How to setup DMARC, DKIM, and SPF in Microsoft 365?

Setting up these email authentication records in Microsoft 365 takes a few steps, but it’s as easy as 1, 2, 3:

SPF (Sender Policy Framework)
Add this TXT record to your domain’s DNS: v=spf1 include:spf.protection.outlook.com -all

DKIM (DomainKeys Identified Mail)
Go to Microsoft 365 Admin Center → Settings → Domains → DKIM.
Enable DKIM for your domain and Microsoft will generate and manage the CNAME records for you.

DMARC (Domain-based Message Authentication):
Use a tool to generate your policy (e.g., v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com)
Add it as a TXT record in your DNS.

Why it matters

These three work together to verify your email is legit, protect your domain from spoofing, and improve your deliverability rates. To learn more, check out our full length guide.