Microsoft + DNSimple: domain authentication configuration

Amplemarket
Amplemarket
  • Updated

In the following video, we will help you configure your Domain while using Microsoft as your Email Service Provider and DNSimple as your Domain provider:

 

 

The first step is to add your domain to the Microsoft Admin Center:

  • Head to Settings > Domains > Add Domain or search for Domains on the Search bar.

  • Copy your domain name and click on “Use this domain”.

During the Domain Setup, you’ll be asked to add your DNS Records. On that page, you’ll find all the needed info to set up MX and SPF records.

 

Setup MX records

MX records are a basic configuration to allow your domain to receive and send emails. Head to DNSimple and Add a new MX-type record.

On the Outlook Admin panel, while setting up your domain, MX records info and instructions will surface during the “Connect Email” stage:

Head to DNSimple and use the information below to create new records:

  • Create a MX-type record with the following information:
    • Name:
    • Content: <name>-<tld>.mail.protection.outlook.com
      • Check the example in the image above
    • Priority: 0
    • TTL (Refresh rate): 1 hour
  • Create a CNAME-type record with the following information:
    • Name: autodiscover(.yourdomain)
    • Content: autodiscover.outlook.com
      • Check the example in the image above
    • TTL (Refresh rate): 1 hour

 

Setup SPF

  • Head to DNSimple
  • Select the domain on which you want to configure SPF and under DNS Records click on “Manage”
  • Click on “Add record” and select “TXT” as the type of record you want to create
  • Use the following info that Microsoft provided before to create your SPF record:
    • Type: TXT
    • Name: @
    • Content: v=spf1 include:spf.protection.outlook.com  -all
    • TTL (Refresh Rate): 1 hour
  • Click “Save”

 

Setup DKIM

  • On your Microsoft Admin account, go to Policies & rules > Threat policies > Email authentication settings (or search for DKIM on the Microsoft Admin search bar)
  • Click/select the domain on which you want to perform domain authentication
  • Click on Create DKIM keys
  • Use the information that Microsoft surfaces to create two CNAME type records on DNSimple

 

 

  • Head to DNSimple and navigate to the domain where we are setting up DKIM.
  • Under the DNS we will add two different CNAME records using the information that Microsoft provided before. Leave TTL with GoDaddy’s default value.
  • Hit Save
  • Head back to the Microsoft Admin account and enable DKIM:

 

 

Setup DMARC

  • Head to DNSimple and navigate to the domain where we are setting up DMARC.
  • Under the DNS we are going to add a TXT record and insert the following information
    • Type: TXT
    • Name: “_dmarc”
    • Value: “v=DMARC1; p=none”
    • TTL: “default” 
  • Hit Save

Note: the “p” value is the policy. We usually recommend none as it is the simplest. Below are the options you could also use:

  • p=none: The domain owner requests no specific action be taken on mail that fails DMARC authentication and alignment. 
  • p=quarantine: The domain owner instructs that mail failing the DMARC authentication and alignment checks be treated as suspicious by mail receivers. This can mean receivers place the email in the spam/junk folder, flag it as suspicious, or scrutinize this mail with extra intensity. 
  • p=reject: The domain owner requests that mail receivers reject the email that fails the DMARC authentication and alignment checks. Rejection should occur during the SMTP transaction. This is the strictest policy and offers the highest level of protection.



Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request