Skip to main content

Setting up DKIM and DMARC records

To setup Microsoft 365 DKIM

  1. Login to the M365 admin centre and then go to https://security.microsoft.com/threatpolicy
  2. Rules | Email authentication settings
  3. Click on the DKIM menu option
  4. Click on the domain and then copy the DKIM records, there should be two
    1. selector1._domainkey.customerdomain.co.nz
    2. selector2._domainkey.customerdomain.co.nz
  5. Create two CName records in the customer Domain management portal
  6. Go back to the M365 portal and verify the two DKIM records by enabling DKIM on the domain

To Setup DMARC

  1. To setup DMARC you will need a correct SPF and DKIM record in place
  2. Work out a DMARC TXT record following this syntax
Name
_dmarc.customerdomain.co.nz
Content
"v=DMARC1; p=none; pct=100; rua=mailto:dmarc@elliotit.co.nz; ruf=mailto:dmarc@elliotit.co.nz; fo=1; ri=86400"

P=none – is for testing purposes, eventually you will want to change to quarantine or Reject

pct=100 –  is enable for 100 percent of emails

Rua=  is reporting any failures

Ruf = is reporting any failures in detail – not all sending servers support this

Fo =  DMARC failure report if any underlying authentication mechanism (SPF or DKIM) produced something other than an aligned “pass” resul

Ri = Reporting interval

https://mxtoolbox.com/dmarc/details/dmarc-tags

Here is a good DMAC Parser where you can upload the reports- Free online DMARC aggregate reports XML analyzer - DMARC, SPF, DKIM tools | EasyDMARC