How to authenticate SPF, DKIM and DMARC for Microsoft 365?

Yes, authentication of SPF, DKIM and DMARC for Microsoft 365 is now needed more than ever. Especially since the changes to the email sender policies by Google and Yahoo. And we at feel its a step in the right direction.

So, let’s start with understanding what they are and how they help.

⁤Your inbox needs security! Just like airports, your email needs protection from imposters trying to sneak in. That’s where SPF, DKIM, and DMARC come in: they’re the security team.

These three tools work together to check the IDs of every email that arrives. They verify if the sender is who they claim to be, stopping sneaky phishers and spammers in their tracks.

Think of it like this:

  • SPF (Sender Policy Framework) confirms if the email comes from a recognized sender.
  • DKIM (DomainKeys Identified Mail) adds a digital signature, like a tamper-proof seal, ensuring the email hasn’t been altered.
  • DMARC (Domain-based Message Authentication, Reporting & Conformance)  tells your inbox what to do with emails that fail the checks – send them to spam, send them back, or simply toss them out.

Without these security measures, spammy and dubious emails might slip through, potentially harming your inbox and your data. So, keep your email safe and sound by authenticating SPF, DKIM, and DMARC

Stop Spam and Boost Trust: Benefits of Email Authentication

Tired of your emails landing in spam folders? 

Say goodbye to that frustration with SPF, DKIM, and DMARC! These powerful tools unlock more than just complying with Microsoft 365 policies:

1. Inbox delivery like a dream:

No more wondering if your emails reached their destination. Authentication significantly increases the chances of your messages landing straight in primary inboxes, maximizing your communication impact.

2. Spammers? Not on your watch! ️

By tightening security, these protocols make it much harder for spammers to pretend to be you. This protects your brand reputation and keeps your prospects or recipients safe from malicious content.

3. Build trust, build relationships 

By implementing these advanced safeguards, you show your commitment to secure email communication. This builds trust and confidence with your audience, strengthening your overall relationships.

Remember, secure emails lead to better communication, stronger connections, and less frustration.

Steps to authenticate SPF, DKIM, and DMARC for Microsoft 365

Forget the confusing terms! Setting up SPF, DKIM, and DMARC for your Microsoft 365 account is easier than you think. 

Here are the steps to authenticate SPF, DKIM, and DMARC for Microsoft 365 accounts:

SPF Authentication 

  1. Locate your SPF record: Open your DNS Manager website next select the domain on which you want to set up SPF. After selecting the domain, you should find the Manage DNS or Manage button and click on it.

    Next you would need to add a TXT record for SPF. Click Add and select type as TXT record.

For reference: Enter these values on the page or form for your domain provider’s TXT records:

Field nameValue to enter
Host@Note: If you’re adding an SPF record for a subdomain, enter the subdomain instead of @. Read Apply an SPF record to subdomain with the Host setting for more information.
ValueIf you only send email from Microsoft 365, enter this SPF record:v=spf1 -all
  1. Add the SPF record to your DNS: Access your domain’s DNS settings and create a TXT record with the value provided by Microsoft or mentioned above.

DKIM Authentication 

  1. Generate a DKIM key: In the same section of the Admin console, click “Generate new record.”
  2. Add a CNAME record with host name as : selector1._domainkey
    Points to = selector1-[yourdomain]-com._domainkey.[yourdomain]
    TTL = 1 hour or 3600
  3. Add another CNAME record with hostname as : selector2._domainkey
    Points to = selector2-[yourdomain]-com._domainkey.[yourdomain]
    TTL = 1 hour or 3600

DMARC Authentication 

Prior to configuring DMARC, it is essential to confirm the functionality of SPF and DKIM for a minimum of 48 hours.

To implement DMARC, add a DNS TXT record or modify an existing one by entering the record in the TXT record for _dmarc:

  • TXT record name: Under the DNS Hostname, input:

Please note that certain domain hosts may automatically append the domain name after _dmarc. After adding the TXT record, it is advisable to verify the DMARC TXT record name to ensure proper formatting.

  • TXT record value – In the second field, enter the text for your DMARC record, such as: 

v=DMARC1; p=none;

It is important to note that, 

  • Field names may differ depending on your DNS provider. Variations in DNS TXT record field names are common across different providers
  • The domain used here is an example domain. Replace with your own domain.

Important Considerations for Microsoft 365 Authentication

When running email authentication procedures, it is crucial to keep the following key points in mind:

  • Establish SPF and DKIM configurations before implementing DMARC for optimal effectiveness.
  • DNS changes may take up to 48 hours to propagate, so be patient and plan accordingly.
  • Initiate with a “none” or “quarantine” policy, and transition to a “reject” policy after careful monitoring.
  • Apply the authentication process to each domain under your management individually.

Additional Insights for Microsoft 365 Authentication

For comprehensive guidance on setting up SPF, DKIM, and DMARC, always refer to the specific instructions provided in the Microsoft 365 documentation:

i) SPF Configuration

ii) DKIM Setup

iii) DMARC Implementation

In case of uncertainty, seek advice from a technical expert or consult with your IT administrator. Additionally, staying informed about current best practices and updates in email authentication is essential for maintaining security standards.

Loved it? Spread it across!
Scroll to Top