Enable DKIM for Outgoing Email in Office 365

  • by

Please refer to the following steps on How to Enable DKIM for outgoing Email in Office 365

It is strongly recommended to go through all the articles https://o365info.com/dkim-domain-keys-identified-mail-basic-introduction-part-1-of-5 to have a detail understanding on how DKIM is working in detail

Get the DNS Records for DKIM
The first part of the CNAME would be always as below
selector1._domainkey.PUBLIC-DOMAIN-NAME
selector2._domainkey.PUBLIC-DOMAIN-NAME

Get the second part of the CNAME using PowerShell

Get-DkimSigningConfig aventis.xyz | FL *CNAME
Selector1CNAME : selector1-aventis-xyz._domainkey.M365x641205.onmicrosoft.com
Selector2CNAME : selector2-aventis-xyz._domainkey.M365x641205.onmicrosoft.com

Add the CNAME records to the Public DNS Server

Verified the CNAME & TXT records are updated
PS C:\WINDOWS\system32> nslookup
Default Server: UnKnown
Address: 100.64.0.3

set type=txt
selector1-aventis-xyz._domainkey.M365x641205.onmicrosoft.com
Server: UnKnown
Address: 100.64.0.3

Non-authoritative answer:
selector1-aventis-xyz._domainkey.M365x641205.onmicrosoft.com text =
"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLxWhvwMZDfG8vNUrta0tHuFmkUJOWGw7taWQCprR/9S5chYF8mZQ+i5iRtSqggQqnFlk8JiZoWkV32YgYnW3tLNF1qA2RNxpHaQ1h4jYM+b+iQDt6WIn7MMiJm8cjbLYauIjj+yK0maLUKVcs56qWGdeVXxHRJvfY7/9J6+ELgQIDAQAB;"

Enable the DKIM in Office 365

Set-DkimSigningConfig aventis.xyz -Enabled $true 
Get-DkimSigningConfig aventis.xyz 

Domain      Enabled
------      -------
aventis.xyz True

Verified that the Outgoing Email is signed with DKIM
1. Go to http://dkimvalidator.com/ and send a test Email to the address shown
2. click on view result

DKIM Signature
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aventis.xyz;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=6iC62/vOKTXI4aP/2vwu7vVeJMjH9YG6mKvf66OuAyI=;
b=g0GncBBsMWkFDhGAGpYOgwLegZrWCya+PWFqiC2wjOOggkcBABPNnGODvSktLhA6VRoEbD2nheD2afs/xu4SsKQS2edtSOcb6cbEBe3+GkC8FMpxxSS5KOVjo8wsBAx1H+HCcW9Sto7Rmr/zCchFlWfZCGuPHnffIBL0oMjOHdQ=

Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/relaxed
d= Domain: aventis.xyz
s= Selector: selector1
q= Protocol:
bh= 6iC62/vOKTXI4aP/2vwu7vVeJMjH9YG6mKvf66OuAyI=
h= Signed Headers: From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck
b= Data: g0GncBBsMWkFDhGAGpYOgwLegZrWCya+PWFqiC2wjOOggkcBABPNnGODvSktLhA6VRoEbD2nheD2afs/xu4SsKQS2edtSOcb6cbEBe3+GkC8FMpxxSS5KOVjo8wsBAx1H+HCcW9Sto7Rmr/zCchFlWfZCGuPHnffIBL0oMjOHdQ=
Public Key DNS Lookup

Building DNS Query for selector1._domainkey.aventis.xyz
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLxWhvwMZDfG8vNUrta0tHuFmkUJOWGw7taWQCprR/9S5chYF8mZQ+i5iRtSqggQqnFlk8JiZoWkV32YgYnW3tLNF1qA2RNxpHaQ1h4jYM+b+iQDt6WIn7MMiJm8cjbLYauIjj+yK0maLUKVcs56qWGdeVXxHRJvfY7/9J6+ELgQIDAQAB;
Validating Signature

result = pass
Details: