Last year Microsoft announced support for DomainKeys Identified Mail (DKIM) signing for outbound emails in Office 365. If you are wondering what DKIM is, below is an excerpt from Microsoft blog describing what DKIM is in its simplest form.
DKIM permits the person, role or organization, who owns the signing domain, to claim some responsibility for a message by associating the domain with the message. Senders insert a digital signature into the message in the DKIM-Signature header, which receivers then verify. DKIM allows senders to build domain reputation, which is important to ensure email delivery and provides senders a non-spoofable way to identify themselves.
Since this post is about how to use DKIM signing in EOP to protect your outbound emails in Exchange Online, I won’t talk about what DKIM is and what it does. Therefore, to learn more about DKIM, visit dkim.org or Wikipedia.
In order to enable DKIM signing for outbound emails in your Office 365 subscription, you first need to have a couple of CNAME records added to DNS zones your mail domains. Below is what’s required to be added.
|Host Name||Points To Address Or Value||TTL|
Keep in mind that you will have to add above required CNAME records to each vanity domains in Office 365. Once you have configured your DNS records, follow below steps to enable it from the admin portal.
That’s how you do it in the admin portal. Let’s see how can those who fancy working with PowerShell achieve this.
Connect to Exchange Online through PowerShell. Run following command.
Again, you’ll have to have above required CNAME records to be present in your domain’s DNS zone for above command to work. If the DNS records haven’t configured you’ll see below error. If you have added required DNS records, and if you still receive below error, wait until your changes propagate.
If you received above error either reason I’ve mentioned and now you have corrected them, run below command.
Hope this post helped you with getting started with DKIM in Office 365.