Enable DKIM signing for your custom domain in Microsoft Office 365 exchange online

Please follow the below two steps to configure DKIM for the office 365 cloud (recommended values by Microsoft)

  • Publish two CNAME records for your custom domain in DNS
  • Enable DKIM signing for your custom domain in Office 365

Publish two CNAME records for your custom domain in DNS

For each domain for which you want to add a DKIM signature in DNS, you need to publish two CNAME records. A CNAME record is used by DNS to specify that the canonical name of a domain is an alias for another domain name.

CNAME record Name     :        selector1._domainkey.<domain>

Record value                     :       selector1-<domainGUID>._domainkey.<initialDomain>

TTL                                        :       3600

 

 

CNAME record Name     :        selector2._domainkey.<domain>

Record value                     :       selector2-<domainGUID>._domainkey.<initialDomain>

TTL                                        :       3600

 

domainGUID is the same as the domainGUID in the customized MX record for your custom domain that appears before mail.protection.outlook.com. For example, in the following MX record for the domain contoso.com, the domainGUID is contoso-com:

contoso.com. 3600 IN MX 5 contoso-com.mail.protection.outlook.com

initialDomain is the domain that you used when you signed up for Microsoft 365. Initial domains always end in onmicrosoft.com.

 

Enable DKIM signing for your custom domain in Office 365

Please follow the below steps to enable DKIM signing for your custom domain through the Office 365 admin center.

  1. Go to https://security.microsoft.com/
  2. Click on Policies and rules
  3. Go to Threat policy >> DKIM
  4. Select domain for which you want to enable the DKIM signing
  5. Select create DKIM key
  6. Publish the 2 DNS records (CNAME records) given by Microsoft team in DNS. After verifying DNS records, enable the DKIM signing.