Technical setup

How to Set Up a DKIM Record for Office 365 - Step-by-Step Guide

April 16, 2024
7 min.

Setting up a DKIM for Office 365 can help you land in your audience’s inbox. 📩

DKIM, short for DomainKeys Identified Mail, is an email authentication method that can be used with your Office 365 account.

It verifies the legitimacy of the sender’s domain and ensures the email’s content hasn’t been tampered with.

DKIM adds digital signatures to emails, which allows receiving servers to validate the message. The signature uses a private key that’s unique to your domain.

An email server can then employ the public key published in your domain’s DNS records to validate the signature.

If it’s valid, the server then “knows” the email indeed came from your domain and isn’t a spoofed email.

The best part?

In combination with DMARC, DKIM significantly increases the chances of reaching the recipient's inbox and avoiding your emails being incorrectly flagged as spam or rejected by email filters.

DKIM - Why You Should Care ❓

This is why you should set up a DKIM record for Office 365:

  1. To prevent spoofing and phishing attacks: Spoofing is when unauthorized senders use your domain to send their fraudulent emails. Criminals use email spoofing to launch phishing attacks, emails that mimic legitimate sources like your bank. DKIM plays a crucial role in preventing these cyber crimes.
  2. To improve email deliverability: If you don’t have your DKIM records set up, email servers may reject your emails. With DKIM in place, more of your emails will land in the inbox.

Setting Up DKIM in Office 365 🗒️

To set up DKIM in Office 365, you need to go to the Microsoft 365 Defender portal

  1. Sign in to your Defender account
  2. Inside the portal, select Policies & regulations in the Email & Collaboration section
  3. On the Policies & Rules page, click on Threat policies
  4. Now select DomainKeys Identified Mail (DKIM)
  5. Choose the domain for which you want to enable DKIM. This is your sending domain.
  6. Toggle the enable button to start the process
  7. Click the Create DKIM keys button
  8. You should now be able to see your DKIM CNAME records in the pop-up window; click copy to copy them to your clipboard

Now it’s time to visit your domain provider’s DNS settings. The procedure may vary for different domain providers but the steps will be similar to the ones below:

  1. Log in to your domain provider’s account
  2. Go to the DNS records section
  3. Create a new CNAME record
  4. Now paste the values into the record
  5. Leave TTL at 3600
  6. Click save
  7. Wait for up to 48 hours for your DKIM record to propagate. Use a DNS Checker like lemwarm’s DNS Checks to verify your DKIM.

Finally, return to the Defender portal page to toggle the enable button.

DKIM Errors

If after 48 hours have passed, your DKIM still couldn’t be activated, you need to double-check your DKIM record.

Did you copy and paste it correctly? Did you add extra spaces? Go through everything meticulously and ensure your DKIM is correct.

If nothing works, contact your domain provider.

Disabling DKIM in Office 365

Should anything go wrong, you can always disable DKIM in Office 365 with a single click.

Go back to the Threat Policies (DKIM) page and click on “enable” to actually disable DKIM.

Completing the Rest of Your Technical Setup

Having your technical setup on point is a massive help toward landing in the inbox.

But DKIM isn’t the only part of your technical setup.

Do not forget to set up the following components:

Additionally, if your sending domain is new, you must warm up your email.

Warming it up manually is a tedious process. Let lemwarm do the hard work for you!

lemwarm is designed to warm up your email gradually so that your sender reputation grows.

Once set up, it runs 100% on autopilot.


What you should look at next

Send emails that actually get delivered with lemwar...