OutlioDashboard
6 min read

SPF, DKIM, and DMARC for Microsoft 365

Configure Microsoft 365 authentication.

Overview

Microsoft 365 domains typically use SPF plus two DKIM CNAME records from the Microsoft Defender or Exchange admin experience.

Recommended workflow

1

Add or merge SPF with include:spf.protection.outlook.com.

2

Open the Microsoft DKIM settings for your domain.

3

Create the two DKIM CNAME records Microsoft provides.

4

Enable DKIM signing after records resolve.

5

Add DMARC at _dmarc and run Outlio Test Domain Setup.

Tips that make this work better

Tip

Microsoft DKIM often fails until both selectors resolve.

Tip

Use the exact domain-specific CNAME targets from Microsoft.

Tip

If the domain was recently added to Microsoft 365, give provisioning time to finish.

Common mistakes to avoid

  • Using TXT records when Microsoft asked for CNAME records.
  • Forgetting to enable DKIM after DNS is added.

Done well, this should leave you with

A cleaner Outlio setup, fewer avoidable campaign issues, and a more reliable path from setup to replies.

Related articles

Why do I need DNS records?

Understand SPF, DKIM, DMARC, MX, and tracking records.

How to setup MX, SPF, DKIM, DMARC

Step-by-step DNS setup for sending domains.

SPF, DKIM, and DMARC for Google Workspace

Configure Google Workspace authentication for outreach.

Was this article helpful?

Need more help? Contact Support