HP ePrint, DMARC & Office 365

I purchased a new HP printer which included remote printing capabilities (which is actually more useful than you would expect).  It worked fine from my work email address, but failed from my personal email, which is a custom domain hosted on Microsoft Office 365

I have never had any kind of issue with the domain, until I wanted to email print, where I was consistently getting 5.7.1 non-delivery reports from HP ePrint servers say my message had been rejected.  It just didn’t make sense.

After speaking to HP support,  it turns out that they require the sending domain to have DMARC configured.  You can check if DMARC is configured for your domain a couple of ways – through message headers or via a tool such as MXToolbox.

Also, a key learning here – is the ORDER in which you configure this as it seems to be somewhat pernickety.  So, that is the background to the problem and the steps to resolve as follows:

  1. Log in to Office 365.  Go to the Admin center then select Domains
  2. Choose the domain you wish to configure DMARC for
  3. You now need to configure three records – 2x CNAME and 1x TXT

CNAME records (x2)

(this is documented officially by Microsoft here)

Host Name: selector1._domainkey
Value: selector1-yourdomain-suffix._domainkey.defaultdomainname.onmicrosoft.com


Host Name: selector2._domainkey
Value: selector2-yourdomain-suffix._domainkey.defaultdomainname.onmicrosoft.com

(if your domain is foo.com, it needs to be typed as foo-com; your default domain name for Microsoft Office 365 is the one you used at the time of sign up)

TXT record (x1)

(this was the bit that “got” me the most as there are a few variations – the example is confirmed as working)

Host Name: _dmarc
v=DMARC1; p=none; pct=100; rua=mailto:d@rua.agari.com; ruf=mailto:d@ruf.agari.com; fo=1

(Agari is a 3rd party provider who collates information, so I just send reports there)

Once your DNS records are completed, you need to go to the next stage which is in the Exchange Online Admin Center

  1. Go to the Exchange Admin Center
  2. Protection settings then dkim
  3. Select the domain you wish to enable (and also created the DNS entries for)
  4. Click Enable

Per the UI – give it a few minutes to propagate through DNS, then I suggest running the DMARC check tool again to make sure there are no errors.

At this point, if you send a mail with (supported) attachment to your printer, it should work.

Hopefully, this will save you an hour on hold to HP support and another 90 minutes of troubleshooting to get you a working solutions.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s