Quick Fix: Enable DKIM for Office 365

If you have been following some of my recent posts you’ll know i have been talking about Office 365 and Exchange Online and how you can tweak the settings to better secure your mail.

One of the steps for that is to setup DKIM. For Office 365 this requires two CNAME records to be published in your public DNS.

The problem i was having when setting up a new client, was knowing what the CNAME should be set to.

The pointer side, is easy. That is always:

selector1._domainkey.<yourdomain>

selector2._domainkey.<yourdomain>

However the Microsoft side, is always different and is linked to your tenant ID, in the same style as your Office 365 MX record.

selector1-<your domain>._domainkey.<your tenant id>.onmicrosoft.com

selector2-<your domain>._domainkey.<your tenant id>.onmicrosoft.com

The only way i was getting this, was by going through the GUI of Exchange Online in the Protection > DKIM section and trying to copy and paste the text, which was awkward because when you click on the text it takes you off to another tab explaining about DKIM.

Of course, PowerShell was the answer.

Adding these lines to the end of my ‘Setup 365 Anti Spam’ script, spits out the required DKIM records every time.

Easy.

For brevity I’m just including the DKIM section below. Of course for this to work, you will need to be already connected to Exchange Online PowerShell.


$domain = Read-Host -Prompt "Enter Domain Name"
$dkim = Get-DKIMSigningConfig $domain
$cname1 = $dkim.Selector1Cname
$cname2 = $dkim.Selector2Cname
Write-Output "Create 2 CNAME Records"
Write-Output "Record 1: selector1._domainkey.$domain"
Write-Output "Record 1: $cname1"
Write-Output "Record 2: selector2._domainkey.$domain"
Write-Output "Record 2: $cname2"