Enabling DKIM on Office365 is easy (as bathing a cat)
How hard can it be?
Super hard, it turns out. But I hope this post will make it easier for you.
In order to produce some documentation for a client on setting up DKIM under Office365, I undertook to migrate a test domain of mine to Office365, and set it up. This way, I’d produce better documentation, having had personal, hands-on experience (and screenshots). How hard could it be?
Friends don’t let friends use non-working email addresses
First, I made a noob mistake, and bought my Office365 subscription with the email address I intended to use with it (i.e., a currently non-working email address). After my purchase, when I attempted to sign in, I received a mysterious error and was advised to “try again later”. Of course, not having a working email address, I wasn’t able to do an “account recovery” or reset my password in any way.
Fortunately, Safari had saved my (randomly generated) password to iCloud Keychain, and I was able to recover it and login the next day.
Here’s the CNAMES I had to add to protect elpenguino.net:
selector1._domainkey --> selector1.selector1-elpenguino-net._domainkey.elpenguinonet.onmicrosoft.com selector1._domainkey --> selector2-elpenguino-net._domainkey.elpenguinonet.onmicrosoft.com
Part of the CNAME destination is my initial domain, and the other is the domainGUID. Neither match my actual domain.
So after I figured out the magic DNS records needed, I thought I’d be able to turn on DKIM signing, and get cracking. No. Turns out that for reasons unknown (but apparently rather common), to enable DKIM signing for my domain, I needed to break out some PowerShell.
Homebrew saved me, and with a quick
brew cask install powershell, I had a PowerShell CLI on my Macbook.
Assuming you’re in a similar situation, you’ll want to run the following commands via PowerShell:
Prepare to login:
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Do something else:
Import-PSSession $Session -DisableNameChecking
Enable DKIM signing for yourdomain.com:;
New-DkimSigningConfig -DomainName "yourdomain.com" -Enabled $true
Here’s my error-filled beginner’s attempt to drive PowerShell:
So, finally I can navigate to my Office365 Exchange Admin settings, and enable DKIM signing.
Best of luck to you, fair adventurer!