My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. Microsoft Office 365 Setup

How to setup SPF and DKIM for Microsoft Office 365

2 mins read

This guide outlines the steps to configure Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) for your domain in Microsoft Office 365, ensuring compliance with Domain-based Message Authentication, Reporting, and Conformance (DMARC) standards.

Prerequisites:
  • A domain should have only one SPF record.
  • Administrator access to Microsoft Office 365.
  • Administrator access to your DNS provider.
SPF Setup:
Identify existing SPF Record:

Check if your domain already has an SPF record by querying your DNS records here.

Add or Modify SPF Record:

If no SPF record exists, create one with the following value:

v=spf1 include:spf.protection.outlook.com ~all

If an SPF record exists, modify it to include Microsoft’s SPF record:

v=spf1 include:example.com include:spf.protection.outlook.com ~all
DKIM Setup:
  1. Sign in to the Microsoft Defender portal and navigate to:
    Email & collaboration > Policies & rules > Threat policies > Email authentication settings
    (Direct link: https://security.microsoft.com/authentication)
  2. In the Email authentication page, select the DKIM tab.
  3. Locate the domain you want to configure and click on it.
  4. In the domain settings, toggle Sign messages for this domain with DKIM signatures to On.
  5. A dialog will open, displaying two required CNAME records.
  6. Open your domain’s DNS settings in another tab and create the required CNAME records.
  7. Return to the Microsoft Defender portal and confirm that Sign messages for this domain with DKIM signatures is enabled.
Verification:

Once enabled, verify the following in the DKIM settings page:

  • Sign messages for this domain with DKIM signatures is set to Enabled.
  • Status displays Signing DKIM signatures for this domain.
  • Rotate DKIM keys is available as an option.
  • Last checked date is recent

Use tools like dmarclytics.io to verify your SPF and DKIM configurations.​

Support:

For assistance, contact us via live chat or submit a support ticket.​

By implementing these steps, your domain will be configured for DMARC compliance, enhancing email security and deliverability.

Access denied
Access denied