Just wondering if anyone has ever setup DKIM with multiple email protection gateways
We are running with 365 and a couple of email protection gateways in front
Do you need to add the public key to each gateway? or just enable DKIM on 365 and it will flow through each gateway without any issues?
It's the recipient that performs the DKIM verification, the public key being published on DNS (RFC 6376, 3.6.2). If the email gateway does an extra validation, it should check the public key from the DNS, too.
DKIM signatures will survive passing the protection gateway, and it even survives email forwarding, where the SMTP envelope sender (RFC 5321, 3.3) gets rewritten. Therefore, it's most straightforward to DKIM sign the messages at the source, in this case by Office 365.
