No DKIM keys saved for this domain

DKIM will be more and more important in the future for authenticating legitimate e-mails. For this reason, I like to enable DKIM for all my domains in Office 365 tenants where DKIM is really easy to enable.

In Exchange Online console we can find DKIM under Protection -> DKIM where we can usually see an option "Enable".

I seen few times where this option is not available and "No DKIM keys saved for this domain" is displayed instead.

What can we do in this case?

First, we need to connect to Exchange Online with PowerShell and run command Get-DkimSigningConfig. We can see domains that are enabled or can be enabled for DKIM in our tenant.


Next, we enable DKIM for our new domain by running New-DkimSigningConfig command:

New-DkimSigningConfig -DomainName <> -Enabled $True

If you haven’t added required DKIM DNS records your will receive a warning that necessary DNS records are missing, but domain will be added to DKIM signing configuration and can be enabled in Exchange Online Console once the DNS records are added.


How does DKIM DNS record actually look like?

Every domain has its own specific record information and it will be displayed either in PowerShell (for example above) or when you click Enable option under DKIM in Exchange Online console.

For my domain records are:

CNAME -> and


How can we check if DKIM is now enabled for our domain?

We can for example send ourselves an e-mail. For example, I e-mailed myself from to my Gmail account and checked the headers of the message.

In the header we should see DKIM signature and in the signature, there should be d for domain part. Next to it should be your domain for which you just enabled DKIM signatures.

Comments are closed