DKIM signing in Office 365

Shaun Ewing 4 Comments

This week I came across a post from Terry Zink (http://blogs.msdn.com/b/tzink/archive/2015/10/08/manually-hooking-up-dkim-signing-in-office-365.aspx) on how to activate DKIM signing for outbound email messages in Office 365.

I’ve been waiting for this feature for quite some time and was keen to get it going for both my personal email (on shaun.net) and my business email (on ewing.net.au).

To get started the first thing I needed to do was create two CNAMEs in the DNS zone for shaun.net. This provides two DKIM key selectors – which allows for automatic key rotations.

The records that I needed to create were:

The “shaun-net” is the domain GUID and can be retrieved from the MX record for your domain. Mine for example looks like:

I use AWS Route53 to host my DNS, so adding the records was as follows:


The second step was to enable DKIM signing on my domain. This isn’t yet available in the Office365 console but can be done using Powershell with Exchange Online.

The command I executed was:

The output was as follows:

Once this was done I went to the Exchange Admin Center under Protection → DKIM. Here you can see that it has been enabled successfully.


With this in place I sent a message to my Gmail account and checked the headers for successful DKIM validation. Here it is!

DKIM Outbound is still showing as rolling out on the Office 365 Roadmap so if this doesn’t work for you, your account may not have been activated to use this feature yet. Nonetheless it’s a very welcome feature and I’m pleased to see it was relatively easy to setup.

About the Author

Comments 4

  1. Does any of you guys know if the dot gets replace by the hyphen then what is the hyphen replaced with? in a domain that contains a dash example: my-domain.com?

  2. Hi Bob, have you tried using a dash wherever there’s a dot in your domain name?

    If shaun.net became shaun-net
    your bob.ac.uk should likewise become bob-ac-uk

    Try it, it ought to work 😉

Leave a Reply

Your email address will not be published. Required fields are marked *