DKIM Office 365 & DNS change GoDaddy :

Configuring DKIM  on Office 365 and GoDaddy

What is DKIM

DomainKeys Identified Mail is an email authentication method designed implemented to detect email spoofing . It enable the receiver to check that an email claamied to have cam e from a specific “domain “ for example how do you know if you received an email and it’s not spoofed?

It is intended to prevent forged sender address in emails, a very common and affective technique to harvest credentials or drop a malicious attached file to the target system

Read on phishing and email spam here

 

Ok so you bored by now and like to jump to configuration with Office 365 and your DNS provider?  Ok in my case I will be configuring Office 365 demo tenant I created for 30 day trail and my Go phishing service provider sorry I meant GoDaddy

Please note you should always use SPF/DMARC in addition to DKIM to prevent spoofers from sending you malicious emails looks like they are coming from your domain .

Does this sound complicated at all ? DKIM is simple especially with office 365 its almost no technical skill required but I still see people struggle with this concept

Step one 

Go to office 365 and exchange online protection and click DKIM ( By default the first DKIM and SPF already enabled for you but any other site you add you need to configure and enable dkim.

DKIM

1

Figure  1 DKIM configuration

If you decide to add new site In my example securesystem.co.uk is my domain and registered for office 365 domain demo tenant and now I want to enable  DKIM for www.securesystem.co.uk

Add your domain if and click on enable button  and you will get an error like this?

CNAME record does not exist for this config. Please publish the following two CNAME records first.

selector1-securesystem-co-uk._domainkey.securesystem1.onmicrosoft.com

selector2-securesystem-co-uk._domainkey.securesystem1.onmicrosoft.com

 

2

Figure 2 CNAME selectors for DKIM –

You need these selectors to be added to your external DNS service e.g Go Daddy or any other provider, it could be your own DNS service so that you can prove own the domain – I use Go Daddy because it’s cheap and easy to make dns changes

GoDaddy DNS portal

3-godaddy

Figure 3 add your selector1 to GoDaddy

 

Now we have configured the DNS and point CNAME to office 365 DKIM we test it by sending myself an email and capture the header

spf-signature

Figure 4 DLKIM header is pass and SPF already generated

Nslookup for testing ?

nslookup

Figure 4 nslookup with type=txt to check if DKIM work

Final word Remember Microsoft has the private key and you no longer have control of your own keys? Maybe secure maybe not but hey it’s easy to enable DKIM  J

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s