DMARC, DKIM & SPF setup tutorials Watch on YouTube

Microsoft 365 Domain Authentication - Configure & Setup SPF, DKIM, DMARC Records

3 min read 9 months ago
Published on Sep 08, 2024 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial provides a comprehensive guide to configuring and setting up SPF, DKIM, and DMARC records for Microsoft 365. These DNS records are essential for domain authentication, helping to prevent your emails from being marked as spam. By following this step-by-step guide, you will enhance your email security and improve deliverability.

Step 1: Understanding SPF Records

SPF (Sender Policy Framework) records help to specify which mail servers are permitted to send emails on behalf of your domain.

How to Set Up SPF Records

  1. Log into your Domain Provider: Access the DNS management section of your domain registrar.

  2. Create a New TXT Record

    • Name: Enter your domain name (e.g., yourdomain.com).
    • Value: Use the following format:
      v=spf1 include:spf.protection.outlook.com -all
    • TTL: Set to a default value (e.g., 3600 seconds).
  3. Save the Record: Ensure you save your changes.

Practical Tip

  • Use an SPF validation tool to check if your SPF record is correctly configured.

Step 2: Configuring DKIM Records

DKIM (DomainKeys Identified Mail) adds a digital signature to your emails, verifying that they haven't been altered.

How to Set Up DKIM Records

  1. Access Microsoft 365 Admin Center: Navigate to your admin center.

  2. Enable DKIM Signing

    • Go to Exchange > Protect > DKIM.
    • Select your domain and click on Enable.

  3. Add the DKIM CNAME Records

    • Log back into your Domain Provider.

    • Create two CNAME records

      • Name: selector1._domainkey.yourdomain.com
        • Value: selector1-yourdomain-com._domainkey.yourdomain.onmicrosoft.com
      • Name: selector2._domainkey.yourdomain.com
        • Value: selector2-yourdomain-com._domainkey.yourdomain.onmicrosoft.com
    • TTL: Set to a default value (e.g., 3600 seconds).
  4. Save the Records: Ensure you save your changes.

Common Pitfalls

  • Make sure to replace yourdomain.com with your actual domain name in each record.

Step 3: Setting Up DMARC Records

DMARC (Domain-based Message Authentication, Reporting & Conformance) helps to protect your domain from spoofing.

How to Set Up DMARC Records

  1. Create a New TXT Record

    • Name: _dmarc.yourdomain.com
    • Value: Use the following format:
      v=DMARC1; p=none; rua=mailto:your-email@yourdomain.com; ruf=mailto:your-email@yourdomain.com; adkim=s; aspf=s
    • TTL: Set to a default value (e.g., 3600 seconds).
  2. Save the Record: Ensure you save your changes.

Practical Tip

  • Start with p=none for monitoring purposes, then switch to p=quarantine or p=reject after confirming everything works correctly.

Conclusion

By following the steps outlined in this tutorial, you have set up SPF, DKIM, and DMARC records for your Microsoft 365 domain. These configurations will help prevent unauthorized use of your domain and improve your email deliverability.

Next Steps

  • Regularly monitor your domain's email authentication reports.
  • Use the DMARC Check Tool to verify your settings: DMARC Check Tool.
  • Consider using the SPF Merge Tool if you have multiple SPF records: SPF Merge Tool.

Table of Contents

Recent