SPF, DMARC and DKIM: GoDaddy & Microsoft/Office 365 accounts

If you plan on using Microsoft 365 for your email sending, you need to sign up for a workspace first. Once you have signed up for a plan, you can continue and add your GoDaddy domain to Microsoft Workspace.

Adding GoDaddy domain to your Microsoft 365

We created a video that can help you get started, follow the step-by-step guide:

To get started, log into your Microsoft 356 admin account.

From the Home page, use the search bar and type "Get your custom domain set up"

On this page "Domains Wizard" will open up where you will be asked to input the name of your domain and click "Use this domain":

Next step will be to verify your domain.

Select "Add a TXT record to the domain's DNS records" and click on "Continue". Leave this tab open.

Open a new tab, login to your GoDaddy domains page, go to DNS management page for ‎your domain by clicking on the three dots next to your domain and selecting "Manage DNS"

Go back to Microsoft and copy the TXT record:

In your GoDaddy DNS records, click on "Add" to create a new record, choose TXT as a type and paste the value provided by Microsoft.

When finished, come back to Microsoft and select "Verify" and it will confirm you own the domain by finding the new record.

You have now verified the ownership of your domain. Proceed to add DNS records.

Add DNS records

To add these records for ‎your domain‎, go to your DNS on GoDaddy.

You will need to copy each of these records (MX, CNAME, SPF) from Microsoft into a new GoDaddy DNS record. Click on each of them to append the view and get the data.

Adding MX record

In your GoDaddy DNS, click on "Add" to create a new MX type record.

Copy the Name, Priority, Value and TTL from the Microsoft page. Click on "Add record" to confirm the entry.

Adding CNAME record

In your GoDaddy DNS, click on "Add" to create a new CNAME type record.

Copy the Host Name, Value and TTL from the Microsoft page. Click on "Add record" to confirm the entry.

Copy the data from the Microsoft page:

Add it as a new CNAME record in your GoDaddy domain DNS:

Click on "Add record" to confirm.

Adding SPF record

On the same page in GoDaddy, create a new record by copying data from Microsoft.

Type should be set to TXT and then copy Name, Value and TTL from Microsoft.

Paste in your new DNS record, and click on "Add new record" to confirm.

Go back to Microsoft 365 and click on "Continue".

This concludes the chapter "Adding DNS records". You can click on "Done" and proceed to add the DKIM and DMARC record manually.

Adding DKIM record

Step 1: Click on the domain you wish to configure DKIM on DKIM page (https://security.microsoft.com/dkimv2)

Step 2: Slide the toggle to Enable. You will see a pop-up window, click on "Create DKIM keys" button. Wait a few seconds.

Step 3. You will need to copy these CNAME-type records into your Godaddy domain and come back to the same page to enable DKIM.

Step 4: Publish both of the copied CNAME records to your GoDaddy DNS.

Step 5. Go back to the Microsoft page and click the switch to "Enable".

Now that you have DKIM enabled, you can proceed to the last important action - creating DMARC.

If you see CNAME record doesn't exist error, it might be due to:

  1. Synchronization with DNS server, which might take few seconds to hours, if the problem persists repeat the steps again
  2. Check for any copy paste errors, like additional space or tabs etc.

Adding DMARC record

DMARC record is a TXT record that you'll need to input into GoDaddy DNS.

Important: Configure DKIM and SPF before configuring DMARC. DKIM and SPF should be authenticating messages for at least 48 hours before turning on DMARC.

1. Sign in to your GoDaddy account and locate the domain where you want to set up the records, click on three dots next to the name and select "Manage DNS".

2. Click on "Add new record"

Copy the following:

Type:

TXT

Name:

_dmarc

Value:

v=DMARC1;p=none;sp=none;pct=100;rua=mailto:[email protected];ruf=mailto:[email protected];ri=86400;aspf=s;adkim=s;fo=1

*For rua and ruf tags in the Value field, replace [email protected] with your email address.

TTL for this record is set to the lowest possible (1h is perfectly fine).

Click to "Add record" and you are done!

<IMAGE_HERE>

You can also use third-party websites to help you generate your DMARC.

More about the value parts:

v=DMARC1 tells the Internet that this is the DMARC record.

p= specifies what you want to do with your emails. p=none is what we recommend and it tells the recipient mail servers to do nothing with emails. Once you are comfortable with the report-only policy, you can scale it to the p=quarantine which tells the recipient mail servers to quarantine or move the messages to the spam folder if they fail spam checks. After that, you can change it to p=reject which tells the email servers to reject any email that fails the checks.

rua=mailto:[email protected] is very important, and you will replace the address with your email to receive the reports generated about your domains (on fraudulent emails that are being received across the internet, sent by your domain).

ruf=mailto:[email protected] is like the “rua” tag but allows you to specify any email address to receive your DMARC Forensic reports. The Forensic reports are sent to you when someone attempts to send an email impersonating your domain and it fails your DMARC and DKIM authentication.

ri=86400 allows you to specify the aggregate report interval in seconds. The minimum and the default value is 86400 seconds which equates to 24 hours. This means every 24 hours you will receive a DMARC Aggregate report.

aspf=s is an optional tag. You can use this tag to specify if you want to set your SPF policy to strict or relaxed. Your SPF policy basically makes sure all emails sent using your domain are authorized to send.​​adkim=s strict or relaxed DKIM policy.

fo=1 is an optional tag. It allows you to tell email service providers that you want email samples if the emails failed. The 1 value generates reports if any of your authentication mechanisms fail. SPF OR DKIM.

Was this article helpful?

SPF, DMARC and DKIM: GoDaddy & Google Workspace
SPF, DMARC and DKIM: GoDaddy & Zoho sending accounts