Select Page

This turned out to be really simple; and there are some really good tools and docs at https://dmarcian.com/

  • set up DKIM DNS records
    • CNAME selector1._domainkey –> selector1-{domain}._domainkey.{office365domain}.onmicrosoft.com
    • CNAME selector2._domainkey –> selector2-{domain}._domainkey.{office365domain}.onmicrosoft.com
  • set up DMARC DNS records
    • TXT _dmarc –> correct DMARC policy

Then enable DKIM signing in the Defender portal https://security.microsoft.com

Email and Collaboration –> Policies and Rules –> Threat Policies –> Email Authentication settings

  • select the domain, click on “sign messages for this domain with DKIM signatures”

It might take a while for the DNS records to propagate.

Finally test the DMARC and DKIM settings, I used the DMARC Record Checker https://dmarcian.com/domain-checker

If you end up looking to use DMARC reporting, and sending to a third party/alternate domain – you also need to set up DNS records in the receiving domain:

  • set up External Domain Verification (EDV) records in DNS
    • TXT {domain}._report._dmarc –> v=DMARC1