DKIM (DomainKeys Identified Mail) is an email authentication method that helps verify the legitimacy of the senders domain and ensures that the email content has not been altered during transit. DKIM digital signatures are added to outgoing emails, allowing receiving servers to validate the messages origin and integrity, reducing the risk of email spoofing and phishing. When you enable DKIM Office 365, it helps improve your email security and deliverability, allowing recipients email servers to verify the messages authenticity and prevent forgery or tampering, reducing the risk of phishing attacks. Moreover, when combined with DMARC, DKIM improves the chances of your legitimate emails reaching the recipients inbox instead of being marked as spam or rejected by email filters. Steps to Enable DKIM Office 365 for Your Emails Note: The DKIM Office 365 configuration was previously carried out using the O365 Exchange Online portal. However, with underway improvements pertaining to Microsoft’s security processes, the Office 365 DKIM configuration process has been up and moved to the Microsoft 365 Defender portal. Please note that if you use default.onmicrosoft.com to send your emails or a single custom domain, you don’t need to manually set up DKIM Office 365 as Microsoft will sign your emails with 2048-bit DKIM keys by default. It is only when you have multiple domains registered on Office 365 is when you can use the steps below to configure Office 365 DKIM signatures. 1. Log into Defender Portal Login to your Defender account. You can use the link provided above. On the portal, navigate and click on Policies & Rules under Email & Collaboration On the Policies & Rules page, select Threat Policies 2. Create your DKIM keys Now select DomainKeys Identified Mail(DKIM) to open the DKIM page On the DKIM page, select the domain you want to enable DKIM for (this is the domain you use to send outbound messages) You can now toggle the Enable button to start the activation process for DKIM. A dialogue box will appear which may contain the following status. Simply click on the Create DKIM keys button to view your keys: 3. Copy the DKIM CNAME records A pop-up will now display your DKIM CNAME records Click on the blue “Copy” button to copy records to your clipboard How to publish Office 365 DKIM records in Your DNS? Login to your DNS provider’s management console Navigate to the DNS records section Create new CNAME records (Record type: CNAME) Paste the copied hostnames and values, as provided on the Defender portal Keep TTL as 3600 Save changes to your record and wait for 24-48 hours for your DNS to process these changes Note: The process for publishing DNS records varies depending on which DNS hosting provider you use. The time it takes to activate the records also depends on the same. The processes for a few of the major providers are linked below: GoDaddy Amazon Web Services(AWS) Cloudflare cPanel Enabling Microsoft Office 365 DKIM keys on your Defender account After you are done publishing the records on your DNS, head back to the DKIM page on your Defender portal and toggle the “Enable” option. DKIM couldn’t be enabled: CNAME records were not found If an error persists and DKIM couldn’t be enabled for your domain on Microsoft’s Defender portal, follow these steps: Lookup your published DKIM record using our DKIM record lookup tool to see if it is valid and error-free Your DNS might be taking some time to save changes. Wait for at least 48 hours before verifying your setup. Cross-check your DKIM record’s syntax to ensure there are no inconsistencies like redundant spaces or special characters Get in touch with your DNS hosting provider to discuss the issue Get in touch with Microsoft’s support team to seek advice on the same How to Configure Office 365 DKIM using Powershell? You can use Powershell to create and setup DKIM for office 365 domains using Powershell, especially if you want to enable it for multiple domains. To do so: 1. Connect to Exchange online 2. Extract your Office 365 DKIM selectors by running the following script: 3. Add the CNAME records provided to your by Office 365 to your DNS 4. Run the following command to enable DKIM for the domain: How to check DKIM Office 365 records? You can check your Office 365 DKIM record with PowerDMARC. 1. Sign-up with PowerDMARC for free Create a free account on PowerDMARC to access the portal 2. Go to Powertoolbox > DKIM record lookup On the left side navigation bar, click on Analysis tools > Powertoolbox > DKIM record lookup 3. Enter your domain name and DKIM selector You can manually enter your selector name or keep the “auto” mode turned on to let our technology automatically detect your selector. 4. Click on Lookup to check your record Once you click on the lookup button, you can check your office 365 DKIM record’s validity status and configured tags as shown below: How to disable DKIM for Office 365? You can disable DKIM for Office 365 with a single click on the Defender portal. Simply head to Email & collaboration > Policies & rules > Threat policies > DomainKeys Identified Mail(DKIM) On the DKIM page toggle the “Enable” button to disable the protocol. Note: DKIM verification can help you better authenticate messages during special cases like email forwarding where SPF may fail. Keeping DKIM enabled for your domains is considered a good email practice and is highly recommended by both Microsoft, and us. Other related articles Microsoft Office 365 SPF setup Microsoft Office 365 DMARC setup Hope this article was helpful to you! Are you new to email authentication and DMARC? Take a free DMARC trial to weigh out your benefits today.
Microsoft’s Exchange servers are mail servers and calendering servers developed by Microsoft. The on-prem exchange servers refer to the ones that are established locally (offline). Microsoft’s on-prem exchange servers do not currently support DKIM signing
zum Artikel gehenOwners of SPF-enabled domains often use Gmail to monitor authentication results to ensure their SPF records are non-erroneous and have been set to the correct configurations. Gmail often returns an SPF Best Guess status when it is unable to find a publish
zum Artikel gehenA widely adopted method for email authentication is DomainKeys Identified Mail (DKIM) which allows email recipients to verify that the senders domain has authorized the email and that it hasnt been tampered with during transit. While RSA signatures have b
zum Artikel gehenMicrosoft consumer mailboxes (like Hotmail, Outlook, Live, and MSN) have strict spam filters, making it difficult for senders (even legitimate ones) to have their emails always land in the desired recipients’ mailboxes. Microsoft is harsh towards illegit
zum Artikel gehenVMC stands for Verified Mark Certificate, a digital certificate issued by trademark registration offices. These are bodies that authorize and verify logo ownership. A VMC indicates that you are the legal owner of your brand’s logo, and its forgery by a ma
zum Artikel gehen