Step 1. When logged in to Microsoft, click on the DKIM page
Select the domain you wish to configure and if no DKIM there.
Step 2: Click Create DKIM keys. You will see a pop-up window stating that you need to add CNAME records. Copy the CNAMES shown in the pop up window
β
Step 3: Publish the copied CNAME records to your DNS service provider.
On your DNS provider's website, add CNAME records for DKIM that you want to enable. Make sure that the fields are set to the following values for each:
Record Type: CNAME (Alias)
> Host: Paste the values you copy from DKIM page.
Points to address: Copy the value from DKIM page.
TTL: 3600 (or your provider default)
Step 4: Return to DKIM page to enable DKIM.
You will also have to update your Domain Name Service (DNS) record so that you can use Sender Policy Framework (SPF) email authentication with your custom domain in Office 365.
v=spf1 include:spf.protection.outlook.com -all
The example above is the most common SPF TXT record. This record works for just about everyone, regardless of whether your Microsoft datacenter is located in the United States, or in Europe (including Germany), or in another location.
However, if you bought Office 365 Germany, part of Microsoft Cloud Germany, you should use the include statement from line 4 instead of line 2. For example, if you are hosted entirely in Office 365 Germany, that is, you have no on-premises mail servers, your SPF TXT record would include rows 1, 4, and 7 and would look like this:
v=spf1 include:spf.protection.outlook.de -all
Finally, here is a help document on how to ensure your DMARC is correctly configured.
β