DKIM setup for office365

DKIM setup for office365

Steps to Add DKIM in Microsoft 365

  1. Log in to Microsoft 365 Admin Center
    👉https://admin.microsoft.com

    Sign in with Global Admin or Exchange Admin credentials.

  2. Go to Defender Portal
    Navigate to:
    Admin centersSecurity
    or directly open:
    https://security.microsoft.com

  3. Open DKIM Settings
    Go to:
    Email & collaborationPolicies & rulesThreat policiesDKIM

  4. Select Your Domain

    • Choose the domain for which you want to enable DKIM

    • Click on the domain name

  5. Create DKIM DNS Records

    • Microsoft will show two CNAME records:

    • Record 1

      • Host / Name: selector1._domainkey.yourdomain.com

      • Type: CNAME

      • Value / Points to: selector1-yourdomain-com._domainkey.yourtenant.onmicrosoft.com

      Record 2

      • Host / Name: selector2._domainkey.yourdomain.com

      • Type: CNAME

      • Value / Points to: selector2-yourdomain-com._domainkey.yourtenant.onmicrosoft.com

    • Copy these records

  6. Add CNAME Records in DNS

    • Log in to your DNS hosting provider

    • Add both CNAME records exactly as provided by Microsoft

    • Save the changes

  7. Wait for DNS Propagation

    • DNS propagation can take a few minutes up to 24 hours

  8. Enable DKIM

    • Return to the DKIM page in Microsoft Defender

    • Select the domain

    • Click Enable

  9. Verify DKIM Status

    • Once enabled, DKIM status will show as Enabled for the domain in your MS admin panel.

    • You can validate using email headers or DKIM lookup tools.

 

Please pay close attention to the domainGUID which does not use a full stop "." but a hyphen "-" instead. This is taken from the MX record of your custom domain, in this case, aby.com

 

The CNAME record value syntax will also show up when you click on Enable DKIM from your Exchange admin center: 

 

The reason behind the two CNAME records is because Microsoft rotates the two keys for added security.

 

Enabling DKIM signing

Once you have added the CNAME records (two per domain) DKIM signing can be enabled through the Office 365 admin center. 

 

For more information, refer to this article.



    • Related Articles

    • DKIM Setup for Amazon SES

      When you set up Easy DKIM for an identity, Amazon SES automatically adds a 1024-bit DKIM key to every email that you send from that identity. You can configure Easy DKIM by using the Amazon SES console, or by using the API. When you successfully ...

    • How to setup DKIM for SendGrid?

      Enabling DKIM for Sendgrid  In order to enable DKIM for SendGrid go through the following steps: Login to your SendGrid account Go to Settings > Sender Authentication > Authenticate Your Domain by clicking on Get Started Now choose your DNS Host ...

    • How to setup DKIM for Salesforce?

      If you want to allow Salesforce to send email on behalf of your domain, setting up DKIM in your DNS is essential. Your email deliverability is directly impacted in case you skip the process of configuring DKIM. Moreover, the chances of your email ...

    • How to setup DKIM for Zoho Mail?

      This article will be covering the steps to successfully setup DKIM for Zoho Mail. Setting up DKIM for Zoho will significantly improve the domain reputation among ISPs. The authentication method also aims to offer a secure email channel for ...

    • How to setup DKIM for MailChimp?

      The articles take you through the step-by-step process to configure DKIM for emails sent from your domain via MailChimp. The advantages of doing so are as follows:  It helps your emails to appear to come from your domain instead of MailChimp This ...