DKIM Records not being published

I am having issues with outbound emails from our domain, going to spam in recipients mailboxes. The issue was first noticed when sending to gmail users and this is now starting to spread.
So far I have compared CNAME records on email host Microsoft365 and DKIM records match.
After checking a few sites I noticed DNS propagation not happing for our domain. Does anyone know how I would resolve this issue?

Troubleshooting steps taken:

  • Opened ticket with Microsoft directly to confirm DKIM records correct
  • Updated CNAME records as of yesterday evening 5:30 eastern on CloudFlare
  • Checked dnschecker and mxtoolbox to find any issues with DNS


Thanks Sandro,

I see the record as well but for whatever reason our emails are still going directly to the spam-box.
For transparency we had two domains, one was affordability4you.onmicrosoft.com and the custom domain is affordit.com. Within Microsofts admin portal DKIM is enabled for affordability4you.com but not for our custom domain affordit.com as they are saying those records are not published.

Gotcha. Thank you

The DKIM records for O365 are selector1 and 2. They need to be :grey:, not orange as shown in your screenshot.

It would be useful if Cloudflare did not allow domainkey records to be :orange:, which would eliminate this misconfiguration once and for all!

@michael You sir are the man! Thank you so much. This resolved our issue. I owe you one.

Hey Michael,

So your previous suggestion worked for a little but now the problem has returned.
Emails are going to spam again. Any idea what could be the cause?

I also noticed DKIM not being signed when checking the header on some of the messages that arrived in SPAM when sending any email from our custom domain. I checked with Microsoft first to see if I were missing anything but DKIM is enabled on their end.

The DNS records look OK at this stage, so this is out of scope for this forum at this stage.

You could try using a tool like https://tools.redsift.com/sift/investigate to check what mail received looks like.

You should also set up DMARC reporting (p=none). Microsoft have a partnership with Valimail to offer this for Office 365 users for free, but there are many others including www.dmarcian.com. This will give you actionable data about your email (at least from the main mailbox hosting providers like Gmail and Yahoo)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.