Microsoft 365 from GoDaddy Help

Enable and add DKIM to my domain for Microsoft 365

Adding DomainKeys Identified Mail (or DKIM) to your DNS settings signs your emails so that anything sent from your organization is trusted by receiving email systems. It's another way to tell your recipients that it's really you sending the messages, and not someone impersonating you. You'll need to create DKIM keys, add the records to your DNS and then enable it.

Required: You need admin permissions to create and add DKIM records to your organization. If needed, you can change your Microsoft 365 user's admin permissions.

Select the appropriate link depending on whether you have Microsoft 365 or Microsoft 365 with Advanced Email Security from Proofpoint. (If you have Advanced Email Security powered by INKY, select Microsoft 365):

Step 1: Create your DKIM keys

First, we'll access your Defender Portal to generate your DKIM keys.

  1. Sign in to the Microsoft 365 Defender Portal. Use your Microsoft 365 email address and password (your GoDaddy username and password won't work here).
  2. Under DomainKeys Identified Mail (DKIM), select your domain name. (Make sure to select the domain name itself, and not the checkbox next to it.) A window will open on the rightmost side.
    The DKIM page with an example domain name highlighted.
  3. Select Create DKIM keys. The keys will be generated as CNAME records.
  4. Select Copy. The hostname and value of both records will be copied to your clipboard. You'll need the records in the next step, so we recommend pasting them into another document.

Step 2: Add the records to your DNS

Next, we'll add your keys to your DNS as CNAME records. These steps are for domains with DNS managed at GoDaddy. If your domain is not with GoDaddy, you'll need to update your records with your DNS provider.

  1. In your web browser, open a new tab.
  2. Sign in to your GoDaddy Domain Portfolio. (Need help logging in? Find your username or password.)
  3. Under Domain Name, select your domain.
  4. Under your domain name, select DNS.
  5. Select Add New Record, and then enter the details of your first record:
    • Type: Select CNAME.
    • Name: Using the first key that you generated in step 1, enter the hostname.
    • Value: Using the first key that you generated in step 1, enter the value.
    • TTL: Leave it as Default.
  6. Select Add More Records.
  7. Repeat the steps to add your second CNAME record.
  8. Select Save All Records.

Both records will be saved to your DNS. Most DNS changes take effect within an hour but could take up to 48 hours to update globally.

Step 3: Enable DKIM

Lastly, we'll go back to the Defender Portal to enable DKIM for your organization.

  1. Sign in to the Microsoft 365 Defender Portal. Use your Microsoft 365 email address and password (your GoDaddy username and password won't work here).
  2. Under DomainKeys Identified Mail (DKIM), select your domain name. A window will open on the rightmost side.
  3. Turn on the Sign messages for this domain with DKIM signatures toggle. Your changes will save.
  4. Select OK.

If the DKIM records that you added were detected, the toggle will be enabled and your DKIM will be set up.

If your DKIM records were not detected and you see an error, double-check that you entered the CNAME records correctly. Allow up to 48 hours for your records to fully propagate.

Required: Microsoft 365 automatically sets up DKIM for initial onmicrosoft.com domains (for example, coolexample.onmicrosoft.com). However, if you have more than one domain in your organization, repeat these steps for each domain.
Back to top

Microsoft 365 with Advanced Email Security from Proofpoint

Required: Before continuing, please contact our GoDaddy Guides so we can give you access to the Domains section of Advanced Email Security. We're working on ways to give you access automatically in the future, but you'll need to contact us in the meantime.

Step 1: Create your DKIM key

Access your Advanced Email Security dashboard to generate your DKIM key.

  1. Sign in to Advanced Email Security. Use your Microsoft 365 email address and password (your GoDaddy username and password won't work here).
  2. Under Administration, select Account Management, and then Domains.
  3. Select your domain, then The vertical three-dot or ellipses icon. More options, and then Configure DKIM. A menu will open on the rightmost side of your screen.
  4. Select Create New DKIM Screening Key. A value will be generated for the selector, which is used to locate the public key in your DNS. You can change it or leave it as is.
  5. Select Create. You'll see a hostname and value listed.
  6. Next to Host and Value, select Copy. You'll need both in the next step, so we recommend pasting them into another document.

Step 2: Add the record to your DNS

Next, we'll add the key as a TXT record to your DNS. These steps are for domains with DNS managed at GoDaddy. If your domain is not with GoDaddy, you'll need to update your records with your DNS provider.

  1. In your web browser, open a new tab.
  2. Sign in to your GoDaddy Domain Portfolio. (Need help logging in? Find your username or password.)
  3. Under Domain Name, select your domain.
  4. Under your domain name, select DNS.
  5. Select Add New Record.
  6. Add the TXT record to your DNS.
    • Type: Select TXT.
    • Name: Using the key you generated in step 1, enter the host name (it should start with "selector").
    • Value: Using the key you generated in step 1, enter the value.
    • TTL: Leave it as Default.
  7. Select Save.

The record will be saved to your DNS. Most DNS changes take effect within an hour but could take up to 48 hours to update globally.

Step 3: Enable DKIM

Lastly, we'll go back to Advanced Email Security from Proofpoint to verify that the record was added correctly.

  1. Go back to Advanced Email Security.
  2. On the rightmost side of your screen, next to your DKIM record, select The vertical three-dot or ellipses icon. More options, and then Verify Key.

After the key is verified, DKIM will be enabled for your domain.

Back to top

Related steps

More info

Share this article