In this article, I will show step-by-step instructions to setup office 365 DKIM (Enable Microsoft Office 365 DKIM).

What is DKIM?

DKIM (Domain Keys Identified Mail) is a cryptographic protocol. It is a DNS Record that holds Public authentication Keys that are published in the domain DNS Zone. This public key validates using a private key that is saved privately inside the mail server. If DKIM public key and private key match, then the email sent from your domain will be digitally signed. This ensures the originality of an email and helps to get a high sending score. DKIM also helps to increase email deliverability and protection against Spamming and phishing attempts. This article is all about setup Microsoft office 365 DKIM.

Setup Office 365 DKIM:

To setup Microsoft Office 365 DKIM using PowerShell, you have to open the Windows Powershell “run as administrator”.

If you are a Mac user, you can install Powershell from here.


Set-ExecutionPolicy RemoteSigned

Press enter & you will get this – “Do you want to change the execution policy?”

Type ” Y ” and press enter again.


$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection

A popup will appear and you have to enter your Microsoft Office 365 admin Email & Password.


Import-PSSession $Session -DisableNameChecking

Press enter again & wait for the process to finish.


New-DkimSigningConfig -DomainName” -Enabled $true

press enter & you will see something like below:


If you see something like this, it’s good news for you. Office 365 DKIM Records are successfully generated (Yellow highlighted Cname records)

The CNAME records like:


in our example it will look like this:

Note: Please draw close attention to the domainGUID ( <domainGUID> ) which does not use a full stop “.” but a dash “-” instead.

Now you have to copy two Cname values and create DNS Records (CNAME) in your domain DNS like this:

TTL: default or 3600

TTL: default or 3600

If you don’t know where is your Domain DNS then you can check your Domain DNS Zone (Name Server) from GWhois, for example:


Remove-PSSession $Session

Quick Note: After that, wait for at least 1 or 2 hours. Because DNS Propagation takes time like a few hours or up to 24 hours. And you can check propagation using DNS Propagation Checker or DNS Watch.

Enable Microsoft Office 365 DKIM signing:

Once you have added two Cname records, DKIM can be enabled using the following steps:

And Congratulations !! DKIM is Activated (Enabled) now.

If you need more information about configuring Microsoft Office 365 DKIM, please visit Microsoft.