Warmy Blog

Step-by-Step Guide to Set Up DKIM for Microsoft Office 365

Talk with a deliverability expert!

No need to flee, it’s totally free


    Did you know that 91% of all cyber attacks start with a phishing email? This astonishing figure underscores how important strong email security is. DKIM, or DomainKeys Identified Mail, is one of the best defenses against these kinds of attacks since it verifies that emails received from your domain haven’t been altered in transit.

    Securing these conversations becomes not just prudent but necessary in the digital world of today when email communication is fundamental. An important technique used by cybercriminals, email spoofing, is greatly reduced by DKIM, which adds a level of protection that confirms an email has really originated from the domain it claims to represent. This introduction to DKIM will help you protect your communications in an increasingly dangerous digital world by examining its significance in your email security plan and walking you through setting it up for Microsoft Office 365.

    Understanding DKIM

    Email spoofing is one of the security hazards that DomainKeys Identified Mail (DKIM) aims to assist protect against. It provides a means of claiming accountability for a message in a manner that the recipient may verify. DKIM primarily serves to verify for the recipient whether an email claiming to originate from a particular domain was indeed approved by the domain’s owner.

    How DKIM Works

    1. Signing the Email. When an email is sent, it is signed with a private key that is held securely by the sender’s email server. This digital signature is attached to the email’s header and is unique to each email.
    2. Verifying the Signature. The receiving email server then uses the public key, which is published in the DNS (Domain Name System) records of the sender’s domain, to decrypt the signature. By doing this, it can verify the source of the email and that the email has not been altered in transit.
    3. Authentication Result. If the verification is successful, it confirms that the email was sent from the domain it claims to have come from and that its contents haven’t been changed. This outcome is then typically reported to the recipient’s email client, which can influence how incoming emails are handled (e.g., whether the email should be marked as trusted or filtered into spam).

    Importance of DKIM

    By lowering the possibility of getting phoney emails, DKIM installation greatly enhances email communication security. Building confidence with email services that the emails are indeed from the specified sender and not a possible spam source also improves the deliverability of emails. DKIM so helps senders as well as recipients of emails by guaranteeing that their messages are received consistently and are not mistakenly classified as spam. The integrity and dependability of email as a communication medium in the modern digital environment depend on this twin advantage.

    Prerequisites for setting up DKIM in Office 365

    There are a couple requirements you must make sure are met before configuring DKIM for Microsoft Office 365:

    1. Admin Access. DKIM settings cannot be configured without administrative rights in your Office 365 installation.
    2. Domain Setup. Make sure Microsoft 365 has appropriately added and validated your domain. This includes ensuring that the domain is configured to send and receive emails and listing it under your Office 365 account.
    3. DNS Access. You must have access to change the DNS records of the domain you want to set up DKIM for, as DKIM requires CNAME records to work correctly.

    Step-by-step guide to configuring DKIM for Office 365

    A key component of protecting your email interactions with Office 365 is configuring DKIM (DomainKeys Identified Mail), which makes sure that emails sent from your domain are verified and less likely to be flagged as spam. Setting up DKIM for Office 365 is explained in detail here:

    Step 1: Accessing the Office 365 Admin Center

    Begin by logging into your Microsoft 365 admin center. You’ll need administrative privileges to access the required settings. Visit admin.microsoft.com and enter your credentials.

    Step 2: Navigating to the DKIM Configuration Settings

    Once logged into the Microsoft 365 admin center, proceed to the Exchange admin center. You can locate this by going to the admin centers section and selecting Exchange. Within the Exchange admin center, navigate to Protection and then click on dkim. This section allows you to manage and configure DKIM settings for your domains.

    Step 3: Creating DKIM DNS Records for Your Domain

    In the DKIM management section, select the domain for which you want to enable DKIM and choose to create the DKIM keys. The system will generate two CNAME records that you need to publish in your DNS. Here’s an example of what these CNAME records typically look like:

    • Record for Selector 1:

      • Host name (Name/Host/Alias): selector1._domainkey.yourdomain.com
      • Points to (Value/Answer/Destination): selector1-yourdomain-com._domainkey.yourdomain.onmicrosoft.com
    • Record for Selector 2:

      • Host name (Name/Host/Alias): selector2._domainkey.yourdomain.com
      • Points to (Value/Answer/Destination): selector2-yourdomain-com._domainkey.yourdomain.onmicrosoft.com

    These records are crucial as they are used to verify the DKIM signature of outgoing emails from your domain.

    Step 4: Enabling DKIM Signing for Your Emails in Office 365

    Return to the Exchange admin center’s DKIM settings after adding the CNAME records to your DNS. Toggle on the DKIM signing option after choosing the domain. Enabling this function may take some time depending on your DNS provider; make sure the DNS records have propagated before doing so.

    Additional Considerations

    • DNS Propagation. It can take up to 48 hours for DNS changes to propagate fully. Ensure that the DNS records are correct and have propagated before enabling DKIM signing.
    • Verification. Once DKIM is enabled, it’s wise to verify that it is working correctly. You can use various online tools to check the DKIM record.
    • Troubleshooting. If you encounter issues where DKIM isn’t enabled, verify the syntax and presence of your CNAME records in your DNS setup. It’s also possible to check for errors using Microsoft’s support resources or consultation with your DNS provider.

    Verifying DKIM setup

    Using Warmy’s Free Email Deliverability Tool

    The free email deliverability tool from Warmy provides a thorough approach to confirm SPF and DMARC settings in addition to DKIM. This is what to anticipate from utilizing this tool:

    ✅ Warmy verifies the multi-aspects of your domain, including DKIM, SPF, and DMARC configuration. It confirms these records’ existence and accuracy in your DNS configuration.

    ✅ Email Deliverability Insights. The program offers thorough details on your email deliverability, including which of your emails are ending up in spam. This can point up problems that could be hurting the way your emails work.

    ✅ Blacklist Monitoring. Warmy will also look up whether your domain is on any email blacklists, which might have a big negative effect on how delivered your emails are.

    ✅ All-Inclusive Authentication Checks. Learn about additional authentication options that could be affecting the delivery of your emails.

    Using a program like Warmy can give you a thorough picture of your deliverability and security status, enabling you to decide how best to tailor your email campaigns. Your email exchanges can be made far more dependable and secure if DKIM, SPF, and DMARC are configured correctly.

    Troubleshooting common DKIM setup issues

    Troubleshooting common DKIM setup issues involves a few strategic steps to identify and resolve problems that may prevent DKIM from functioning correctly. If you encounter incorrect DNS records, ensure that the DKIM CNAME records are entered accurately according to the guidelines provided by your Office 365 admin center. Misentries are a common mistake and can be rectified by closely reviewing the values specified for your domain.

    In cases where DKIM signatures fail or DNS records delay in propagating, patience is key. DNS changes can take up to 48 hours to propagate fully, so it’s important to wait and periodically check the status using DNS lookup tools. These tools will confirm whether the DKIM records are detectable globally.

    For DKIM signature failures, check whether the emails are being altered post-signature, either in content or format, as this would invalidate the DKIM. Consulting server logs can also offer insights into any errors in the signing process or issues at the recipient’s end. If the problem persists, testing emails with various providers can help determine if the issue is widespread or specific to certain recipients.

    If these steps don’t resolve the issues, consider reaching out to technical support from your DNS or email service provider for more specialized assistance. Sometimes, system dependencies may need updates or security settings might require adjustments to allow DKIM queries to proceed without hindrance.

    By systematically addressing these issues, you can effectively troubleshoot and ensure that your DKIM setup enhances your email security and deliverability.

    email warm up

    While improving the deliverability and security of your emails depends critically on correctly implementing DKIM, that’s only one aspect of the process. Warming up your email is essential to really maximizing the success of your email outreach, particularly for new or seldom used email addresses. Through this procedure, the amount of emails sent is progressively increased, which helps to build a reputation as a reliable sender with Internet Service Providers (ISPs).

    Warmy offers a sophisticated platform to assist with this process. Utilizing Warmy not only streamlines the warm-up phase but also maximizes your email deliverability through intelligent sending practices. This approach minimizes the risk of your emails landing in spam folders, thereby improving overall engagement rates.

    Moreover, Warmy provides additional tools that further aid in securing your email infrastructure. With features like the free SPF and DMARC Record Generator, Warmy helps ensure that your email settings are optimized to meet best practices standards. These tools are essential for maintaining the integrity and reliability of your email communications, making Warmy an invaluable resource for anyone looking to enhance their email strategy comprehensively.

    To explore more about how Warmy can assist in effectively warming up your email and to use their free SPF and DMARC Record Generator, visit their website. This comprehensive approach will ensure your emails not only reach their destination but also produce the desired engagement results.


    Any company trying to enhance its email security and deliverability will find many advantages in setting up DKIM (DomainKeys Identified Mail) in Office 365. Businesses who use DKIM make sure their emails are validated, which lowers the possibility that their messages will be reported as spam. This not only makes their messages more credible but also stops email spoofing—a popular phishing attack strategy—from being utilized on their domain.

    Finally, adding DKIM to Office 365 is a simple but effective way to protect the email ecology of a company. DKIM is essential to preserving the integrity and dependability of email communication since it confirms that emails are actually from the domain they state to be from and have not been altered while in route.

    📜 Related article:

    Scroll to Top