Microsoft Office 365

How to set up DMARC for Microsoft Office 365 in Valimail

Updated over a week ago
SPF(supported)
DKIM(recommended)

This article covers the SPF and DKIM authentication processes for Microsoft Office 365 and how they are managed in Valimail. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.

Configuring DKIM authentication for your Microsoft Office 365 emails

All the accepted domains of your tenant will be shown in the Microsoft 365 Defender portal under the DKIM page. If you do not see it, add your accepted domain from domains page. Once your domain is added, follow the steps as shown below to configure DKIM.

Step 1: On the DKIM page, select the domain you wish to configure.

Selected domain to configure

Step 2: Slide the toggle to Enable. You will see a pop-up window stating that you need to add CNAME records.

Create DKIM Keys button

Step 3: Copy the CNAMES shown in the pop up window.

Copy the DKIM records

Step 4: Publish the copied CNAME records to your DNS service provider.

Important: If you manage DKIM in Valimail, you will need to add the resulting 2 CNAME keys on your domain's Configuration page in Valimail Enforce.

Step 5: Return to DKIM page to enable DKIM.

Click to enable DKIM

You can also find the instructions on how to turn on DKIM in M365 for you domain, here.

Adding the Microsoft Office 365 DKIM keys in Valimail

You can find more detailed information on how to add a DKIM key in Valimail, here:

Configuring SPF authentication for your Microsoft Office 365 emails

Once you establish that Microsoft Office 365 is an authorized sender for your domain, you will need to add the service in your Enabled Senders.

You will find more detailed information on how to add a service for your domain in Valimail, here:

Note: We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.

Note: You may notice that M365 emails are not authenticated via SPF, even after you have added M365 to your domain's configuration. This is likely caused by M365 not sending SPF aligned-mail and can be corrected by making sure SPF alignment for your domain has been turn on in M365.

Enable SPF alignment in Microsoft Office 365 for your domain

You can find out more details on how to make sure SPF alignment is enabled for your domain in Microsoft Office 365, here.

Did this answer your question?