MrTech Melbourne
All guides
Email4 min read

How to enable DKIM in Microsoft 365

Step-by-step overview for turning on DKIM signing and publishing the DNS records Microsoft requires.

By MrTech MelbournePublished 15 June 2026Updated 4 June 2026
01

Prerequisites

The domain must be an accepted domain in Exchange Online with valid MX mail flow. You need DNS access at whichever host is authoritative for the domain — registrar, Cloudflare, or web agency.

02

Enable in the admin centre

In Microsoft Defender for Office 365 or the Exchange admin path for DKIM, select the domain and create the key. Microsoft shows two CNAME records (selectors) to publish. Enable signing only after DNS is live.

03

Publish DNS records

Add both CNAMEs exactly as shown — no typos in selector names. Wait for propagation, then toggle DKIM to enabled. If you use split DNS providers, confirm public resolvers see the same answers as your checker.

04

Confirm alignment

Send outbound mail and verify DKIM=pass in headers. Pair with SPF and DMARC. Third-party senders (CRM, ticketing) may need their own DKIM/SPF includes — your Microsoft DKIM alone does not cover them.

Try it now

Run the related tools

Need a hand?

Run the tools. Then talk to us.

Use our free diagnostics to see what is wrong, then get Melbourne IT support for the fix.

Keep reading

More guides