How to Enable and Configure DKIM for Your Domain in Microsoft 365

  • Last updated on March 13, 2024 at 7:41 PM

DomainKeys Identified Mail (DKIM) is an essential email security feature that helps protect email senders and recipients from spam, phishing, and other email-based threats. This guide will walk you through the process of enabling and configuring DKIM for your domain in Microsoft 365, ensuring your email communication remains secure.

Step 1: Access the Microsoft Admin Centers

Begin by navigating to the Microsoft Admin Center. You can directly access the Microsoft 365 Defender portal by visiting https://security.microsoft.com or through the Security Admin Center in the new admin center by selecting "Show All" to reveal all options.

Step 2: Navigate to Policies & Rules

Once in the Microsoft 365 Defender portal, locate the "Email & Collaboration" section and select "Policies & Rules."

Step 3: Access DKIM Settings

Within the "Policies and Rules" section, click on "Threat Policies" followed by selecting "DKIM" under the "Rules" section. For a direct access to the DKIM settings, you can use this link: https://security.microsoft.com/dkimv2.

Step 4: Create DKIM Keys for Your Domain

On the DomainKeys Identified Mail page, select the domain for which you want to enable DKIM and click on the "Create DKIM keys" button.

A popup window will appear with two CNAME records details necessary for the next step.

Step 5: Add CNAME Records for DKIM

Adding CNAME records for DKIM is a crucial step in the process. The approach varies depending on who manages the DNS settings for your domain.

If You Manage Your Own DNS

  1. Log in to your DNS provider's website.
  2. Addthe CNAME records provided on the DKIM page in the Microsoft 365 Defender portal. Ensure the records are configured as follows:
    • Record Type: CNAME (Alias)
    • Host: Paste the values you copied from the DKIM page.
    • Points to Address: Copy the value from the DKIM page.
    • TTL: 3600 (or according to your provider's default settings)

If We Manage Your DNS or Have Delegate Access

If we manage your DNS settings or have delegate access to your account, you'll need to provide us with the DKIM CNAME record details.

  1. Send us an email with the CNAME records details you obtained from the DKIM page.
  2. We will add the CNAME records for you. Once the records are added, we will contact you to confirm the changes.
  3. Verify the DNS update with us. It's important that you confirm the addition of the DNS records to ensure DKIM is correctly enabled for your domain.

Step 6: Enable DKIM in Microsoft 365

After ensuring the CNAME records are added correctly to your DNS:

  1. Return to the DKIM page in the Microsoft 365 Defender portal.
  2. Enable DKIM for your domain.

Note: If you encounter a "CNAME record doesn't exist" error, it could be due to DNS synchronization delays, which can vary from a few seconds to several hours. If the problem persists, please repeat the verification steps or contact us for assistance.

Verifying DKIM Configuration

Once DKIM is enabled, it's important to verify that it is configured correctly to secure your email communications effectively.