I run a small organisation with our email (@ourdomain.com) hosted on Microsoft Exchange (so, DNS has all the DKIM / SPF etc records for Microsoft to enable this and fully authenticate emails in the current required way).
I want to use a third party CRM (with Zoho) that won't directly access our email, but will send from @ourdomain.com through their server.
They naturally want us to 'authenticate' we own the domain (via a code sent to our email, easily done), but they also ask us to add DKIM/SPF records...
"mandatory" to add DKIM "Add the public key below to the subdomain" with key "k=rsa; p=very_long_hash/very_long_hash/short_hash/long_hash/long_hash/verrrrry_long_hash"
recommended to add SPF "v=spf1 include:one.zoho.eu ~all"
My question is, can I add these additional DKIM/SPF records to our DNS without disrupting the Microsoft Exchange email hosting? Is it possible to add multiple records like this? Is there any danger in doing so?
Naturally... the last thing I want to do is mess up our email!!
An answer on (1) is this possible (mutliple records)? and (2) noting any major pros/cons of adding this configuration would be appreciated!
Yes, you can have multiple DKIM records, because each one will have a unique selector (the "subdomain" they mention).
No, you can't have multiple SPF records for the same domain, but you can combine them into one, for example if you already have:
v=spf1 a mx include:someprovider.example.com ~all
and you want to add
v=spf1 include:one.zoho.eu ~all
You would combine them like this:
v=spf1 a mx include:someprovider.example.com include:one.zoho.eu ~all