Warmy Blog

A Guide to Implementing DKIM in Office 365 for Custom Domains

Talk with a deliverability expert!

No need to flee, it’s totally free

          TABLE OF CONTENTS

    Email security is a critical aspect of modern communication, and businesses must take steps to protect their email domains from spoofing, phishing, and other types of email fraud.

    One effective way to enhance email security is to implement DomainKeys Identified Mail (DKIM) in Office 365 for email validation in custom domains.

    In this article, we will explore what DKIM is, how it works, and step-by-step instructions on how to set it up in Office 365, along with real-world examples.

    What is DKIM?

    DKIM, short for DomainKeys Identified Mail, is an email authentication method that allows the recipient’s email server to verify that the incoming email has been sent by the domain it claims to be from and that it has not been tampered with during transit. It uses a digital signature that is added to the email header, which is generated by the sending domain’s private key and can be verified using the public key published in the domain’s DNS (Domain Name System) record.

    DKIM helps prevent email spoofing, where an attacker forges the “From” address of an email to make it appear as if it was sent from a legitimate domain, thereby protecting the domain’s reputation and reducing the risk of email fraud.

    How does DKIM work?

    DKIM works by adding a digital signature to the header of an outgoing email. This signature is generated by the sender’s domain using a private key, which is kept secure and not shared with anyone.

    The recipient’s email server then verifies the signature using the public key published in the domain’s DNS record. If the signature is valid and the email has not been tampered with during transit, it is considered authentic, and the recipient’s email server delivers it to the recipient’s inbox.

    Here's an example of how DKIM works:

    Let’s say a user from a domain example.com sends an email to a recipient at another domain, such as example.org. When the email is sent, example.com’s email server generates a digital signature using its private key and adds it to the email header.

    The recipient’s email server then receives the email and checks the DKIM signature against the public key published in example.com’s DNS record. If the signature is valid, the email is considered authentic and is delivered to the recipient’s inbox.

    How to set up DKIM in Office 365 for custom domains

    Setting up DKIM in Office 365 for custom domains involves several steps, including generating a DKIM key pair, adding the public key to the domain’s DNS record, and enabling DKIM signing in Office 365.

    Step 1: Generate a DKIM Key Pair xample

    The first step is to generate a DKIM key pair, which consists of a private key and a public key. The private key is kept secure and not shared with anyone, while the public key is published in the domain’s DNS record.

    To generate a DKIM key pair, follow these steps:

    ◾ Sign in to the Office 365 Admin Center using your admin account.

    ◾ Go to the Exchange Admin Center.

    ◾ In the left-hand menu, click on “Domains” and select the custom domain for which you want to set up DKIM.

    ◾ Click on “Domain Settings” and select “DKIM” from the drop-down menu.

    ◾ Click on “Enable” to generate a new DKIM key pair.

    Office 365 will generate a unique DKIM key pair for your domain, and you will see the public key displayed on the screen. Make sure to copy the public key as you will need to add it to your domain’s DNS record in the next step.

    Step 2: Add the Public Key to Your Domain's DNS Record

    Once you have generated the DKIM key pair in Office 365, the next step is to add the public key to your domain’s DNS record. This allows the recipient’s email server to verify the authenticity of the outgoing emails from your domain.

    To add the public key to your domain’s DNS record, follow these steps:

    ◾ Log in to your domain registrar or DNS hosting provider’s website.

    ◾ Navigate to the DNS management section or DNS settings for your domain.

    ◾ Locate the TXT record for your domain’s DNS settings.

    ◾ Add a new TXT record with the following information:

    Name/Host/Domain: This should be the selector prefix followed by “_domainkey” and your domain name, separated by periods.

    For example, if your selector prefix is “selector1” and your domain name is “example.com”, the name/host/domain should be “selector1._domainkey.example.com”.

    Value/Text: This should be the public key that you copied from the Office 365 Admin Center when you generated the DKIM key pair. Make sure to include the entire public key, including the “v=DKIM1; k=rsa; p=” prefix.

    ◾ Save the changes to your DNS record

    It may take some time for the changes to propagate across the DNS system, so be patient and wait for the changes to take effect.

    Step 3: Enable DKIM Signing in Office 365

    After adding the public key to your domain’s DNS record, the next step is to enable DKIM signing in Office 365. This tells Office 365 to sign outgoing emails from your domain with the private key that you generated in the first step.

    To enable DKIM signing in Office 365, follow these steps:

    ◾ Go back to the Exchange Admin Center in the Office 365 Admin Center.

    ◾ Click on “Domain Settings” and select “DKIM” from the drop-down menu.

    ◾ Click on “Enable” if it is not already enabled.

    Office 365 will now start signing outgoing emails from your domain with the private key, and the emails will contain a DKIM signature in the header.

    Benefits of using DKIM in Office 365

    Implementing DKIM in Office 365 for email validation in custom domains offers several benefits, including:

    ✅ Enhanced Email Security

    DKIM helps enhance the security of your domain’s outgoing emails by adding a digital signature that verifies the authenticity of the sender. This helps prevent email fraud, spoofing, and phishing attacks, and ensures that emails from your domain are trusted by the recipients.

    ✅ Improved Email Deliverability

    DKIM-signed emails are more likely to be delivered to the recipients’ inbox instead of being marked as spam or rejected by email servers. This helps improve the deliverability of your domain’s emails and ensures that your important communications reach the intended recipients.

    ✅ Protection of Domain's Reputation

    Implementing DKIM in Office 365 helps protect your domain’s reputation by preventing unauthorized use of your domain in phishing attacks or spamming activities. This helps maintain the trustworthiness and integrity of your domain, and prevents damage to your brand reputation.

    ✅ Compliance with Industry Standards

    Many regulatory frameworks, such as GDPR, require organizations to implement appropriate security measures to protect the confidentiality, integrity, and availability of personal data. Implementing DKIM in Office 365 helps organizations comply with these industry standards by adding an additional layer of security to their email communication.

    How does DKIM affect email deliverability?

    DKIM (DomainKeys Identified Mail) can have a positive impact on email deliverability. When DKIM is implemented and properly configured in the custom domain of your email server, it adds a digital signature to outgoing emails. This signature verifies the authenticity of the sender and ensures that the email has not been tampered with during transit.

    Email deliverability refers to the ability of an email to successfully reach the intended recipient’s inbox without being marked as spam or rejected by email servers. DKIM can improve email deliverability in the following ways:

    ✅ Authenticity and Trustworthiness

    DKIM adds a digital signature to outgoing emails, which confirms that the email has been sent by a legitimate sender and has not been altered during transit. This helps establish the authenticity and trustworthiness of the sender, and email servers are more likely to accept emails with a valid DKIM signature.

    ✅ Spam Filtering and Email Classification

    Many email servers and spam filters use DKIM as one of the factors to determine the legitimacy of an incoming email. If the email has a valid DKIM signature, it is more likely to be considered legitimate and delivered to the inbox, rather than being marked as spam or rejected. This helps improve the chances of your emails reaching the intended recipients’ inbox.

    ✅ Reputation and Sender Score

    Email servers maintain a reputation score for sending domains and IP addresses based on various factors, including DKIM. A valid DKIM signature can positively impact the sender’s reputation and sender score, indicating to email servers that the sender is trustworthy and legitimate. This can help improve the deliverability of future emails from the same domain or IP address.

    ✅ Protection against Email Spoofing and Phishing

    DKIM helps prevent email spoofing, where unauthorized senders forge the sender’s domain in the email header, by adding a digital signature that can only be generated by the legitimate sender. This helps protect against phishing attacks, where malicious actors try to deceive recipients into revealing sensitive information by pretending to be a legitimate sender. By protecting against email spoofing, DKIM helps maintain the integrity of your domain and prevents your domain from being used in fraudulent activities, which can have a positive impact on email deliverability.

    It’s important to note that while DKIM can positively impact email deliverability, it’s just one of the many factors that email servers and spam filters consider when determining the fate of an email. 

    Other factors such as sender reputation, email content, recipient engagement, and other email authentication methods (e.g., SPF, DMARC) also play a role in email deliverability. 

    Therefore, it’s recommended to implement a comprehensive email authentication strategy that includes DKIM along with other best practices to optimize email deliverability and ensure that your important emails reach the intended recipients’ inbox.

    Improve the deliverability of your emails and maximize your ROI with Warmy.io! 

    Leverage the powerful tools and features Warmy.io to customize your emails for improved performance. Enjoy reliable security and real-time analytics to keep track of campaigns while optimizing based on data-driven decisions. 

    Start using Warmy.io today to send flawless email campaigns with maximum reach!

    Conclusion

    Email validation is an essential aspect of modern email communication, and DKIM is a powerful tool that can help organizations ensure the authenticity and integrity of their outgoing emails. Office 365 provides a user-friendly and robust platform for implementing DKIM in custom domains, offering enhanced email security, improved deliverability, protection of domain reputation, and compliance with industry standards.

    By following the steps outlined in this article and implementing DKIM in Office 365 for email validation in your custom domain, you can enhance the security of your email communication, protect your domain’s reputation, and ensure that your important emails reach the intended recipients’ inbox.

    Scroll to Top