If you are a Microsoft 365 user with DKIM enabled on your office 365 domain, you may notice a no DKIM record found error for selector2. This means that when your DNS is being queried using selector2 as a resource locator, no results are available and the receiving server is failing to locate any DKIM record for selector2. Why is DKIM selector2 not working for Microsoft 365 domain? Let’s find out. 

No DKIM record found for selector2

Let’s take a look at a situation for DKIM selector2 not working: 

We registered a domain on Office 365 under the name o365inmail.com and configured DKIM records for this domain configuring 2 selectors: selector1 and selector2 

Now we use the PowerDMARC DKIM record lookup tool to look up the records for both selectors, one by one. 

DKIM selector1 Results:


DKIM selector2 Results:

In the above examples we have the following key takeaways:

  • DKIM selector1 functioning as it should and locating valid DKIM DNS record data on lookup 
  • DKIM selector2 not working and returning “No records found” result on lookup 

How to fix “DKIM Selector2 Not Working”? 

The solution around this problem is to enable DKIM key rotation for Microsoft 365. Here’s how you do it: 

  • Log in to your Microsoft 365 Defender portal 
  • On the left hand side navigation pane, select Policies & Rules > Threat Policies > Email Authentication Settings
  • Toggle the header menu to DKIM 
  • Select your domain name from the list of domains 
  • Select the “Rotate DKIM keys” option

On doing this the status must display “Rotating keys for this domain and signing DKIM signatures” which denotes that your DKIM keys will now be periodically rotated before signing outgoing emails. 

Final Step: Testing the DKIM selector2

To make sure everything is working properly post enabled key rotation, you can now perform a DKIM lookup for the second time using selector 2. 

This confirms that DKIM selector2 not working error has now been resolved!