Office 365 / Exchange Online – DKIM Config


If you’re using Exchange Online for hosting your e-mail, and using a custom domain, you should probably check and see if you have DomainKeys Identified Mail (DKIM) configured.

DKIM is a configuration that allows a receiving domain to verify that an e-mail was sent from an authorized user and domain and was not modified in transit.

By default Office 365 / Exchange Online enables DKIM for self hosted domains (things like, but that doesn’t transition over to your primary or vanity domains… so for example, my domain, did not have DKIM enabled, but my registration domain, was enabled.

To learn some more about DKIM on Office 365, check out this TechNet article, learn more about DKIM.

To access the DKIM settings for your account, you need to open Exchange Admin from the Office 365 Admin portal, this can be accessed from the Admin Centers menu options.


Once open, you can access the DKIM settings by clicking on Protection then DKIM.


DNS Configuration

If you just click on “enable” you will get an error message letting you know that you need to add some DNS records. So before you try to enable DKIM, you need to go into your domain DNS management and add a couple of CNAME records. Once they are entered, you need to give it about 5-minutes, then you should be able to enable DKIM for the domain. (This is dependent on your DNS management, some changes might take longer.)

The two records you need to add should look like this (you would replace santsys-com, with your domain, and with whatever your primary domain was):

  • Record 1
    • Host: selector1._domainkey
    • Points To:
    • TTL: 1-Hour
  • Record 2
    • Host: selector2._domainkey
    • Points To:
    • TTL: 1-Hour


Once all of that is enabled, you will see DKIM results in you e-mails headers, and in places like GMail you will see Mailed By and Signed By. This verifies that messages sent by you were not modified during transit.

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=domain;

Once all that is setup and working, e-mails you send will be verified. This helps limit things like phishing scams and other sorts of email spam.

Leave a Reply

Your email address will not be published. Required fields are marked *