How to set up DKIM for Office365?

DomainKeys Identified Mail, or DKIM, is an email authentication protocol that helps defend phishing, email spoofing, spamming and other email-based cyber attacks. It verifies and validates the email, and lets the recipient know that the email originated from a particular organization. This way, no malicious group or individual can impersonate the organization and send emails on its behalf.

For detailed information on DomainKeys Identified Mail, read more on What is DKIM?

Steps to Set Up DKIM on Office365/Exchange

  1. Sign in to your admin account and select ‘Admin on the Office365 Admin window.

  2. In the ‘Admin Center, choose ‘Exchange.

  3. Go to ‘protection > dkim.

  4. Pick the domain for which you want to set up DKIM and click on ‘Enable

Steps to Publish CNAME Records for Your Custom Domain

In Office365, you will need to create two CNAME records to navigate your initial domain.

For example, let’s use as our initial domain, also known as the tenant domain. We actually own and after we provide it to Office 365, we need to publish the CNAME records so that points to using the format as shown. In this example, the CNAME DNS records will look like this:



Host: selector1._domainkey



Host: selector2._domainkey


Considering the rules, the domain GUID does not use a full stop “.” but a hyphen “-” instead. This is taken from the MX record of your custom domain, in this case,

Steps to Enable DKIM Signing for Your Custom Domain

  • Open the Microsoft 365 Defender portal using the work or school account.
  • Go to ‘Email & Collaboration > Policies & Rules > Threat policies page > Rules section > DKIM.
  • On the DKIM page, choose the domain by clicking on the name.
  • Change the ‘Sign’ messages for this domain and change the ‘DKIM Signature setting’ to ‘Enabled.

Click ‘Rotate DKIM keys and you’re done.

Comments are closed.

Google & Yahoo’s new bulk email sender requirements coming live on February 1, 2024. Are you ready?