Enable DKIM in Office 365

Tutorial on how to Enable DKIM in Office 365

Refer to DKIM – Domain Keys Identified Mail to understand how DKIM works prior continue the steps below

DNS Records for DKIM

Connect to Exchange Online to generate the DKIM records (CNAME) for yongkw.com

$DomainName = "yongkw.com"
New-DkimSigningConfig -DomainName $Domain -Enabled $true

WARNING: The config was created but can't be enabled because the CNAME records aren't published. Publish the following two CNAME records, and then enable the config by using Set-DkimSigningConfig.
selector1-yongkw-com._domainkey.M365x521231.onmicrosoft.com
selector2-yongkw-com._domainkey.M365x521231.onmicrosoft.com

Domain     Enabled
------     -------
yongkw.com False

Add CNAME to DNS Server

Add the following CNAME records to DNS Server

selector1._domainkey CNAME selector1-yongkw-com._domainkey.M365x521231.onmicrosoft.com
selector2._domainkey CNAME selector2-yongkw-com._domainkey.M365x521231.onmicrosoft.com

Enable DKIM in Office 365

Verify that both CNAME are added successfully

Enable DKIM in Office 365

Enable DKIM in Office 365

Enable DKIM in Office 365

$Domain = "yongkw.com"
Set-DkimSigningConfig $Domain -Enabled $true 

Verify DKIM is enabled

Get-DkimSigningConfig

Domain                      Enabled
------                      -------
M365x521231.onmicrosoft.com True   
yongkw.com                  True   

Verify DKIM record

Verify DKIM record is added with nslookup

C:\>nslookup
Default Server:  one.one.one.one
Address:  1.1.1.1

> set type=txt
> selector1-yongkw-com._domainkey.M365x521231.onmicrosoft.com
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
selector1-yongkw-com._domainkey.m365x521231.onmicrosoft.com     text =

        "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxU2BAF9legypielihMjqy/knxeCpB9c/JdNbi4mb+ZmoVVYyb+Ah7dZs+WgRk5lQ5SOHuCZYTl8dXcU5KudTXCtQ8yyQU8J8C4gCoPuJ8QlNc2EUHNKev7FSk/LOlOYcAooofOkyaMwdHOG1LGnU0tqaNc37RguUHxHKt8xDqN/x3djMmdFCgGmkDqFJtXQSG"
        "SXXu/coy2QqKkxkb9he2yLMN42Bq7urP+A0/gFFp82cbYTKEdKI4SYaX2vv6SRudyt6IMtR7uEOyxDcpKONcXAgBErRqCJRjFbZQNXzNdA/fF1ByEa7jHtseUqhuEPhaMEbj3hN5EVvFR8RnnLcRQIDAQAB;"

Verify Outgoing Email is signed with DKIM

Verified the Outgoing Email is signed with DKIM properly

  1. Go to http://dkimvalidator.com/ and send a test Email to the address displayed
  2. Click on view result and verify the DKIM status = PASS

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top