Enable DKIM for Outgoing Email in Office 365

Enable DKIM for Outgoing Email in Office 365

Please refer to the following steps on How to Enable DKIM for outgoing Email in Office 365

It is strongly recommended to go through all the articles https://o365info.com/dkim-domain-keys-identified-mail-basic-introduction-part-1-of-5 to have a detail understanding on how DKIM is working in detail

Get the DNS Records for DKIM
The first part of the CNAME would be always as below
selector1._domainkey.PUBLIC-DOMAIN-NAME
selector2._domainkey.PUBLIC-DOMAIN-NAME

Get the second part of the CNAME using PowerShell

Get-DkimSigningConfig aventis.xyz | FL *CNAME
Selector1CNAME : selector1-aventis-xyz._domainkey.M365x641205.onmicrosoft.com
Selector2CNAME : selector2-aventis-xyz._domainkey.M365x641205.onmicrosoft.com

Add the CNAME records to the Public DNS Server

Verified the CNAME & TXT records are updated
PS C:\WINDOWS\system32> nslookup
Default Server: UnKnown
Address: 100.64.0.3

set type=txt
selector1-aventis-xyz._domainkey.M365x641205.onmicrosoft.com
Server: UnKnown
Address: 100.64.0.3

Non-authoritative answer:
selector1-aventis-xyz._domainkey.M365x641205.onmicrosoft.com text =
"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLxWhvwMZDfG8vNUrta0tHuFmkUJOWGw7taWQCprR/9S5chYF8mZQ+i5iRtSqggQqnFlk8JiZoWkV32YgYnW3tLNF1qA2RNxpHaQ1h4jYM+b+iQDt6WIn7MMiJm8cjbLYauIjj+yK0maLUKVcs56qWGdeVXxHRJvfY7/9J6+ELgQIDAQAB;"

Enable the DKIM in Office 365

Set-DkimSigningConfig aventis.xyz -Enabled $true 
Get-DkimSigningConfig aventis.xyz 

Domain      Enabled
------      -------
aventis.xyz True

Verified that the Outgoing Email is signed with DKIM
1. Go to http://dkimvalidator.com/ and send a test Email to the address shown
2. click on view result

DKIM Signature
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aventis.xyz;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=6iC62/vOKTXI4aP/2vwu7vVeJMjH9YG6mKvf66OuAyI=;
b=g0GncBBsMWkFDhGAGpYOgwLegZrWCya+PWFqiC2wjOOggkcBABPNnGODvSktLhA6VRoEbD2nheD2afs/xu4SsKQS2edtSOcb6cbEBe3+GkC8FMpxxSS5KOVjo8wsBAx1H+HCcW9Sto7Rmr/zCchFlWfZCGuPHnffIBL0oMjOHdQ=

Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/relaxed
d= Domain: aventis.xyz
s= Selector: selector1
q= Protocol:
bh= 6iC62/vOKTXI4aP/2vwu7vVeJMjH9YG6mKvf66OuAyI=
h= Signed Headers: From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck
b= Data: g0GncBBsMWkFDhGAGpYOgwLegZrWCya+PWFqiC2wjOOggkcBABPNnGODvSktLhA6VRoEbD2nheD2afs/xu4SsKQS2edtSOcb6cbEBe3+GkC8FMpxxSS5KOVjo8wsBAx1H+HCcW9Sto7Rmr/zCchFlWfZCGuPHnffIBL0oMjOHdQ=
Public Key DNS Lookup

Building DNS Query for selector1._domainkey.aventis.xyz
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLxWhvwMZDfG8vNUrta0tHuFmkUJOWGw7taWQCprR/9S5chYF8mZQ+i5iRtSqggQqnFlk8JiZoWkV32YgYnW3tLNF1qA2RNxpHaQ1h4jYM+b+iQDt6WIn7MMiJm8cjbLYauIjj+yK0maLUKVcs56qWGdeVXxHRJvfY7/9J6+ELgQIDAQAB;
Validating Signature

result = pass
Details:

Leave a Comment