Office 365 does not automatically configure DKIM for your custom email domains. In order to get DKIM setup, we’ll need to follow three steps:
- Creating DKIM Keys using Microsoft PowerShell
- Publishing DKIM CNAME Records to your DNS
- Enabling DKIM in your Admin Console
Creating DKIM Keys using Microsoft PowerShell
- Launch “Windows PowerShell ISE” from your start menu
- Paste the following text into PowerShell, replacing <domain> with your actual domain name, and press the green “Run Script” button at the top of the screen.
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -Prefix o365
New-o365DkimSigningConfig -DomainName "<domain>" -Enabled $false
Get-o365DkimSigningConfig -Identity "<domain>" | fl Selector1CNAME, Selector2CNAME
When you click run, a lot of things will happen on the screen. Eventually, you’ll see output that resembles the following:
Your output screen will likely show Warning text, but that’s okay!
Note: PowerShell is a very powerful tool that you should be cautious with. If you are not comfortable with the above, please seek IT support from your administrative staff or consultants.
2. Publishing DKIM CNAME Records to your DNS
Using the output from step 1, we’re ready to create a CNAME record for your domain.
- Log into your DNS Provider (Note: We use Cloudflare in this example, but you may be using GoDaddy, Microsoft, or other providers)
- Add two new CNAME records:
Name: “selector1._domainkey” Value: Selector 1 value from above
Name: “selector2._domainkey” Value: Selector 1 value from above
3. Enabling DKIM in your Admin Console
- Log in to your Office 365 Portal and Navigate to the Admin screen
2. On the left sidebar, navigate to the Exchange admin center
3. In the Exchange admin center, Select protection on the left and DKIM from the top. Highlight the domain you used above, and click “Enable” on the right.
4. After clicking enable, you should be presented with the following
Note: If you followed the instructions above and you still receive a warning like you see below, wait! It can take several hours for your DNS records to be active and detectable by Office 365.
That’s it! Now your domain is configured to sign message headers using DKIM and Office 365!
For more information on this topic please reach out to us; we’re here to help!