How to create DKIM record for your domain(s) in office 365

Created by Abderrahim Ibnou el kadi, Modified on Fri, 17 Sep 2021 at 04:18 PM by Abderrahim Ibnou el kadi


While using Proofpoint Essentials (PPE) you can decide to either use DKIM signing using office365 or Proofpoint Essentials or both at the same time.

 In this case KB we will focus on creating DKIM on office365 so we can make sure outbound message(s) is DKIM signed from office365 to make sure it is not altered on its way out to the recipient(s)

To see how to create DKIM on Proofpoint click <here>


In the Exchange Admin Center:

1. click the “Classic Exchange Admin Center



2. Click on “Protection” then “DKIM” and on the main display of domain list, select the specific domain and notice on the right pane if the DKIM feature is enable or disable




If the DKIM is disabled and you want to Enable it, you will need extract from office365 your TWO CNAME records using the following :

a.  connect to Office365 through PowerShell by clicking <here>


b. Run the following command: 

Get-DkimSigningConfig -Identity | Format-List



Host name

Points to address or value



3. Go to your DNS  portal and add both CNAMES and wait few minutes (this will depend on the DNS       provider you are using) for the new records to propagate


4. Once they get propagated in the DNS world, then you can activate DKIM from the “Classic Exchange Admin Center” and click on “Protection” then select "dkim"


 If you prefer PowerShell command line to activate DKIM, you can run the command below:

Set-DkimSigningConfig -Identity -Enable $true

5- To verify is all is set correctly run the following PowerShell cmdlet

Get-DkimSigningConfig -Identity | Format-List

If you get results resembling to the below it mean that you are all set, if not then revise the Steps above.