Enabling Outbound DKIM signing + Verifying the process of Outbound DKIM signing in the Office 365 environment | Part 10#10
In the current article, we were complete to process of “Enabling Outbound DKIM signing” in…
In the current article, we provide step by step guideline, for the task of – creating the required two “DKIM CNAME records,” that we needed to publish.
This is a preliminary step that we must complete. Only after the required “DKIM CNAME” records were successfully created, we can continue to the last step, in which we enable that outbound DKIM signing for a specific domain name registered with Office 365.
The domain for which we want to activate the “outbound DKIM signing” is – o365pilot.com
The prerequisite for enabling the outbound DKIM signing is – a creation of two CNAME records, that will be created in the DNS server who hosts the specified domain.
In our scenario, the 2 “DKIM CNAME” records, will include the following host’s names:
CNAME record 1#2
CNAME record 2#2
In case that you need to get more information about this specific host’s names whom we use in our scenario, and the PowerShell command that we use for getting the required host names for a specific domain; you can read the article – Get the value of the DKIM record for a Domain, using PowerShell | Office 365 | Part 7#10.
Using our public DNS management interface for creating the required two CNAME record that will be used for DKIM outbound signing in Office 365 environment.
In the next section, I will demonstrate how to create the two CNAME records, that will point to the Office 365 DKIM Selectors using the GoDaddy DNS management interface.
Regarding “other DNS management interfaces,” the major concepts of creating CNAME records are less or more the same on every DNS management interface, beside of some minor changes.
In the Gooday DNS management interface
In our scenario, we would like to create a NEW CNAME record.
In our specific scenario, the CNAME record will include the following hosts names:
In the “upper section” named – HOST:, we will add the host name: selector1._domainkey
It’s important to understand that because this hostname is hosted “under” the domain name – o365pilot.com , the FQDN (Fully qualified Hostname) will be – selector1._domainkey.o365pilot.com
In other words, don’t add the “full hostname” in the upper part, but only the “partial hostname” without the “Domain suffix part.”
The host name in the “upper part,” will be used for redirected requests to the dedicated Office 365 DKIM Selector record, that includes the Office 365 DKIM Public Key.
In the “bottom section” named – POINTS TO:, we will add the following host name:
Before we continue, it’s important to me to briefly review the concept of the DNS CNAME record because, many times this concept can be a bit confusing.
The CNAME record serves as a “logical router” that accepts a request for “object A” and redirects the required to “object B.”
In our case, each DNS query for the “DKIM selector” that is represented by the host name – selector1._domainkey.o365pilot.com, will be redirected
to the Host name selector1-o365pilot-com._domainkey.o365info2.onmicrosoft.com
Creating and configuring the second DKIM CNAME record
We will need to repeat this process for cratering an additional CNAME record, that will use for redirecting DKIM request to additional Office 365 host named – selector2
To add an additional record, we will click on the button – ADD ANOTHER
In the “upper section” named – HOST:, we will add the host name: selector2._domainkey
In the “bottom section” named – POINTS TO:, we will add the host name:
In the following screenshot, we can see the result; two new CNAME records created.
The next step
It’s recommended to continue to read the next article, which describe the “next step,” in which we review the process of – verify if the DKIM CNAME records are successfully published and available for external clients.
Verifying that the DKIM CNAME records configured properly | Office 365 | Part 9#10
This Post Has 3 Comments
One thing I can tell you is Don’t Bother to Ask Go-daddy for Help doing it.
Who ever created this port/howto, thank you very much, the script is a peace of diamond !! i wish if i could have the same skill, i don’t know from where to begin actually…
This works great… as long as microsoft hasn’t assigned your domain an ID that doesn’t exactly match. We have three websites that I’ll call aaaa.com, bbbb.com, and cc-cc.com. The GUIDs assigned through Office 365 are aaaa.com, bbbb.com, and cccc.com01i. That means for aaaa.com and bbbb.com these instructions work perfectly, and think you, but for the third, we’re still out of luck. Any thoughts on this?