Per our discussion over that phone here is the steps you need to enable DKIM:

Below is the article to enable DKIM, skip to “Steps to create, enable and disable DKIM from Microsoft 365 Defender Portal”

How to use DKIM for email in your custom domain – Office 365 | Microsoft Learn

Login into Admin Center > Navigation menu click Show all > Security > Navigation menu click Policies Rules > Threat Policies > Under Rules click on Email authentication settings > DKIM tab
Click on the Domain (12weekyear.com) you want it to be enable for
On the Right Window panel that appears toggle the Disabled button to enable it.
This will Pop up a Client Error (read the popup) window which contains the 2 CNAME record values you need to enter to your domain host.
Once you enter the CNANME records and after it syncs (DNS sync might vary and can take up to 24-48 years in extreme cases) you can go back to this DKIM window and enable it again to check if it worked.
Enable MFA
To make sure MFA is enabled for you tenant:
Open Admin Center > Navigation menu click Show all > Azure Active Directory > Once Entra admin center window opens click on ‘Properties’ tab > click on Manage security defaults at the bottom > In the right windowpane use the drop-down box to enable it, this will prompt him for MFA next time the user logs in. If it is already enabled than have the user change his password encase account was compromised and check for any Rules in his Outlook client that he did not create.

Please let me know if you have any questions.