Microsoft 365 from GoDaddy

Microsoft 365 from GoDaddy Help

Enable and add DKIM to my domain for Microsoft 365

Adding DomainKeys Identified Mail (DKIM) to your DNS settings signs your emails so that anything sent from your organization is trusted by email systems that receive your messages. It's another way to tell your recipients that it's really you sending the message, and not someone impersonating you. You'll need to create DKIM keys, add the records to your DNS and then enable it in your Microsoft 365 Defender Portal.

Note: If you have Advanced Email Security from Proofpoint, you cannot add DKIM records to your organization using these steps. Please contact our GoDaddy Guides for help.

Step 1: Create your DKIM keys

First, we'll access your Defender Portal to generate your DKIM keys.

Required: You need admin permissions to create and add DKIM records to your organization.
  1. Sign in to the Microsoft 365 Defender Portal. Use your Microsoft 365 email address and password (your GoDaddy username and password won't work here).
  2. Under DomainKeys Identified Mail (DKIM), select your domain name. (Make sure to select the domain name itself, and not the checkbox next to it.) A window will open on the rightmost side.
    The DKIM page with an example domain name highlighted.
  3. Select Create DKIM keys. The keys will be generated as CNAME records.
  4. Select Copy. The hostname and value of both records will be copied to your clipboard. You'll need the records in the next step, so we recommend pasting them into another document.

Step 2: Add the records to your DNS

Next, we'll add your keys to your DNS as CNAME records. These steps are for domains with DNS managed at GoDaddy. If your domain is not with GoDaddy, you'll need to update your records with your DNS provider.

  1. In your web browser, open a new tab.
  2. Sign in to your GoDaddy Domain Portfolio. (Need help logging in? Find your username or password.)
  3. Under Domain Name, select your domain.
  4. Under your domain name, select DNS.
  5. Select Add New Record, and then enter the details of your first record:
    • Type: Select CNAME.
    • Name: Using the first key that you generated in step 1, enter the hostname.
    • Value: Using the first key that you generated in step 1, enter the value.
    • TTL: Leave it as Default.
  6. Select Add More Records.
  7. Repeat the steps to add your second CNAME record.
  8. Select Save All Records.

Both records will be saved to your DNS.

Step 3: Enable DKIM

Lastly, we'll go back to the Defender Portal to enable DKIM for your organization.

  1. Sign in to the Microsoft 365 Defender Portal. Use your Microsoft 365 email address and password (your GoDaddy username and password won't work here).
  2. Under DomainKeys Identified Mail (DKIM), select your domain name. A window will open on the rightmost side.
  3. Turn on the Sign messages for this domain with DKIM signatures toggle. Your changes will save.
  4. Select OK.

If the DKIM records that you added were detected, the toggle will be enabled and your DKIM will be set up.

If your DKIM records were not detected and you see an error, double-check that you entered the CNAME records correctly. Allow up to 48 hours for your records to fully propagate.

Required: Microsoft 365 automatically sets up DKIM for initial onmicrosoft.com domains (for example, coolexample.onmicrosoft.com). However, if you have more than one domain in your organization, repeat these steps for each domain.

Related steps

More info

Share this article