Source guide

Make Microsoft 365 DMARC-compliant

How to authenticate Microsoft 365 as a sender on your domain - so its mail passes SPF, DKIM and DMARC, and you can safely reach enforcement.

Three steps to authenticate Microsoft 365

Microsoft 365 needs to pass SPF and DKIM, and align with your domain so DMARC passes. Here’s how – confirm the exact values against Microsoft 365’s current documentation as you go.

Step 1 · SPF

Add Microsoft 365 to your SPF record

SPF lists the services allowed to send as your domain. Add Microsoft 365’s include to your existing SPF record – don’t create a second SPF record, merge it into the one you have.

Watch the 10-lookup limit: every include counts, and going over makes SPF fail silently. Hosted SPF keeps you safely under it automatically.

Add this mechanism to your SPF record

include:spf.protection.outlook.com
Step 2 · DKIM

Turn on DKIM signing

DKIM cryptographically signs each message so receivers can prove it really came from you and wasn’t tampered with. In the Microsoft 365 Defender portal, enable DKIM signing and publish the two selector1._domainkey and selector2._domainkey CNAME records Microsoft provides.

DKIM is what keeps you authenticated even when a message is forwarded – so it’s worth getting right. More on how DKIM works →

  • Enable DKIM inside Microsoft 365
  • Publish the DNS records it gives you
  • Wait for it to verify, then send a test
Step 3 · DMARC

Confirm alignment, then enforce

With SPF and DKIM set up, check that Microsoft 365 aligns – that the authenticated domain matches your visible From address. Once every legitimate sender aligns, you can move DMARC to p=reject safely.

DMARCER’s enforcement journey shows you exactly when it’s safe to advance – no guesswork.

Good to know

Exchange Online / Microsoft 365 is one of the most common senders you'll need to authenticate.

Check you got it right

Look up your records instantly, or run a full free check to confirm Microsoft 365 passes SPF, DKIM and DMARC – and get your score out of 100.

Check SPF Full free check

More source guides

Google Workspace →

Business email

Zoho Mail →

Business email

SendGrid →

Transactional & developer

Free domain check

Check your domain security

See how your domain's security compares to your competitors.