Chat +1-888-563-5277 Contact sales

Microsoft 365 SPF and DKIM Configuration: step by step

Our informative post will help you find out how you can setup Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures on your Microsoft 365 email to eliminate spam from your domain and increase security.

Microsoft requires you to configure the following DNS records for your domain: Microsoft 365 SPF and DKIM.

SPF records allow receiving servers to check whether an email with the specified source domain was actually sent from a server authorized by the owner of this domain.

DKIM adds a digital signature to each message. This allows the receiving server to check if the message has been sent from an authorized sender, faked or changed upon delivery.

Setting up an SPF Record

In order to authorize Microsoft 365 to send emails on your domain behalf, you will need to create or update your SPF Record which includes the following mechanism: include:spf.protection.outlook.com 

You can achieve this easily with our SPF Record Generator tool; here are the steps:

  1. Generate a new SPF Record with authorizing Microsoft 365

SPF-For-Microsoft365-Office365-EasyDMARC

2. Copy the newly generated SPF Record

3. Update your DNS TXT Record for SPF at your domain provider (We will show examples with GoDaddy and Cloudflare)

E.g GoDaddy

SPF-For-Microsoft365-Office365-EasyDMARC-GoDaddy-TXT

E.g Cloudflare

SPF-For-Microsoft365-Office365-EasyDMARC-Cloudflare-TXT

4. Click Save

Important Note: Make sure you don’t create multiple SPF TXT records on one domain. If you do, SPF will return a PermError.

If you are using multiple IPs, ESPs, Third-Party services for your various email strategies, you should include them in a single SPF Record.

E.g v=spf1 ip4:17.67.137.221 include:spf.protection.outlook.com include:thirdpartyservice.com ~all

Configuring DKIM for Microsoft 365

  1. Choose Admin from your Office365 portal

Exchange-Admin-DKIM-Authentication

2. In the Admin Center, choose ‘Exchange’

3. Go to protection -> DKIM

Exchange-Admin-DKIM-Authentication

Note: For the New Exchange Admin Center go to Email & Collaboration > Policies & Rules > Threat policies page > Rules section > DKIM. Or, to go directly to the DKIM page, use https://security.microsoft.com/dkimv2

microsoft 365 new exchange portal

4. Create CNAME Records

Host name: selector1._domainkey

Points to address or value: selector1-<domainGUID>._domainkey.<initialDomain>

TTL: 3600

Host name: selector2._domainkey

Points to address or value: selector2-<domainGUID>._domainkey.<initialDomain>

TTL:  3600

Important Notes:

  • <domainGUID> is in the MX record for your custom domain that appears before mail.protection.outlook.com. For example, in the following MX record for the domain company.com, the domainGUID is company-com:

company.com. 3600 IN MX 0 company-com.mail.protection.outlook.com

  • <initialDomain> is the domain that you used when you signed up for Microsoft 365. Initial domains always end in onmicrosoft.com

For example, if you have an initial domain of company.onmicrosoft.com, and a custom domain “company.com”, you will need to add CNAME Records as:

Host name: selector1._domainkey

Points to address or value: selector1-company-com._domainkey.company.onmicrosoft.com

TTL: 3600

 

Host name: selector2._domainkey

Points to address or value: selector2-company-com._domainkey.company.onmicrosoft.com

TTL:  3600

5. Add CNAME Records in your DNS Zone

6. Select the domain that you want to authenticate, and click Enable

Classic Exchange:

Exchange-Admin-Microsoft365-Office365-Outlook-DKIM-Authentication

Microsoft 365 Defender portal:

microsoft 365 defender portal

7. After successful implementation, you should see:

Exchange-Admin-Microsoft365-Office365-Outlook-DKIM-Authentication


Congrats, you now successfully authenticated your outgoing mail stream from Office365 with SPF and DKIM. 

Your Guide to Data Breach Response

Your Guide to Data Breach Response

Data breaches have become more prominent in number and impact. That’s why a quick...

Read More
iOS 15 and Effects on Email Campaigns

iOS 15 and Effects on Email Campaigns

iOS 15 is the recent Apple operating system update that includes major changes for...

Read More
Mailchimp Authentication Setup: Step by Step

Mailchimp Authentication Setup: Step by Step

Mailchimp is an automated email marketing platform that’s used by businesses to reach their...

Read More
×