How To Setup DKIM, SPF And DMARC For Microsoft?

Hi there! 👋

Do you want to set up DKIM, SPF, and DMARC for Microsoft 🤔? Here's a step-by-step guide for your assistance,

Let us begin by setting up SPF - Sender Policy Framework,

1️⃣ Visit your domain administrator's website. Go to DNS management or settings.

2️⃣ To your DNS, add the following TXT record: v=spf1 -all.

3️⃣ It will take around 48 hours to take effect.

Now let's move on to setting up DKIM - Domain Key Identified Mail,

1️⃣ Visit the website of the domain administrator. Look for DNS management or settings.

2️⃣ Create a record type CNAME in your DNS settings.

3️⃣ CNAME Record 1

a. Name (host or alias): selector1._domainkey

b. Points to (alias to):

c. TTL: Enter 3600

d. Replace SalesBlinktutorial-com with your domain

4️⃣ CNAME Record 2

a. Name (host or alias): selector2._domainkey.

b. Points to (alias to):

c. TTL: Enter 3600 or 1 hour.

d. Replace SalesBlinktutorial-com with your domain.

5️⃣ This may take around 48 hours to take effect.

6️⃣ Enable DKIM for your domain in the Office 365 site:

a. ---

b. Log into your Admin Account.

c. Navigate to Menu on the top left of the page.

d. Go to Admin > Show All > Exchange > Protection > DKIM (Top Navigation Menu).

e. > Authoritative > Enable

There has been a change in this procedure by Microsoft. They may require you to enable DKIM through their PowerShell that works only with a PC or Windows device. It is not possible for those using other operating systems. You have to contact Office 365 support that is present on the bottom right corner of the admin dashboard of Office365.

If luck is by your side 😄, your domain may not require PowerShell for enabling DKIM DNS records. However, it is not so easy to find that out. Also, note that the DNS propagation into Office365 requires around 72 hours⌛.

Here's how to enable DKIM easily:

➡️Click on 'Show All' on the left-hand side navigation menu.
➡️Click on 'Exchange'.
➡️Click on 'Protection' on the left-hand side navigation menu.
➡️Click on DKIM on the TOP navigation menu.
➡️Click on your domains and enable DKIM.

You will be able to see two domains: your actual domain and the Microsoft domain.

Let's now set up DMARC - Domain-based Message Authentication, Reporting, and Conformance

1️⃣ Visit the domain admin's website and open the DNS manager.

2️⃣ Create a TXT Record

a. Name: _dmarc.{domain}

b. Time to Live (TTL)=Leave at the default or enter 3600 or 1 hour

c. HOSTNAME: _dmarc

d. VALUE (with email): v=DMARC1; p=quarantine; rua=mailto:{email}; pct=90; sp=none

a. The email version sends reports to the email address you put in there. It is completely optional. Here is the value without the email:

e. VALUE (no email): v=DMARC1; p=quarantine; pct=90; sp=none.

In case you are finding this tough, you can use a DMARC record generator.

Hope you found this helpful!

Still need help? Contact Us