By configuring DomainKeys Identified Mail (DKIM) for Office 365, you can ensure that destination email systems trust messages sent outbound from your custom domain. The header of your outgoing emails will be encrypted with a private key. After publishing a public key to your domain’s DNS record, the receiving servers can decode the signature.
Although Office 365 sets up DKIM automatically for initial domains, there are some further scenarios where you might want to set up DKIM manually, such as:
- You are also going to set up DMARC
- You have more that one custom domain in Office 365
- You want control over your private DKIM key, which is essential for setting up DKIM
- You want to customize your CNAME record, which is essential for setting up DKIM
- You want to set up DKIM keys for email originating out of a third-party domain, e.g., if you use a third-party bulk mailer.
All these scenarios require you to complete three steps:
- Create a Private Key for signing and a Public Key for publishing
- Publish two CNAME records for your custom domain in DNS
- Enable DKIM signing for your custom domain in Office 365
Before You Begin
- For the upcoming step Publish two CNAME records for your custom domain in DNS, you must apply the steps explained in How to Create a DNS Resource Record.
Create a Private Key for Signing and a Public Key for Publishing
For more information, consult your system's documentation to find the right steps for this task.
Create and Publish two CNAME Records for Your Custom Domain
For more information, see What you need to do to manually set up DKIM in Office 365.
Enable DKIM Signing for Your Custom Domain in Office 365
Follow the steps explained in Use DKIM to validate outbound email sent from your custom domain in Office 365.