DomainKeys Identified Mail, or DKIM, is an email authentication protocol that helps defend phishing, email spoofing, spamming and other email-based cyber attacks. It verifies and validates the email, and lets the recipient know that the email originated from a particular organization. This way, no malicious group or individual can impersonate the organization and send emails on its behalf.
For detailed information on DomainKeys Identified Mail, read more on What is DKIM?
Steps to Set Up DKIM on Office365/Exchange
- Sign in to your admin account and select ‘Admin’ on the Office365 Admin window.
- In the ‘Admin Center’, choose ‘Exchange’.
- Go to ‘protection > dkim’.
- Pick the domain for which you want to set up DKIM and click on ‘Enable’.
Steps to Publish CNAME Records for Your Custom Domain
In Office365, you will need to create two CNAME records to navigate your initial domain.
For example, let’s use emailauth.onmicrosoft.com as our initial domain, also known as the tenant domain. We actually own emailauth.com and after we provide it to Office 365, we need to publish the CNAME records so that emailauth.io points to emailauth.onmicrosoft.com using the format as shown. In this example, the CNAME DNS records will look like this:
Considering the rules, the domain GUID does not use a full stop “.” but a hyphen “-” instead. This is taken from the MX record of your custom domain, in this case, emailauth.com.
Steps to Enable DKIM Signing for Your Custom Domain
- Open the Microsoft 365 Defender portal using the work or school account.
- Go to ‘Email & Collaboration > Policies & Rules > Threat policies page > Rules section > DKIM’.
- On the DKIM page, choose the domain by clicking on the name.
- Change the ‘Sign’ messages for this domain and change the ‘DKIM Signature setting’ to ‘Enabled’.
Click ‘Rotate DKIM keys’ and you’re done.