Skip to content

Update email-authentication-dkim-configure.md #295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 6 commits into from
Closed

Update email-authentication-dkim-configure.md #295

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7fa3d5a
Update email-authentication-dkim-configure.md
mariammorgan Jun 19, 2025
401a86a
Update email-authentication-dkim-configure.md
chrisda Jun 19, 2025
983095c
Merge branch 'public' into patch-1
chrisda Jun 19, 2025
5421411
Merge branch 'public' into patch-1
mariammorgan Jun 24, 2025
73f11db
Merge branch 'public' into patch-1
chrisda Jun 24, 2025
dc0baad
Merge branch 'public' into patch-1
chrisda Jun 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 18 additions & 2 deletions defender-office-365/email-authentication-dkim-configure.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ f1.keywords:
ms.author: chrisda
author: chrisda
manager: deniseb
ms.date: 04/14/2025
ms.date: 06/19/2025
audience: ITPro
ms.topic: how-to

Expand Down Expand Up @@ -109,7 +109,23 @@ Points to address or value: selector2-<CustomDomainWithDashes>._domainkey.<Initi
- **Hostname**: The values are the same for all Microsoft 365 organizations: `selector1._domainkey` and `selector2._domainkey`.
- **\<CustomDomainWithDashes\>**: The custom domain or subdomain with periods replaced by dashes. For example, `contoso.com` becomes `contoso-com`, or `marketing.contoso.com` becomes `marketing-contoso-com`.
- **\<InitialDomainPrefix\>**: The custom part of the \*.onmicrosoft.com you used to enroll in Microsoft 365. For example, if you used `contoso.onmicrosoft.com`, the value is `contoso`.
- **\<DynamicPartitionCharacter\>**: A dynamically generated character that's used for both selectors.
- **\<DynamicPartitionCharacter\>**: A dynamically generated character (for example, r or n) that's used for both selectors. The value is automatically assigned by Microsoft when you add a new custom domain and enable DKIM. The value is determined by Microsoft's internal routing logic and isn't configurable.
- This value is part of the updated DKIM record format for new custom domains in Microsoft 365 introduced in May 2025. Existing custom domains and initial domains continue to use the old DKIM format:

```text
Hostname: selector1._domainkey
Points to address or value: selector1-contoso-com._domainkey.contoso.onmicrosoft.com

Hostname: selector2._domainkey
Points to address or value: selector2-contoso-com._domainkey.contoso.onmicrosoft.com
```

- **The old and new and old formats can't coexist for the same selector**. To retrieve the correct DKIM CNAME values for a domain, including the assigned \<DynamicPartitionCharacter\> value, replace contoso.com with the domain value, and then run the following command in [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell):

```powershell
Get-DkimSigningConfig -Identity contoso.com | Format-List Name,Enabled,Status,Selector1CNAME,Selector2CNAME
```

- **v1**: The current CNAME format version that's used for both selectors.
- **dkim.mail.microsoft**: The parent DNS zone that's the same for both selectors.

Expand Down