Forum Discussion

Eric Rintell's avatar
Eric Rintell
Copper Contributor
Nov 07, 2024

DMarc/DKIM Issues

I have enabled DKIM in Microsoft 365, and according to Microsoft 365 Defender page, it is enabled and valid for my Exchange domains. I have created a TXT _dmarc record: v=DMARC1; p=quarantine; pct=...
exchange online
office 365
MarissaMa's avatar
MarissaMa
Iron Contributor
Apr 23, 2025

1. Verify the current configuration
powershell
Get-DkimSigningConfig -Identity yourdomain.com | FL Enabled,Selector1,Selector2
Normal state: Enabled = True and at least one Selector is valid.

2. Fix DKIM Signing
powershell.
# Enable DKIM
Set-DkimSigningConfig -Identity yourdomain.com -Enabled $true -Selector1 “selector1”  
You need to add the corresponding CNAME record in DNS (e.g. selector1._domainkey.yourdomain.com).

3. Adjust DMARC policy
Modify the DMARC record in DNS as:

text
_dmarc.yourdomain.com. IN TXT “v=DMARC1; p=none; sp=none; rua=mailto:email address removed for privacy reasons”
Production environments are advised to eventually change to p=quarantine or p=reject.

4. Verify the fix
powershell
Test-EmailAutoConfiguration -Identity email address removed for privacy reasons -Protocol DMARC,DKIM
Check if the returned result contains Status=Pass.