Microsoft 365beginner5 Min read time

How to Setup SPF and DKIM for Microsoft Office 365

Microsoft Office 365 SPF and DKIM Setup Guide | Dmarclytics

This guide outlines the steps to configure Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) for your domain in Microsoft Office 365, ensuring compliance with Domain-based Message Authentication, Reporting, and Conformance (DMARC) standards.

Prerequisites:

  • A domain should have only one SPF record.
  • Administrator access to Microsoft Office 365.
  • Administrator access to your DNS provider.

SPF Setup:

Identify existing SPF Record:

Check if your domain already has an SPF record by querying your DNS records here.

Add or Modify SPF Record:

If no SPF record exists, create one with the following value:
Hostname:

@


Value:

v=spf1 include:spf.protection.outlook.com ~all

If an SPF record exists, modify it to include Microsoft’s SPF record:

v=spf1 include:example.com include:spf.protection.outlook.com ~all

DKIM Setup:

  1. Sign in to the Microsoft Defender portal and navigate to:
    Email & collaboration > Policies & rules > Threat policies > Email authentication settings
    (Direct link: https://security.microsoft.com/authentication)
  2. In the Email authentication page, select the DKIM tab.
  3. Locate the domain you want to configure and click on it.
  4. In the domain settings, toggle Sign messages for this domain with DKIM signatures to On.
  5. A dialog will open, displaying two required CNAME records.
  6. Open your domain’s DNS settings in another tab and create the required CNAME records.
  7. Return to the Microsoft Defender portal and confirm that Sign messages for this domain with DKIM signatures is enabled.

Verification:

Once enabled, verify the following in the DKIM settings page:

  • Sign messages for this domain with DKIM signatures is set to Enabled.
  • Status displays Signing DKIM signatures for this domain.
  • Rotate DKIM keys is available as an option.
  • Last checked date is recent

Use tools like dmarclytics.io to verify your SPF and DKIM configurations.​

Support:

For assistance, contact us via live chat or submit a support ticket.​

By implementing these steps, your domain will be configured for DMARC compliance, enhancing email security and deliverability.

Need hands-on help?

Our team can walk you through this setup live — free on every plan.

Talk to Support →← All Articles