Configuring DKIM on Office 365 and GoDaddy
What is DKIM
DomainKeys Identified Mail is an email authentication method designed implemented to detect email spoofing . It enable the receiver to check that an email claamied to have cam e from a specific “domain “ for example how do you know if you received an email and it’s not spoofed?
It is intended to prevent forged sender address in emails, a very common and affective technique to harvest credentials or drop a malicious attached file to the target system
Ok so you bored by now and like to jump to configuration with Office 365 and your DNS provider? Ok in my case I will be configuring Office 365 demo tenant I created for 30 day trail and my Go phishing service provider sorry I meant GoDaddy
Please note you should always use SPF/DMARC in addition to DKIM to prevent spoofers from sending you malicious emails looks like they are coming from your domain .
Does this sound complicated at all ? DKIM is simple especially with office 365 its almost no technical skill required but I still see people struggle with this concept
Go to office 365 and exchange online protection and click DKIM ( By default the first DKIM and SPF already enabled for you but any other site you add you need to configure and enable dkim.
Figure 1 DKIM configuration
If you decide to add new site In my example securesystem.co.uk is my domain and registered for office 365 domain demo tenant and now I want to enable DKIM for www.securesystem.co.uk
Add your domain if and click on enable button and you will get an error like this?
CNAME record does not exist for this config. Please publish the following two CNAME records first.
Figure 2 CNAME selectors for DKIM –
You need these selectors to be added to your external DNS service e.g Go Daddy or any other provider, it could be your own DNS service so that you can prove own the domain – I use Go Daddy because it’s cheap and easy to make dns changes
GoDaddy DNS portal
Figure 3 add your selector1 to GoDaddy
Now we have configured the DNS and point CNAME to office 365 DKIM we test it by sending myself an email and capture the header
Figure 4 DLKIM header is pass and SPF already generated
Nslookup for testing ?
Figure 4 nslookup with type=txt to check if DKIM work
Final word Remember Microsoft has the private key and you no longer have control of your own keys? Maybe secure maybe not but hey it’s easy to enable DKIM J