARC alignment. Why You Need Third-Party Software
Microsoft historically focused its native email authentication development on SPF (Sender Policy Framework) and SenderID for on-premises systems. While Exchange Online (Microsoft 365) natively handles DKIM, on-premises versions—including Exchange 2013, 2016, 2019, and Exchange Server SE—require an external component to handle cryptographic signing. Popular solutions to bridge this gap include:
EA DomainKeys for Exchange and IIS: A widely used, commercial plugin designed specifically for Windows-based mail environments.
Exchange DKIM Signer: A popular, open-source Github project that acts as an Exchange Transport Agent. How DKIM Works in IIS / Exchange
The DKIM workflow utilizes public-key cryptography to validate the integrity of your outgoing mail: Getting Exchange to do DKIM – Server Fault
Leave a Reply