You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-office-365/email-authentication-dkim-configure.md
+12-10Lines changed: 12 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ f1.keywords:
5
5
ms.author: chrisda
6
6
author: chrisda
7
7
manager: deniseb
8
-
ms.date: 05/31/2024
8
+
ms.date: 04/14/2025
9
9
audience: ITPro
10
10
ms.topic: conceptual
11
11
@@ -84,19 +84,19 @@ The rest of this article describes the DKIM CNAME records that you need to creat
84
84
85
85
## Syntax for DKIM CNAME records
86
86
87
-
> [!TIP]
88
-
> You use the Defender portal or Exchange Online PowerShell to view the required CNAME values for DKIM signing of outbound messages using a custom domain. The values presented here are for illustration only. To get the values that are required for your custom domains or subdomains, use the procedures later in this article.
87
+
> [!NOTE]
88
+
> You use the Defender portal or Exchange Online PowerShell to view the required CNAME values for DKIM signing of outbound messages using a custom domain. The values presented here are for illustration only. To get the required values for your custom domains or subdomains, use the procedures later in this article.
89
89
90
90
DKIM is exhaustively described in [RFC 6376](https://datatracker.ietf.org/doc/html/rfc6376).
91
91
92
92
The basic syntax of the DKIM CNAME records for custom domains that send mail from Microsoft 365 is:
93
93
94
94
```text
95
95
Hostname: selector1._domainkey
96
-
Points to address or value: selector1-<CustomDomain>._domainkey.<InitialDomain>
96
+
Points to address or value: selector1-<CustomDomain>._domainkey.<InitialDomainPrefix>.<DynamicPartitionCharacter>-v1.dkim.mail.microsoft
97
97
98
98
Hostname: selector2._domainkey
99
-
Points to address or value: selector2-<CustomDomain>._domainkey.<InitialDomain>
99
+
Points to address or value: selector2-<CustomDomain>._domainkey.<InitialDomainPrefix>.<DynamicPartitionCharacter>-v1.dkim.mail.microsoft
100
100
```
101
101
102
102
- In Microsoft 365, two public-private key pairs are generated when DKIM signing using a custom domain or subdomain is enabled. The private keys that are used to sign the message are inaccessible. The CNAME records point to the corresponding public keys that are used to verify the DKIM signature. These records are known as _selectors_.
@@ -109,7 +109,9 @@ Points to address or value: selector2-<CustomDomain>._domainkey.<InitialDomain>
109
109
110
110
-**\<CustomDomain\>**: The custom domain or subdomain with periods replaced by dashes. For example, `contoso.com` becomes `contoso-com`, or `marketing.contoso.com` becomes `marketing-contoso-com`.
111
111
112
-
-**\<InitialDomain\>**: The \*.onmicrosoft.com that you used when you enrolled in Microsoft 365 (for example, contoso.onmicrosoft.com).
112
+
-**\<InitialDomainPrefix\>**: The custom part of the \*.onmicrosoft.com you used when you enrolled in Microsoft 365. For example, if you used `contoso.onmicrosoft.com`, the value is `contoso`.
113
+
114
+
-**\<DynamicPartitionCharacter\>**: A dynamically generated character.
113
115
114
116
For example, your organization has the following domains in Microsoft 365:
115
117
@@ -121,18 +123,18 @@ You need to create two CNAME records in DNS in each custom domain, for a total o
121
123
-**CNAME records in the cohovineyard.com domain**:
122
124
123
125
**Hostname**: `selector1._domainkey`<br>
124
-
**Points to address or value**: `selector1-cohovineyard-com._domainkey.cohovineyardandwinery.onmicrosoft.com`
126
+
**Points to address or value**: `selector1-cohovineyard-com._domainkey.cohovineyardandwinery.n-v1.dkim.mail.microsoft`
125
127
126
128
**Hostname**: `selector2._domainkey`<br>
127
-
**Points to address or value**: `selector2-cohovineyard-com._domainkey.cohovineyardandwinery.onmicrosoft.com`
129
+
**Points to address or value**: `selector2-cohovineyard-com._domainkey.cohovineyardandwinery.n-v1.dkim.mail.microsoft`
128
130
129
131
-**CNAME records in the cohowinery.com domain**:
130
132
131
133
**Hostname**: `selector1._domainkey`<br>
132
-
**Points to address or value**: `selector1-cohowinery-com._domainkey.cohovineyardandwinery.onmicrosoft.com`
134
+
**Points to address or value**: `selector1-cohowinery-com._domainkey.cohovineyardandwinery.r-v1.dkim.mail.microsoft`
133
135
134
136
**Hostname**: `selector2._domainkey`<br>
135
-
**Points to address or value**: `selector2-cohowinery-com._domainkey.cohovineyardandwinery.onmicrosoft.com`
137
+
**Points to address or value**: `selector2-cohowinery-com._domainkey.cohovineyardandwinery.r-v1.dkim.mail.microsoft`
136
138
137
139
## Configure DKIM signing of outbound messages in Microsoft 365
0 commit comments