Do you know about DKIM (Domain Keys Identified Mail)? It is a digital signature of the sender that is linked with the email so the receiving server can identify it and associate it with the sender. This removes any doubt about the authenticity of the message, otherwise, the message is considered as a spam. This helps securing email delivery system and keeps the cybercrime at bay. BRILLIANT!
What is DKIM signing?
I am going to be very brief in describing and defining DKIM and DMARC as we have discussed in detail before. But in case you haven’t heard about it, you just should use it, no excuses!
Our real focus of discussion here is the process of signing with Office 365. Office 365 is a subscription plan, through which it manages the Office applications and other services that are connected to Internet. They are handling business as well as MS Office, MS Excel and MS PowerPoint etc. are associated frequently with email used for sending simple messages or documents. These business emails that are sent from point A to Point B have very good chances of being phished unless preventive measures are taken. DKIM is just what the doctor ordered. It looks a little complicated process at first, but if you follow a few simple steps, it will get you through the whole process and save you from any future losses.
DNS being Domain Name Servers are like phonebook of Internet used to store signatures of every email sent. If however, you don’t want to use DNS of Office 365, it has the unique system in place to implement DKIM. Here are the steps to be taken.
Steps to Signing DKIM with Office 365
There are two steps to be taken to configure this protocol (Micrososft, 2016):
- Publish two CNAME records in DNS for your custom domain
- Enable signing in Office 365 for your custom domain
Publishing CNAME-records for custom domains
The first step of setting up DKIM in Office 365 is to publish CNAME for custom domains. For each custom domain, two CNAME records are needed to be published. CNAME record is used by DNS to specify that the official name of a domain an alias for another domain name. If you are providing additional custom domains beside the initial domain in Office 365, you have to publish two CNAME records for each addition that you make. (Tzink, October 2015).
Enabling Domain Mail Signing manually in Office 365
Once you have published the required CNAME records in DNS, you can enable signing manually through Office 365 via admin center of PowerShell. Here are simple steps to enable DKIM.
- Sign in to Office 365 with your account at work or school.
- Select the app launcher icon and click on Admin.
- Expand Admin and choose Exchange option in it.
- Navigate to Protection>
- Select the domain for which you want to enable DKIM and then, for Sign messages for this domain with DKIM signatures, click on Enable. Repeat the same procedure for each custom domain you want to enable signing for.
Note: According to Microsoft’s (2016) official site, DKIM works better with SPF and DMARC. If you have set up signing without setting up SPF, it is highly recommended to do so.
Tzink (2015, October 8). Manually hooking up DKIM signing in Office 365. Retrieved January 10, 2017, from https://blogs.msdn.microsoft.com/tzink/2015/10/08/manually-hooking-up-dkim-signing-in-office-365/
Micrososft, (2016, July 6). Learn more about how to use DKIM with your custom domain in Office 365. Retrieved January 10, 2017, from https://technet.microsoft.com/en-us/library/ms.exch.eac.dkimdisabled(v=exchg.150).aspx