Microsoft 365 settings for SPF, DKIM and DMARC
Secure your email service and users by automatically generating the settings for Microsoft 365 DNS fields
Making your email more secure
All of the required DNS fields can be found below (correct as of 17/11/2021). Your msoid will be provided by Microsoft and is fairly simple to set up.
You can use the form below to set up your MX, DKIM and DMARC required records. It is recommended to leave the SPF and DKIM records for a couple of days before adding DMARC.
To enable DKIM in office follow this to Microsoft 365 Defender, it normally takes 5 minutes to pick up the change. Click on the relevant domain and click enable.
The DMARC record created below is very strict, there are other options you can use, this article on Google explains it well.
| Record Type | Lookup | Value | TTL |
|---|---|---|---|
| TXT | @ | MS=ms******* | 300 |
| CNAME | msoid | clientconfig.microsoftonline-p.net | 300 |
| CNAME | autodiscover | autodiscover.outlook.com | 300 |
| CNAME | enterpriseenrollment | enterpriseenrollment.manage.microsoft.com | 86400 |
| CNAME | enterpriseregistration | enterpriseregistration.windows.net | 86400 |
| CNAME | sip | sipdir.online.lync.com | 86400 |
| CNAME | lyncdiscover | webdir.online.lync.com | 86400 |
| SRV | _sip._tls | 100 1 443 sipdir.online.lync.com | 86400 |
| SRV | _sipfederationtls._tcp | 100 1 5061 sipfed.online.lync.com | 86400 |
| TXT | @ | v=spf1 include:spf.protection.outlook.com -all | 86400 |
| MX | @ | 86400 | |
| CNAME | selector1._domainkey | 3600 | |
| CNAME | selector2._domainkey | 3600 | |
| TXT | _dmarc | 86400 |
