Read time: 5 minutes
In today’s digital landscape, the surge in cyber threats poses a significant challenge for mail administrators. This ongoing battle has intensified due to the proliferation of phishing campaigns launched by attackers. Fortunately, technological advancements have introduced new standards to bolster protection against these malicious endeavors.
In safeguarding against various cyber threats, such as email spoofing and phishing attacks, it is imperative for every organization to implement DKIM within Microsoft 365. As email usage and capabilities continue to expand, configuring this protocol in Microsoft 365 becomes crucial to verify the legitimacy of incoming mail. DKIM (DomainKeys Identified Mail), part of the trio of authentication protocols alongside SPF and DMARC, involves adding a digital signature to all outgoing email messages. The recipient’s server then verifies these signatures to authenticate the sender’s domain. Additionally, DKIM employs a private key to encrypt the email header of outbound messages.
This protocol can sometimes result in the sender’s emails being redirected to spam or junk folders, typically occurring when the sender’s domain fails to pass the authentication tests.
The configuring of the specific protocol to Microsoft 365 doesn’t require in the below two cases:
If your situation doesn’t fall into the categories mentioned above, you can manually configure it in Microsoft 365. This process involves several steps, such as creating two DKIM records, publishing them for your custom domain in DNS, and enabling the signing.
Creating records for this specific protocol is crucial as it associates an alias name with a particular domain name. To set up a custom domain, you need to create records that link back to the initial domain. These records follow this format:
If the company domain is xyz.com, you need to create below two records:
When adding a custom domain alongside the default domain, it’s necessary to publish two records for the custom domain. To achieve this, follow the format below for these records:
After completing the previous steps, it’s time to enable signing in Microsoft 365. You can achieve this using one of two methods: Microsoft 365 Defender or PowerShell.
If you want to enable this signing using the Defender portal, you must follow the below steps:
If you receive error messages while enabling the signing using the Microsoft 365 Defender portal, another method is also available, i.e., PowerShell.
You can also use PowerShell to enable signing in Microsoft 365. For this, you must follow the below steps:
Many organizations implement this protocol in Microsoft 365 to secure mail delivery to client and customer mailboxes. You may have noticed that some incoming emails from a specific domain end up in your spam or junk folder. Ever wondered what causes this? Well, it’s this protocol at work. It comes into play when the domain of the incoming mail fails the authentication tests. You can consider it as an effective authentication method to secure Office 365 mailboxes.
Before implementing this authentication protocol in Microsoft 365, it’s advisable to back up your mailboxes to safeguard against data loss. You can utilize a reliable tool like Kernel Office 365 Backup & Restore capable of backing up your private mailboxes, shared mailboxes, archive mailboxes, and Microsoft 365 groups. With this, you can rest assured that your data can be easily restored in case of data loss.