DKIM Record Construction
DKIM requires setup on the sending server. In the case of Microsoft 365, this is configured in 365 Defender. To enable DKIM in Microsoft 365, the DNS record has to exist. The actual DKIM record is simple, but the server is queried for the key. Below are the actual record and the translated public record.
Microsoft 365 DKIM DNS Record (1) - Actual Record
selector1-example-com._domainkey.example.onmicrosoft.com.
Microsoft 365 DKIM DNS Record (2) - Actual Record
selector2-example-com._domainkey.example.onmicrosoft.com.
Microsoft 365 DKIM DNS Record - Public View
v=DKIM1; k=rsa; p=MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgG2pFI5LpUou9yMvDDUZ0Sj1JvEqgUoBIta5Wuzo1sWXfOdkWtPpAGKkFamhYRffR7Jag4MiHQY+PCAXFFSVxbMfiq4DoYWf6eLeDK7iyM1ZIgq5P2IrY5xWBkeuFLqaYbft+b7YiiyPAo7Og7XVEps97P0MOvpowinJfTKZdb5BAgMBAAE=;
| Tag | TagValue | Name | Description |
|---|---|---|---|
| v | DKIM1 | Version | Identifies the record retrieved as a DKIM record. It must be the first tag in the record. |
| k | rsa (Length: 2048 bits) | Key Type | The type of the key used by tag (p). |
| p | MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgG2pFI5LpUou9yMvDDUZ0Sj1JvEqgUoBIta5Wuzo1sWXfOdkWtPpAGKkFamhYRffR7Jag4MiHQY+PCAXFFSVxbMfiq4DoYWf6eLeDK7iyM1ZIgq5P2IrY5xWBkeuFLqaYbft+b7YiiyPAo7Og7XVEps97P0MOvpowinJfTKZdb5BAgMBAAE= | Public Key | The syntax and semantics of this tag value before being encoded in base64 are defined by the (k) tag. |
NEXT STEPS
Configure SPF Policy
Configure DMARC Reports