Microsoft Office 365 requires CNAME records for DKIM, Cloudflare seems only to allow TXT records

Note that this community tool sees certain keywords as links and therefore doesn’t let me include more than 4 of them in this message. Therefore, in the information below please treat C-NAME as CNAME and T-XT as TXT!

When trying to setup DKIM for Microsoft Office 365 email, Microsoft advise that I have to publish two
C-NAME records for the selectors.

C-NAME record does not exist for this config. Please publish the following two C-NAME records first.
Host Name : selector1._domainkey
Points to address or value: selector1-iamafg-org._domainkey.iamafg.onmicrosoft.com
Host Name : selector2._domainkey
Points to address or value: selector2-iamafg-org._domainkey.iamafg.onmicrosoft.com .

I have tried creating the required records using the DKIM tool on the DNS page at Cloudflare but this creates only T-XT records, which Microsoft do not recognise.
I have tried creating the required records by creating C-NAME records directly however Cloudflare rejects the record as an error with this message

DNS Validation Error (Code: 1004) Content for C-NAME record is invalid

There are many people who have reported the ability to create these C-NAME records in the Cloudflare community, so has Cloudflare changed the rules on what can be entered in C-NAME records so that these are no longer valid to add? How can I add them?

Do I just have to leave Cloudflare after 10 years and switch to another DNS provider who can support Microsoft Office 365 email with DKIM or is there a way to make it work with Cloudflare still?

Thanks

Are you creating the record as DNS Only :grey:? Can you post a screenshot of the values you are adding:

I have plenty of Cloudflare domains using Office 365, and never had any issues with DKIM. It is just a few DNS records after all.

You can use the Preformatted Text tool :point_up: </>

Hi Michael,
Thanks so much for your reply. Thanks for the preformatted tip too!

Here is the screenshot you requested.
Regards,
Stephen

The target MUST be the name of another DNS record, delete the v=DKIM1; element. It should be just selectorX-.....onmicrosoft.com

Thank you Michael. That worked! I really appreciate your guidance. Have a great day

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.