All Collections
Setup
SPF, DMARC and DKIM: GoDaddy & Microsoft/Office 365 accounts
SPF, DMARC and DKIM: GoDaddy & Microsoft/Office 365 accounts

Learn how to add MX, SPF, DKIM and DMARC records to your GoDaddy domain, to validate the emails sent by your Microsoft/Office 365 accounts

Updated over a week ago

This is an instruction for an email plan purchased directly from Microsoft. If you have purchased your Microsoft emails from GoDaddy, read this article.

If you plan on using Microsoft 365 for your email sending, you need to sign up for a workspace first. Once you have signed up for a plan, you can continue and add your GoDaddy domain to Microsoft Workspace.


Adding GoDaddy domain to your Microsoft 365

You can follow the step-by-step guide below to add GoDaddy domain to your Microsoft 365 account. To get started, log into your Microsoft 356 admin account.

1. From the Home page, use the search bar and type "Domains"

2. Click on "Add domain":

3. On this page "Domains Wizard" will open up where you will be asked to input the name of your domain and click "Use this domain":

4. Next step will be to verify your domain.

5. The window will pop up and you will be asked to connect your GoDaddy account.

6. Once you connect Godaddy, click on "Continue" to finish the setup. Microsoft will create DNS records in your GoDaddy DNS zone.

7. In the new page, click Add DNS Records (you can disable Skype for Business in advanced options).

8. Godaddy will once again connect to your Microsoft account - click Connect when prompted.

9. This completes the setup of MX and SPF records. Click "Done".


Adding DKIM record

Please follow the steps below to add the DKIM record:

Step 1: Click on the domain you wish to configure DKIM on the DKIM page (https://security.microsoft.com/dkimv2)

Step 2: Slide the toggle to Enable. You will see a pop-up window, click on "Create DKIM keys" button. Wait a few seconds.

Step 3: You will need to copy these CNAME-type records into your Godaddy domain and come back to the same page to enable DKIM.

Step 4: Publish both of the copied CNAME records to your GoDaddy DNS.

Step 5: Go back to the Microsoft page and click the switch to "Enable".

If you see CNAME record doesn't exist error, it might be due to:

  1. Synchronization with the DNS server, which might take a few seconds to hours, if the problem persists repeat the steps again

  2. Check for any copy-paste errors, like additional space or typos, etc.


Adding DMARC record

DMARC record is a TXT record that you'll need to input into GoDaddy DNS. Please follow the steps below to add the DMARC record:

Step 1: Sign in to your GoDaddy account and locate the domain where you want to set up the records, click on three dots next to the name and select "Manage DNS".

Step 2: Click on "Add new record". Copy the following:

Type:

TXT

Name:

_dmarc

Value:

v=DMARC1;p=none;sp=none;pct=100;rua=mailto:[email protected];ruf=mailto:[email protected];ri=86400;aspf=s;adkim=s;fo=1

Note: For rua and ruf tags in the Value field, replace [email protected] with your email address.

TTL for this record is set to the lowest possible (1h is perfectly fine).

Step 3: Click to "Add record" and you are done!

The above DMARC record is an example you can use, you can also use third-party websites to help you generate your DMARC.


More about the value parts:


v=DMARC1 tells the Internet that this is the DMARC record.

p= specifies what you want to do with your emails. p=none is what we recommend and it tells the recipient mail servers to do nothing with emails. Once you are comfortable with the report-only policy, you can scale it to the p=quarantine which tells the recipient mail servers to quarantine or move the messages to the spam folder if they fail spam checks. After that, you can change it to p=reject which tells the email servers to reject any email that fails the checks.

rua=mailto:[email protected] is very important, and you will replace the address with your email to receive the reports generated about your domains (on fraudulent emails that are being received across the internet, sent by your domain).

ruf=mailto:[email protected] is like the “rua” tag but allows you to specify any email address to receive your DMARC Forensic reports. The Forensic reports are sent to you when someone attempts to send an email impersonating your domain and it fails your DMARC and DKIM authentication.

ri=86400 allows you to specify the aggregate report interval in seconds. The minimum and the default value is 86400 seconds which equates to 24 hours. This means every 24 hours you will receive a DMARC Aggregate report.

aspf=s is an optional tag. You can use this tag to specify if you want to set your SPF policy to strict or relaxed. Your SPF policy basically makes sure all emails sent using your domain are authorized to send.

adkim=s strict or relaxed DKIM policy.

fo=1 is an optional tag. It allows you to tell email service providers that you want email samples if the emails failed. The 1 value generates reports if any of your authentication mechanisms fail. SPF OR DKIM.

Did this answer your question?