How to use to verify that DKIM & DMARC security for Office 365 have been configured properly

Please provide me with guides on how to verify that DKIM & DMARC security for Office 365 have been configured properly using
IT GuyNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
click dmarc
type your domain
there are no guides on doing is self explanatory when you go to the site
IT GuyNetwork EngineerAuthor Commented:
When I try checking the DKIM for certain domains I get a message that says "Invalid SuperTool Syntax DKIM requires a selector."

How do I use a selector?
Seth SimmonsSr. Systems AdministratorCommented:
click the 'more information' link next to that message
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

IT GuyNetwork EngineerAuthor Commented:
I clicked on the 'more information' and read the message but I'm not sure what it means which is why I'm hoping that someone can explain to me what needs to be done.
nociSoftware EngineerCommented:
With DKIM you can have several active keys... (if you like you can change the key each for each mail sent..), but the key needs to be available later on when the mail is received, or even later read.....  Or each mail server can have it's own key, ...

So you need a way to select a key.  There is a reference to the key mentioned in each mail sent. This reference is named the selector.
From the site:  
A DKIM Selector is text that is added with the domain to create a unique DNS record used during DKIM. This allows multiple keys to exist under one domain which allows for different signatures to be created by different systems, date ranges, or third party services.

and it is the string you put in front of the _domainkey item.

For a successful DKIM usage you need the domain name & selector, to mxtoolbox site you mention them as:
(you can you any valid DNS part strings as a selector.
this references:, TXT rr, starting with v=DKIM1 ......

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alan HardistyCo-OwnerCommented:
When I setup DKIM for 365 I just add 2 DNS CNAME records as follows:

CNAME - selector1._domainkey
CNAME - selector2._domainkey

Then check back in 365 and enable DKIM and after it finds the DNS records, it'll be configured happily.

Not sure how you would use MXTOOLBOX as never tried it!

nociSoftware EngineerCommented:
@alan, mxtoolbox is a website that can verify settings about mail servers and their configuration, and thus can verify if setup for spf, dkim etc. are done according to specs.  It is NOT a microsoft tool.  

And to be honest Microsoft mailserver are a mess. Outlook server presenting with HELO strings for and vise versa and a touch of in the mix.
Reverse lookups of ip addresses not matching hostnames, hostnames not matching HELO announcements..
Most spam outfits have this better organized.
Alan HardistyCo-OwnerCommented:
@noci - Thanks - I've used the site before many times, but just not for that specific test :)

I often use DNSSTUFF but only really use MXTOOLBOX for verification of MX records.  I know it can do a whole lot more, but haven't scratched the surface (yet)!
Sunil ChauhanLead AdministratorCommented:
this is bit tricky to test, use the following ways..
let's say your domain name is "" and your TXT/hostname for the DKIM is ""

so to test the DKIM record type using the mxtool box you need to type the following combination.

SAM07 is the selector which need to be provided for the successful DKIM test. this is the value before dot from TXT hostname for DKIM
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.