Quick Fix: Enable DKIM for Office 365

DKIMIf you have been following some of my recent posts you’ll know i have been talking about Office 365 and Exchange Online and how you can tweak the settings to better secure your mail.

One of the steps for that is to setup DKIM. For Office 365 this requires two CNAME records to be published in your public DNS.

The problem i was having when setting up a new client, was knowing what the CNAME should be set to.

The pointer side, is easy. That is always:



However the Microsoft side, is always different and is linked to your tenant ID, in the same style as your Office 365 MX record.

selector1-<your domain>._domainkey.<your tenant id>.onmicrosoft.com

selector2-<your domain>._domainkey.<your tenant id>.onmicrosoft.com

The only way i was getting this, was by going through the GUI of Exchange Online in the Protection > DKIM section and trying to copy and paste the text, which was awkward because when you click on the text it takes you off to another tab explaining about DKIM.

Of course, PowerShell was the answer.

Adding these lines to the end of my ‘Setup 365 Anti Spam’ script, spits out the required DKIM records every time.


For brevity I’m just including the DKIM section below. Of course for this to work, you will need to be already connected to Exchange Online PowerShell.

$domain = Read-Host -Prompt "Enter Domain Name"
$dkim = Get-DKIMSigningConfig $domain
$cname1 = $dkim.Selector1Cname
$cname2 = $dkim.Selector2Cname
Write-Output "Create 2 CNAME Records"
Write-Output "Record 1: selector1._domainkey.$domain"
Write-Output "Record 1: $cname1"
Write-Output "Record 2: selector2._domainkey.$domain"
Write-Output "Record 2: $cname2"

quick Dkim

About Robert Pearman
Robert Pearman is a UK based Small Business Server enthusiast. He has been working within the SMB IT Industry for what feels like forever. Robert likes Piña colada and taking walks in the rain, on occasion he also enjoys writing about Small Business Technology like Windows Server Essentials or more recently writing PowerShell Scripts. If you're in trouble, and you can find him, maybe you can ask him a question.

2 Responses to Quick Fix: Enable DKIM for Office 365

  1. fbifido says:

    when would you need to use the second record of 1 & 2?

Leave a reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: