How to use to verify that DKIM & DMARC security for Office 365 have been configured properly

Please provide me with guides on how to verify that DKIM & DMARC security for Office 365 have been configured properly using
IT GuyNetwork EngineerAsked:
Who is Participating?
nociSoftware EngineerCommented:
With DKIM you can have several active keys... (if you like you can change the key each for each mail sent..), but the key needs to be available later on when the mail is received, or even later read.....  Or each mail server can have it's own key, ...

So you need a way to select a key.  There is a reference to the key mentioned in each mail sent. This reference is named the selector.
From the site:  
A DKIM Selector is text that is added with the domain to create a unique DNS record used during DKIM. This allows multiple keys to exist under one domain which allows for different signatures to be created by different systems, date ranges, or third party services.

and it is the string you put in front of the _domainkey item.

For a successful DKIM usage you need the domain name & selector, to mxtoolbox site you mention them as:
(you can you any valid DNS part strings as a selector.
this references:, TXT rr, starting with v=DKIM1 ......
Seth SimmonsSr. Systems AdministratorCommented:
click dmarc
type your domain
there are no guides on doing is self explanatory when you go to the site
IT GuyNetwork EngineerAuthor Commented:
When I try checking the DKIM for certain domains I get a message that says "Invalid SuperTool Syntax DKIM requires a selector."

How do I use a selector?
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Seth SimmonsSr. Systems AdministratorCommented:
click the 'more information' link next to that message
IT GuyNetwork EngineerAuthor Commented:
I clicked on the 'more information' and read the message but I'm not sure what it means which is why I'm hoping that someone can explain to me what needs to be done.
Alan HardistyCo-OwnerCommented:
When I setup DKIM for 365 I just add 2 DNS CNAME records as follows:

CNAME - selector1._domainkey
CNAME - selector2._domainkey

Then check back in 365 and enable DKIM and after it finds the DNS records, it'll be configured happily.

Not sure how you would use MXTOOLBOX as never tried it!

nociSoftware EngineerCommented:
@alan, mxtoolbox is a website that can verify settings about mail servers and their configuration, and thus can verify if setup for spf, dkim etc. are done according to specs.  It is NOT a microsoft tool.  

And to be honest Microsoft mailserver are a mess. Outlook server presenting with HELO strings for and vise versa and a touch of in the mix.
Reverse lookups of ip addresses not matching hostnames, hostnames not matching HELO announcements..
Most spam outfits have this better organized.
Alan HardistyCo-OwnerCommented:
@noci - Thanks - I've used the site before many times, but just not for that specific test :)

I often use DNSSTUFF but only really use MXTOOLBOX for verification of MX records.  I know it can do a whole lot more, but haven't scratched the surface (yet)!
Sunil ChauhanExpertise in Exchange Server, Office 365 & Powershell ScriptingCommented:
this is bit tricky to test, use the following ways..
let's say your domain name is "" and your TXT/hostname for the DKIM is ""

so to test the DKIM record type using the mxtool box you need to type the following combination.

SAM07 is the selector which need to be provided for the successful DKIM test. this is the value before dot from TXT hostname for DKIM
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.