Help Center
< All Topics
Print

Introduction

DKIM, or DomainKeys Identified Mail, is an email authentication method that uses a digital signature to let the receiver of an email know that the message was sent and authorized by the owner of a domain, such as speakeasy-aphasia.org.uk. Without correct configuration, emails sent by Speakeasy could get rejected as SPAM. This article describes how DKIM and SPF was configured for Speakeasy.

Configuration

Obtain Keys

Navigate to:

https://security.microsoft.com/authentication?viewid=DKIM

Click on a domain for which DKIM is to be enabled – in our case it was speakeasy-aphasia.org.uk.

Click “Create DKIM Keys” button. A screen will appear containing some CNAME records

Copy these keys using the Copy button.

Configure DNS records

Login to our web address provider, FastHosts (details are in BitWarden)

Navigate to Domain Names….speakeasy-aphasia.org.uk…DNS

Add the keys that were copied ion the previous step as CNAME records –

Domain:  Speakeasy570.onmicrosoft.com

Host Name : selector1._domainkey
Points to: selector1-Speakeasy570-onmicrosoft-com._domainkey.Speakeasy570.onmicrosoft.com

Host Name : selector2._domainkey
Points to: selector2-Speakeasy570-onmicrosoft-com._domainkey.Speakeasy570.onmicrosoft.com

Domain: speakeasy-aphasia.org.uk

Host Name : selector1._domainkey
Points to: selector1-speakeasyaphasia-org-uk02c._domainkey.Speakeasy570.onmicrosoft.com

Host Name : selector2._domainkey
Points to: selector2-speakeasyaphasia-org-uk02c._domainkey.Speakeasy570.onmicrosoft.com

NOTE: Configure just the second of the above domains in FastHosts (the first one is not a FastHosts domain, so it doesn’t need adding)

Check DKIM Configuration

Go back to the DKIM page for each of the domains and click “Enabled”. speakeasy570.onmicrosoft.com should return without an error as it should already be configured by Microsoft.

Repeat for speakeasy-aphasia.org.uk – an error will appear until the CNAME records have been propagated – keep trying periodically.

DMARC configuration

Follow the article given below.

https://learn.microsoft.com/en-gb/microsoft-365/security/office-365-security/email-authentication-dmarc-configure?view=o365-worldwide

Note: configuration is similar to DKINM, except TXT records need to be created in FastHosts rather than CNAME records.

Follow the guidelines regarding a gradual transition from “p=none” to “p=reject” for any domains other than the onmicrosoft.com domain.