If you plan on using Microsoft 365 for your email sending, you need to sign up for a workspace first. Once you have signed up for a plan, you can continue and add your Namecheap domain to Microsoft Workspace.


Adding Namecheap domain to your Microsoft 365 Workspace

We created a video that can help you get started. Follow the step-by-step guide:

To get started, log into your Microsoft 356 admin account.

From the Home page, use the search bar and type "Get your custom domain set up"

On this page "Domains Wizard" will open up where you will be asked to input the name of your domain and click "Use this domain":

The next step will be to verify your domain.

Select "Add a TXT record to the domain's DNS records" and click on "Continue". Leave this tab open.

Open a new tab, login to your Namecheap and open the Domains list, locate your domain, click on "Manage". Then go to "Advanced DNS Tab".


Go back to Microsoft and copy the TXT record into a new Namecheap TXT type record:

Once you have saved the record in Namecheap, go back to Microsoft and click "Verify".


You have now verified the ownership of your domain. Proceed to add DNS records.


Add DNS records

To add these records for ‎your domain‎, go to your DNS in Namecheap.

You will need to copy each of these records (MX, CNAME, SPF) from Microsoft into a new Namecheap DNS record. Click on each one of them to append the view and get the data.

Adding MX record

In your Namecheap DNS, scroll down to "MAIL SETTINGS", click on "Email forwarding" and from the drop-down list choose Custom MX.

Copy the Name, Priority, Value and TTL from the Microsoft page. Click on "Add record" to confirm the entry.

Adding CNAME record

Copy the Host Name, Value and TTL from the Microsoft page.

In your Namecheap DNS, click on "Add New Record" to create a new CNAME type record.

Paste the copied value from the Microsoft page. Confirm by clicking on "SAVE ALL CHANGES".

Adding SPF records

On the same page in Namecheap, create a new record by copying data from Microsoft.

Type should be set to TXT and then copy Name, Value and TTL from Microsoft.

Paste in your new DNS record, and click on "Save all changes" to confirm.

Go back to Microsoft 365 and click on "Continue".


This concludes the chapter "Adding DNS records". You can click on "Done" and proceed to add the DKIM and DMARC record manually.


Adding DKIM record

Step 1: Click on the domain you wish to configure DKIM on DKIM page (https://security.microsoft.com/dkimv2)

Step 2: Slide the toggle to Enable. You will see a pop-up window, click on "Create DKIM keys" button. Wait a few seconds.

Step 3. You will need to copy these CNAME-type records into your Namecheap domain and come back to the same page to enable DKIM.

Step 4: Publish both of the copied CNAME records to your Namecheap DNS.

Step 5. Go back to the Microsoft page and toggle the switch to "Enable".

Now that you have DKIM enabled, you can proceed to the last important action - creating DMARC.


If you see CNAME record doesn't exist error, it might be due to:

  1. Synchronization with DNS server, which might take few seconds to hours, if the problem persists repeat the steps again

  2. Check for any copy paste errors, like additional space or tabs etc.


Adding DMARC record

DMARC record is a TXT record that you'll need to input into Namecheap DNS.


Important: Configure DKIM and SPF before configuring DMARC. DKIM and SPF should be authenticating messages for at least 48 hours before turning on DMARC.

1. Sign in to your Namecheap account and locate the domain where you want to set up the records, click on "Manage" and then click on the "Advanced DNS" tab.

2. Click on "Add new record"

Copy the following:

Type:

TXT

Host:

_dmarc

Value:

v=DMARC1;p=none;sp=none;pct=100;rua=mailto:[email protected];ruf=mailto:[email protected];ri=86400;aspf=s;adkim=s;fo=1

*For rua and ruf tags in the Value field, replace [email protected] with your email address.

TTL for this record is set to the lowest possible (1h is perfectly fine).

Click to "Save all changes" and you are done!


You can also use third-party websites to help you generate your DMARC.

More about the value parts:


v=DMARC1 tells the Internet that this is the DMARC record.

p= specifies what you want to do with your emails. p=none is what we recommend and it tells the recipient mail servers to do nothing with emails. Once you are comfortable with the report-only policy, you can scale it to the p=quarantine which tells the recipient mail servers to quarantine or move the messages to the spam folder if they fail spam checks. After that, you can change it to p=reject which tells the email servers to reject any email that fails the checks.

rua=mailto:[email protected] is very important, and you will replace the address with your email to receive the reports generated about your domains (on fraudulent emails that are being received across the internet, sent by your domain).

ruf=mailto:[email protected] is like the “rua” tag but allows you to specify any email address to receive your DMARC Forensic reports. The Forensic reports are sent to you when someone attempts to send an email impersonating your domain and it fails your DMARC and DKIM authentication.

ri=86400 allows you to specify the aggregate report interval in seconds. The minimum and the default value is 86400 seconds which equates to 24 hours. This means every 24 hours you will receive a DMARC Aggregate report.

aspf=s is an optional tag. You can use this tag to specify if you want to set your SPF policy to strict or relaxed. Your SPF policy basically makes sure all emails sent using your domain are authorized to send.

adkim=s strict or relaxed DKIM policy.

fo=1 is an optional tag. It allows you to tell email service providers that you want email samples if the emails failed. The 1 value generates reports if any of your authentication mechanisms fail. SPF OR DKIM.


Did this answer your question?