DKIM Selector2 Not Working for Microsoft 365 Domain
by
Reading Time: 3 min
If you are a Microsoft 365 user with DKIM enabled on your office 365 domain, you may notice a no DKIM record found error for selector2. This means that when your DNS is being queried using selector2 as a resource locator, no results are available and the receiving server is failing to locate any DKIM record for selector2. Why is DKIM selector2 not working for Microsoft 365 domain? Let’s find out.
Key Takeaways
- DKIM selector2 may not work if no records are found during DNS lookups.
- Enabling DKIM key rotation is essential for resolving DKIM selector2 issues in Microsoft 365.
- Accessing the Microsoft 365 Defender portal is necessary to manage DKIM settings.
- After toggling DKIM settings, the status must indicate that keys are being rotated for outgoing emails.
- Performing a DKIM lookup post-configuration will confirm whether the issues with selector2 are resolved.
No DKIM record found for selector2
Let’s take a look at a situation for DKIM selector2 not working:
We registered a domain on Office 365 under the name o365inmail.com and configured DKIM records for this domain configuring 2 selectors: selector1 and selector2
Now we use the PowerDMARC DKIM record lookup tool to look up the records for both selectors, one by one.
DKIM selector1 Results:
DKIM selector2 Results:
In the above examples we have the following key takeaways:
- DKIM selector1 functioning as it should and locating valid DKIM DNS record data on lookup
- DKIM selector2 not working and returning “No records found” result on lookup.
Simplify DKIM with PowerDMARC!
How to fix “DKIM Selector2 Not Working”?
The solution around this problem is to enable DKIM key rotation for Microsoft 365. Here’s how you do it:
- Log in to your Microsoft 365 Defender portal
- On the left hand side navigation pane, select Policies & Rules > Threat Policies > Email Authentication Settings
- Toggle the header menu to DKIM
- Select your domain name from the list of domains
- Select the “Rotate DKIM keys” option
On doing this the status must display “Rotating keys for this domain and signing DKIM signatures” which denotes that your DKIM keys will now be periodically rotated before signing outgoing emails.
Final Step: Testing the DKIM selector2
To make sure everything is working properly post enabled key rotation, you can now perform a DKIM lookup for the second time using selector 2.
This confirms that DKIM selector2 not working error has now been resolved!
Domain & Email Security Expert at PowerDMARC
Yunes is an Operations Team Lead at PowerDMARC with expert knowledge in email authentication and security. Yunes is a Microsoft-certified Azure Administrator Associate with certifications in CompTIA A+ and many more.
Latest posts by Yunes Tarada (see all)
- DKIM Domain Alignment Failures – RFC 5322 Fixes - June 5, 2025
- DMARCbis Explained – What’s Changing and How to Prepare - May 19, 2025
- What is BIMI? Your Complete Guide to BIMI Logo Requirements & Setup - April 21, 2025
