0

I generated DKIM values for my domain in Defender/security.microsoft.com/dkimv2 but I closed the menu too soon and didn't copy the selector/value pair. I've looked everywhere but I can't find that info, and I can't find an option to generate new keys.

This is what that info would look like:

enter image description here

Is there a way to do this without having to use PowerShell? GoDaddy hosts this email domain and most tools are not available by default.

Update - I figured out how to use PowerShell and get the info I needed using the answers below.

In case someone else needs some pointers: don't try using the Cloud Shell provided through Azure portal (I couldn't get any cmdlets to execute and couldn't figure out why). Instead, use the PowerShell installed on your PC and follow these directions to Connect To Exchange Online PowerShell.

Improve this question

2 Answers 2

Reset to default
1

Just execute

Get-DkimSigningConfig -Identity <Domain for which the configuration was set> | Format-List

in your Exchange Online PowerShell session.

Improve this answer
1
  • Thanks. I was trying to avoid PowerShell. This domain is for an email server, and we use GoDaddy, which limits the tools at my disposal. Ultimately, I figured it out and used your answer and got what I needed. Thank you!
    – josh1978
    Commented Feb 22, 2023 at 20:39
1

Selectors

The names of the selectors for custom domains in Office 365 are always selector1._domainkey.[domain.tld] and selector2._domainkey.[domain.tld] where [domain.tld] should reflect your domain.

Office 365 will request you to create CNAME dns records for both Selectors. By default they will point to a TXT records hosted at selector1-[domain-tld].[TenantName].onmicrosoft.com and selector2-[domain-tld].[TenantName].onmicrosoft.com, for example selector1-example-com.EXAMPLE.onmicrosoft.com.

There are some known exceptions where the naming convention will be different, for example when a domain has existed in a different tenant before (from personal experience).

Powershell

From the Exchange Online Management Powershell module, you can run the Get-DKIMSigningConfig cmdlet to find the Selector settings for your particular domain:

Get-DkimSigningConfig -Identity [domain.tld] | Format-List Selector1CNAME, Selector2CNAME

Online Query

You can also check the existence of the CNAME records via an online DNS lookup tool, such as Google DNS or Dig web interface. If you put in the selector1 or selector2 values for your domain, it should return you the values of those Selector records.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .