Publishing DMARC Records After Setting Up DKIM Office 365
How to enable DKIM Office 365 for complete protection.
DomainKeys Identified Mail (DKIM) is one of the most relied upon email security standards today. With the help of SPF, DMARC, and DKIM, Office 365 users can secure their email communications and prevent the clients from becoming victims of spam, spoofing, and phishing.
Table of Contents
Setting Up The DKIM – Office 365
Firstly, since it involves authorizing Microsoft to send emails on the domain’s behalf, there is a need to edit the SPF record to include:spf.protection.outlook.com.
Office 365 DKIM requires publishing two CNAME records for each domain in the DNS that needs a DKIM signature. Follow the example below:
| Host name | selector1._domainkey |
| Points to address or value | selector1-<domainGUID>._domainkey.<initialDomain> |
| TTL | 3600 |
| Host name | selector2._domainkey |
| Points to address or value | selector2-<domainGUID>._domainkey.<initialDomain> |
| TTL | 3600 |
Following the above example:
- The selectors will always be ‘selector1’ and ‘selector2’ for Office 365.
- DomainGUID corresponds to the MX record of the custom domain.
- initialDomain refers to the domain used to sign up for Office 365 and always ends in onmicrosoft.com.
For example, if the initialDomain is example.com, then the ‘Point to address or value’ would be:
selector1-example-com._domainkey.example.onmicrosoft.com
How To Enable DKIM Office 365?
Having published the CNAME records in the DNS, one can now enable DKIM signing. Enabling DKIM can be done by logging in to the Office 365 admin center.
Depending on which Microsoft portal in use, one can enable DKIM via either of the following options:
- protection.office.com: Navigate through Threat Management > Policy > Additional Policies > DKIM
- security.microsoft.com: Navigate through Email & Collaboration > Policies & rules > Threat policies > Additional policies > DKIM
Select the domain for which to enable DKIM. Enable the option Sign messages for this domain with DKIM signatures.
Additional: How To Setup DMARC Office 365
Since the implementation of SPF and DKIM alone is not sufficient for reliable email delivery, one also needs, in addition, to have DMARC records published. The following steps will help set up DMARC:
- Log in to Office 365 Admin Center.
- In Settings, select Domains.
- If already present, select the Office 365 domain or create the desired Office 365 domain and then select it.
- For the selected domain, if there is already a _dmarc record, edit it. There should be only one _dmarc record in the DNS zone.
- If needed to create a new _dmarc record, it is possible to automate the process with a DMARC record generator.
- Finally, paste the generated text to the _dmarc TXT record.
Final Words
Setting up DKIM Office 365 and DMARC records can be easily accomplished by following the above guide. Once set up, the user can be confident that the business emails from the organization are protected from spam, spoofing, and phishing. The reader can find additional authentic information for setting it up on the official Microsoft web page.
Join the thousands of organizations that use DuoCircle
Find out how affordable it is for your organization today and be pleasantly surprised.
Interested in our Partner Program for MSPs and VARs? Visit Our MSP Partner Program.