Enable DKIM on Exchange Online

DKIM is a powerful secure method to validate the authenticity of email messages. When each email is sent, it is signed using a private key and then validated on the receiving mail server (or ISP) using a public key that is in DNS.

Microsoft O365 uses DomainKeys Identified Mail (DKIM) to ensure that the destination email system trusts messages sent outbound from your custom domain through public-key cryptography.

Once you have published the CNAME record in DNS, you are ready to enable DKIM signing through Office 365. You can do this either through the Microsoft 365 Admin Center or by using the PowerShell.

Windows PowerShell needs to be configured to run the script, and by default, it is not. When you try to connect you will get the following error.

“Files can not be loaded because script execution is disabled on this system. Please provide a valid certificate with which to sign files.”

When you do not get an option to enable the DKIM signature from the admin center, then you just need to turn it ON by running the PowerShell command.

All Powershell scripts required, which you install from the Internet, are signed by a trusted publisher. Run the following command in an advanced Windows Powershell window (a Windows PowerShell window that you open by selecting Run as administrator):

On your local computer, open Windows and run the following command.

1) On your local computer, open the Windows powershell and run the following command.

$UserCredential = Get-Credential

In the Windows powershell Credential Request dialog box, type O365 admin id and password, and then click OK.

2) Run the following command.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

To enable the DKIM signing for your custom domain by using the powershell

3) Run the following command:

New-DkimSigningConfig -DomainName abc.com -Enabled $true

Where a domain is the name of the custom domain that you want to enable DKIM signing for

4. Go to protection --> dkim

5. Select the domain for which you want to enable DKIM and then, for the sign message for this domain with the DKIM signature, select Enable. Repeat this step for each custom domain.

Host name:	selector1._domainkey.abc.com
Points to address or value:	selector1-abc-com._domainkey.abc.onmicrosoft.com
TTL:	3600

Host name:	selector2._domainkey.abc.com
Points to address or value:	selector2-abc-com._domainkey.abc.onmicrosoft.com
TTL:	3600

The reason behind the two CNAME records is that Microsoft rotates the two keys for added security.

The Domain which does not use a full stop. ``` but a dash "-" instead. This is taken from the MX record of a custom domain.

Enable DKIM signature

Once you've added the CNAME record (two per domain), the DKIM signature can be enabled using the Office 365 Admin Center or Windows Powershell.

SEE ALSO:

Google Drive Settings- Add Important Files on Priority Basis

SEE ALSO:

Company Branding in Microsoft 365

SEE ALSO:

Google Cloud Storage - Store Business Data Securely

SEE ALSO:

Trendy