We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
LEARN MORE
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
7
19
2017
3.1.2023

Enable DKIM in Exchange Online Protection

Last updated:
9.16.2020
3.1.2023
No items found.

Last year Microsoft announced support for DomainKeys Identified Mail (DKIM) signing for outbound emails in Office 365. If you are wondering what DKIM is, below is an excerpt from Microsoft blog describing what DKIM is in its simplest form.

DKIM permits the person, role or organization, who owns the signing domain, to claim some responsibility for a message by associating the domain with the message. Senders insert a digital signature into the message in the DKIM-Signature header, which receivers then verify. DKIM allows senders to build domain reputation, which is important to ensure email delivery and provides senders a non-spoofable way to identify themselves.

Since this post is about how to use DKIM signing in EOP to protect your outbound emails in Exchange Online, I won’t talk about what DKIM is and what it does. Therefore, to learn more about DKIM, visit dkim.org or Wikipedia.

In order to enable DKIM signing for outbound emails in your Office 365 subscription, you first need to have a couple of CNAME records added to DNS zones your mail domains. Below is what’s required to be added.

Host NamePoints To Address Or ValueTTL selector1._domainkey selector1-._domainkey. 3600 selector2._domainkey selector2-._domainkey. 3600

If the format in Points To Address Or Value to makes no sense to you, let me break it down to help you further.

Keep in mind that you will have to add above required CNAME records to each vanity domains in Office 365. Once you have configured your DNS records, follow below steps to enable it from the admin portal.

  1. Navigate to Exchange Admin -> protection -> dkim
  2. Select the domain you want to enable DKIM
  3. On the right hand side you’ll see current status of DKIM for selected domain. Click on the Enable link.
  4. In few seconds, you’ll see on the status section that DKIM is now enabled.

That’s how you do it in the admin portal. Let’s see how can those who fancy working with PowerShell achieve this.

Connect to Exchange Online through PowerShell. Run following command.

1 New-DkimSigningConfig –DomainName –Enabled $true

Again, you’ll have to have above required CNAME records to be present in your domain’s DNS zone for above command to work. If the DNS records haven’t configured you’ll see below error. If you have added required DNS records, and if you still receive below error, wait until your changes propagate.

 

If you received above error either reason I’ve mentioned and now you have corrected them, run below command.

1 Set-DkimSigningConfig -Identity -enabled $true

Hope this post helped you with getting started with DKIM in Office 365.

Recent Blog Posts

lunavi logo alternate white and yellow
3.27.2024
03
.
27
.
2024
Utilizing Bicep Parameter Files with ALZ-Bicep

Ready to achieve more efficient Azure Deployments? You can use Bicep parameters instead of JSON which opens new opportunities for deployment. Let Lunavi expert, Joe Thompson, show you how.

Learn more
lunavi logo alternate white and yellow
3.26.2024
03
.
04
.
2024
Anticipating Surges in Cyber Attacks and Bolstering Your InfoSec Defenses in 2024

Learn how to navigate 2024 with the right InfoSec defenses to protect your organization against a rising number of cyber attacks.

Learn more
lunavi logo alternate white and yellow
3.26.2024
01
.
03
.
2024
Microsoft Copilot is Re-Shaping the Innovation Frontier

Microsoft 365 Copilot has been released, and it's changing the way we work. More than OpenAI or ChatGPT, read how Copilot can seamlessly integrate with your workflow.

Learn more