Please follow the below two steps to configure DKIM for the office 365 cloud (recommended values by Microsoft)
- Publish two CNAME records for your custom domain in DNS
- Enable DKIM signing for your custom domain in Office 365
Publish two CNAME records for your custom domain in DNS
For each domain for which you want to add a DKIM signature in DNS, you need to publish two CNAME records. A CNAME record is used by DNS to specify that the canonical name of a domain is an alias for another domain name.
CNAME record Name : selector1._domainkey.<domain>
Record value : selector1-<domainGUID>._domainkey.<initialDomain>
TTL : 3600
CNAME record Name : selector2._domainkey.<domain>
Record value : selector2-<domainGUID>._domainkey.<initialDomain>
TTL : 3600
domainGUID is the same as the domainGUID in the customized MX record for your custom domain that appears before mail.protection.outlook.com. For example, in the following MX record for the domain contoso.com, the domainGUID is contoso-com:
contoso.com. 3600 IN MX 5 contoso-com.mail.protection.outlook.com
initialDomain is the domain that you used when you signed up for Microsoft 365. Initial domains always end in onmicrosoft.com.
Enable DKIM signing for your custom domain in Office 365
Please follow the below steps to enable DKIM signing for your custom domain through the Office 365 admin center.
- Go to https://security.microsoft.com/
- Click on Policies and rules
- Go to Threat policy >> DKIM
- Select domain for which you want to enable the DKIM signing
- Select create DKIM key
- Publish the 2 DNS records (CNAME records) given by Microsoft team in DNS. After verifying DNS records, enable the DKIM signing.