Chirag Shukla avatar image
Chirag Shukla asked Chirag Shukla commented

Outgoing fax not working when sent through email due to DKIM issue with O365

We send faxes via email. That stopped working on Apr 22, 2021.

RingCentral had informed us about Email-to-Fax Security Enhancement that they were going to perform on Apr 21, 2021. No downtime was expected. After the update, faxes sent with DKIM signatures that do not match with the domain's public DNS records will fail. If you do not use DKIM signatures with your emails, you will not see any change with your email-to-fax transactions.

We don't use DKIM. For us, no action was necessary. However, email-to-fax stopped working the following day.

Our outgoing messages have no DKIM headers:

Authentication-Results: spf=none (sender IP is x.x.x.x);;
dkim=none (message not signed)

And yet, we were impacted.


Here's the workaround we applied. Using powershell,


will give us the status of DKIM. Following that, we had to do

Set-DkimSigningConfig -Identity <domainname> -Enabled $false

to ask Microsoft to not use DKIM in our account even though our outgoing headers don't use DKIM. You can also view status of DKIM on O365 on

This is a workaround because there is no guaranty that Microsoft will keep our setting.


I'm sure this issue hit O365 users like us. Does RingCentral have a permanent solution so that we aren't impacted negatively by such changes? Can RingCentral work with a few diverse and trusted customers, give them some incentive and test such changes before rolling it out to a wider population?

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Joe Cache avatar image Joe Cache commented ·

Not an answer, but I'd get your IT to add SPF/DKIM/DMARC to your domain and DNS - it's not hard, and helps the email world.

0 Likes 0 ·
Chirag Shukla avatar image Chirag Shukla Joe Cache commented ·

We already have SPF on, @Joe Cache. Are you suggesting adding SPF and DKIM and DMARC or are you suggesting SPF or DKIM or DMARC?

0 Likes 0 ·
Joe Cache avatar image Joe Cache Chirag Shukla commented ·

Adding DKIM first and verifying, then adding DMARC rounds out the current security/spam reducing risk. All three should be on - and you can always configure 'soft fails' until you see that everything is going through normally.

We went from getting about 2000 spam a day into our filter, down to about 50.

0 Likes 0 ·
Show more comments

0 Answers

Work together.
From anywhere.

Team messaging, video meetings
and phone - all in one app.

Get the new RingCentral app