DKIM Manger Download:
Or pull from GitHub here: DKIM Manager on GitHub
Everyone should be trying to improve their email security setup and using DKIM (Domain Keys Identified Mail). DKIM works by the sending server adding an encrypted version of the email header into the email. The recipient server can then look at your public DKIM keys published in DNS and decrypt the header and compare it to the original.
If they match then the recipient can be confident that the email did come from an authorised source which in this case will be Microsoft 365. Using DKIM, DMARC and SPF records together greatly improve the authority and deliverability of your emails since the recipient can be sure that your emails are being sent from a legitimate source and not spoofed or forged in some way.
To make setting up DKIM on Microsoft 365 domains easier I created this little tool I call DKIM Manager.
Simply open up a Powershell console by running it as administrator then cd to the location of the script.
In my case I type: cd c:\scripts
Then run the script typing: .\DKIMManager.ps1
DKIM Manager will install the required modules so press Y if asked to install the required modules.
After that you will be presented with this screen asking you to press any key and login to the tenant where you want to enable DKIM.
Once logged in you will need to select a domain to work with.
Press 1 and enter to enter the domain menu.
Select the domain you with to enable DKIM on and press enter.
In my case, email is being sent from darkscrolls.co.uk so I selection 2 and press enter.
Now we use option 2 to setup a new DKIM policy and retrieve the required DNS CNAME records needed to setup DKIM.
This is the best part of the script, it will tell you exactly what CNAME records you need to enter into DNS.
Add the two CNAME records into your domain. In my case the script tells me to create the following CNAME records.
Points to: selector1-DarkScrolls-co-uk._domainkey.darkscrolls.onmicrosoft.com
Points to: selector2-DarkScrolls-co-uk._domainkey.darkscrolls.onmicrosoft.com
Log into your domain name host and add the CNAME records.
Next in DKIM Manager use option 3 to enable DKIM.
You can see here a message that the DNS has not replicated yet so you may have to wait a few hours before you can enable DKIM. Come back and run the script again choosing option 3.
Once the DNS has replicated correctly the script will successfully enable DKIM on the domain.