Setting up DKIM for a custom Domain (Powershell)
This is required for ensuring trusted "Know Good" outbound traffic. This will likely be flagged as an error of failed delivery from your domain and the recipients server will reject you on trusted domain.
5.7.708 Access denied, traffic not accepted from this IP
This error can happen when you are trying out a Microsoft 365 trial tenant. If you receive this error before you can purchase licenses, contact support to request an exception for the low reputation IP address until you're able to purchase licenses.
Install-Module -Name ExchangeOnlineManagement Import-Module ExchangeOnlineManagement Connect-ExchangeOnline -UserPrincipalName <your.user@company.com> New-DkimSigningConfig -Identity <yourdomain.com> -Enabled $true
Now add the cnames given to you in powershell to your DNS provider.
You can also run this to check them:
Get-DkimSigningConfig -Identity <yourdomain.com> | Format-List Selector1CNAME, Selector2CNAME
It should return something like this...
Selector1CNAME : selector1-yourdomain-com._domainkey.yourdomain.onmicrosoft.com Selector2CNAME : selector2-yourdomain-com._domainkey.yourdomain.onmicrosoft.com
The above translates into the below to create your DNS records.
| Domain | Record | TTL | Destination |
| selector1._domainkey.yourdomain.com | CNAME | 3600 | selector1-yourdomain-com._domainkey.yourdomain.onmicrosoft.com |
| Selector2._domainkey.yourdomain.com | CNAME | 3600 | Selector2-yourdomain-com._domainkey.yourdomain.onmicrosoft.com |
Finally with the records in place you can run the following.
Set-DkimSigningConfig -Identity yourdomain.com -Enabled $true