Adding DKIM Records to O365

thecomputerguy

thecomputerguy

Well-Known Member
Reaction score
1,434
I want to make sure that I've been doing this right ... when I goto:

https://security.microsoft.com/dkimv2

Then toggle the switch to enable DKIM for the primary domain i.e. contoso.com NOT contoso.onmicrosoft.com it produces this DNS result

Host Name : selector1._domainkey
Points to address or value: selector1-contoso-com._domainkey.contoso.onmicrosoft.com

I've always found it strange that Microsoft is indicating that the DKIM record has the .onmicrosoft.com on it... is that correct?

In the admin center if I goto:

Settings > Domains > Select the default domain (contoso.com) > DNS Records > Check the box for DKIM

It produces the following record WITHOUT the .onmicrosoft.com as the record

Host Name : selector1._domainkey
Points to address or value: selector1-contoso-com._domainkey.contoso.k-v1.dkim.mail.microsoft

Have I been doing this wrong? Which one is correct, or are they both functionally correct and the end result is the same as in DKIM Pass?
 
When looking at the headers sent from one of the O365 accounts to my Gmail account it shows DKIM and SPF are passing ... so
 
You've got it nailed!

The UI tells you exactly what to use. And the reason it's onmicrosoft.com based, is because Microsoft needs control of that DNS space to give you something to reference. I've never done the dkim.mail.microsoft record... that's new. The DKIM entry on the DNS tab is new too.
 
Yeah MS certainly made it easier to belt out the DKIM records now.....think it was a little over a year ago. Prior to that, you used to have to dig into a different admin page before that...sometimes took a bit to load. And they way they had it...it wasn't easy to "cut 'n paste".
Now it's all right there up front when you're setting up all the DNS records....and...easy peasy to cut 'n paste. Love it!
 
I know a year or so back they updated the DKIM section of the Defender portal to give you the records and NOT CACHE the fault, so you could just copy pasta and click done. But I didn't realize they moved it into the DNS section, that's handy. Note, my tenant does NOT have this functionality, I still have to go into the email security policies to find my DKIM configuration.
 
You must log in or register to reply here.

Similar threads

YeOldeStonecat
Lenovos new ThinkPad X9 series
Replies
4
Views
436
twwabw
twwabw
HCHTech
Email authentication help
Replies
7
Views
889
Sky-Knight
Sky-Knight
thecomputerguy
Tenant to Tenant Migration (O365)
Replies
6
Views
874
timeshifter
timeshifter
thecomputerguy
I need help generating an SPF record.
2
Replies
22
Views
3K
thecomputerguy
thecomputerguy
mdownes
Site's firewall is blocking certain emails to that site's employees
Replies
8
Views
1K
Sky-Knight
Sky-Knight
Back
Top