Cloudflare DMARC Management with M365

Hey All,

Thanks in advance for taking the time to review this.

I have configured Cloudflare DMARC management for our domain. All seems to be working well. We are using Microsoft 365 for email services.

My DMARC and SPF policies show up correctly, but under Email record overview, the DKIM in use reports as “NO”.

I am confident this is because I do not have a TXT record for DKIM.
I am using the selector1 and selector2 CNAME entries provided by Microsoft DKIM setup.

My question(s):

  1. Is this an issue, or should I let my OCD calm down and live with the NO on the DKIM setup?
  2. If a TXT DKIM is required, can you point me to an FAQ or site with setup information and how this works with the Microsoft CNAME entries?
  3. If all else fails, is there any way to make Cloudflare DMARC Management recognize the Microsoft CNAME entries for the DKIM?

I guess my desired outcome is to have the DMARC Management console recognize the DKIM entries, so I know all is working as it should.


Is your DKIM CNAME set to :orange: or :grey:?

If it is :orange:, set it to :grey:.

If it is already :grey:, that’s all I had right now.


I apologize for following up on my own reply, but I just added Cloudflare DMARC Management to two domains. One uses the CNAME DKIM method and the other has TXT records for DKIM. The CNAMEs are :grey: and Cloudflare does not recognize them in the summary. The TXT record DKIM displays DKIM in use Yes.

This probably merits #feedback since DKIM CNAMEs are a very common configuration.


To close the loop on this, it is set it to :grey:.


Thanks for taking the time to reply.

I am experiencing the same behavior as well.


I’ve noticed this too.
I guess you could add a txt record with the output of dig -t txt +short but you’d have to remember to update that when you rotate your dkim keys.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.