Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions

Enable DKIM in Exchange Online Protection

No items found.

Last year Microsoft announced support for DomainKeys Identified Mail (DKIM) signing for outbound emails in Office 365. If you are wondering what DKIM is, below is an excerpt from Microsoft blog describing what DKIM is in its simplest form.

DKIM permits the person, role or organization, who owns the signing domain, to claim some responsibility for a message by associating the domain with the message. Senders insert a digital signature into the message in the DKIM-Signature header, which receivers then verify. DKIM allows senders to build domain reputation, which is important to ensure email delivery and provides senders a non-spoofable way to identify themselves.

Since this post is about how to use DKIM signing in EOP to protect your outbound emails in Exchange Online, I won’t talk about what DKIM is and what it does. Therefore, to learn more about DKIM, visit or Wikipedia.

In order to enable DKIM signing for outbound emails in your Office 365 subscription, you first need to have a couple of CNAME records added to DNS zones your mail domains. Below is what’s required to be added.

Host NamePoints To Address Or ValueTTL selector1._domainkey selector1-._domainkey. 3600 selector2._domainkey selector2-._domainkey. 3600

If the format in Points To Address Or Value to makes no sense to you, let me break it down to help you further.

Keep in mind that you will have to add above required CNAME records to each vanity domains in Office 365. Once you have configured your DNS records, follow below steps to enable it from the admin portal.

  1. Navigate to Exchange Admin -> protection -> dkim
  2. Select the domain you want to enable DKIM
  3. On the right hand side you’ll see current status of DKIM for selected domain. Click on the Enable link.
  4. In few seconds, you’ll see on the status section that DKIM is now enabled.

That’s how you do it in the admin portal. Let’s see how can those who fancy working with PowerShell achieve this.

Connect to Exchange Online through PowerShell. Run following command.

1 New-DkimSigningConfig –DomainName –Enabled $true

Again, you’ll have to have above required CNAME records to be present in your domain’s DNS zone for above command to work. If the DNS records haven’t configured you’ll see below error. If you have added required DNS records, and if you still receive below error, wait until your changes propagate.


If you received above error either reason I’ve mentioned and now you have corrected them, run below command.

1 Set-DkimSigningConfig -Identity -enabled $true

Hope this post helped you with getting started with DKIM in Office 365.

Recent Blog Posts

lunavi logo alternate white and yellow
Test Automation Best Practices: Balancing Confidence with Efficiency

Automation can instill confidence to release software and improve the team’s ability to create high-quality applications in the fastest and most efficient way possible. Essentially, it eliminates the need to compromise or choose one set of priorities over another. Instead, it allows teams to strike a balance between confidence/coverage and speed/efficiency. But automation isn’t a one-size-fits-all solution.

Learn more
lunavi logo alternate white and yellow
Building Your Cloud Foundation Part 1: Core Configuration & Governance

This first area of focus establishes your cloud policy, or the way your organization consumes and manages cloud resources. Learn how to establish proper scope and mitigate tangible risks through corporate policy and standards.

Learn more
lunavi logo alternate white and yellow
Lunavi Proves Commitment to Channel Partners, Customers with CRN Elite 150

While industry recognition such as the MSP 501 is validating, the most rewarding part of my work in the channel is hearing from partners and their clients about the success they have with these types of engagements.

Learn more