How to enable DKIM for Office 365 Domain

Updated 3 years ago by Laura Goepel

Create 2 CNAME records for custom domain in DNS

  1. You need to add 2 CNAME entries for any domain you want to add DKIM signing for.
  2. Use the following CNAME records:
    1. Host name: selector1._domainkey
      Points to address or value: selector1-<domainGUID>._domainkey.<initialDomain>
      TTL: 3600
      Host name: selector2._domainkey
      Points to address or value: selector2-<domainGUID>._domainkey.<initialDomain>
      TTL: 3600
  3. In the example above:
    • For Microsoft 365, the selectors will always be "selector1" or "selector2".
    • domainGUID is the same as the domainGUID in the customized MX record for your custom domain that appears before mail.protection.outlook.com. For example, in the following MX record for the domain goingipo.com, the domainGUID is goingipo-com:

      goingipo.com. 3600 IN MX 5 goingipo-com.mail.protection.outlook.com

    • initialDomain is the domain that you used when you signed up for Microsoft 365.
  4. For example, if you have an initial domain of goingipo.onmicrosoft.com, and a custom domain goingipo.com, you would need to set up two CNAME records for the additional domain:
    Host name: selector1._domainkey
    Points to address or value: selector1-goingipo-com._domainkey.goingipo.onmicrosoft.com
    TTL: 3600
    Host name: selector2._domainkey
    Points to address or value: selector2-goingipo-com._domainkey.goingipo.onmicrosoft.com
    TTL: 3600

Enabling DKIM Signing in O365 for domain

  1. In the Office 365 Admin center, select Exchange
    1. Screen Shot 2020-05-25 at 10.30.49 AM
  2. Go to protection-> dkim
    1. Screen Shot 2020-05-25 at 10.31.02 AM
    2. Screen Shot 2020-05-25 at 10.31.09 AM
  3. Click on the domain for which you'd like to enable DKIM.  For Sign messages for this domain, click "Enable."
    1. Screen Shot 2020-05-25 at 10.35.19 AM


How did we do?