Exchange Online is an email service delivered as a part of the Office 365 suite of applications and services.

To enable Exchange Online to send authenticated mail from your domain your SPF and DKIM settings must be enabled.

Table of Contents
  1. Exchange Online SPF Setup
  2. Exchange Online DKIM Setup
    1. Generate DKIM Key
    2. Publish DKIM Record
    3. Enable DKIM Signing

1. Exchange Online SPF Setup

Please note that the following SPF changes should only be applied to the Sendmarc record within Sendmarc and not the hosting provider.

Include String
Office 365 SPF Record
v=spf1 -all

2. Exchange Online DKIM Setup

2.1 Enable DKIM Signing

1. Sign in to the Office 365 portal using a Global Admin account

2. Click "Admin".

3. Click "Admin Centres" and click "Exchange".

4. Click "Protection" and select the "DKIM" tab.

5. Select the domains for which you want to enable DKIM, then choose "Enable".

2.2 Publish DKIM Keys

1. Once the key is generated, you will need to load the key into the Sendmarc DKIM manager as two separate CNAME records.

This will resemble the below:

TypeHostCNAME ValueTTL
CNAMEselector1._domainkeyselector1-<domainGUID>._domainkey.<initialDomain>1 hour (Default)
CNAMEselector2._domainkeyselector2-<domainGUID>._domainkey.<initialDomain>1 hour (Default)

In the above example,  represents the domain that we would normally consider our domain (e.g., while <initialDomain> refers to the domain that was used when the sign up for Office 365 initially occurred (this always ends in This detail can be found in the Exchange Admin Center under 'Domains'.

2.3 Enable DKIM Signing

1. Once the key is published, return to Office 365 Admin Center and ensure signing is occurring as expected.