Why you should authenticate your domain:
Major Internet Service Providers (aka ISPs), such as Yahoo, Google, and Microsoft scan incoming emails to check for spam or spoofed email addresses. This scan is looking for records on the from address domain that indicate that the displayed sender is, in fact, the same person who controls the domain. These records include a DKIM signature, as well as the SPF record. In addition to DKIM and SPF, you can further control your domain’s security by publishing a DMARC record.
Before you begin
- Custom authentication is not required but highly recommended. Our system will automatically authenticate email using our generic DKIM authentication. Using Custom Domain Authentication will eliminate the “via” or “on behalf of” that appears when using the generic DKIM authentication. Additionally, by setting up a DMARC policy, you should expect to see improvement in your sending reputation and inbox delivery.
- In order to set up custom domain authentication, you will need to change some of the settings with your DNS provider. The DNS records are most commonly found where you have your domain registered or hosted.
- If you are not sure how to edit your DNS contact support, or your domain hosting provider
Quick Overview of Process
- Verify Domain in email marketing account
- Creating a CNAME record from the email marketing account and add it to your DNS records at your domain hosting provider
- Return to email marketing account and click authenticate button to finish DKIM setup
- Copy the generated DMARC and SPF records from the email marketing account
- Paste DMARC and SPF records into DNS zone editor
- Test the records in the email marketing account, when you run the test, you should see all the boxes highlighted green. This means the setup was done correctly.
Verify your domain
Login to your Email Marketing account and go to the account settings page located under Account > Settings.
In the panel titled “Authenticated Domains”. Select Add Domain.
Custom Domain Authentication – DKIM
Custom Domain Authentication requires adding a CNAME to your DNS records at your domain provider.
Creating a CNAME record
When you select one, the CNAME record will be shown.
Add this record to your DNS where your domain is registered. If you are not sure how to edit your DNS contact support, or your domain hosting provider.
Once you add the DNS record, you then click the Authenticate button, and the app will confirm that the DNS record is set up correctly and add the domain to the list of authenticated domains.
A list of popular domain providers is listed below.
Changes to DNS records can take up to 24hrs or more. If your domain will not authenticate, wait 1 hour and try again.
Once the domain has been authenticated, the following records will be shown for you to finish setting up your DMARC and SPF records in the Authenticated Domains section. The DKIM CNAME record will also remain visible.
A list of popular domain providers:
If your service isn’t listed here, log in to your provider’s site and search their help documents, or contact the customer support team.
GoDaddy: Add a CNAME Record
In the Name field, enter fd._domainkey
In the Value field, enter dkim.emaildeliveryhq.com
For DKIM TXT record:
In the Name field, enter _domainkey
In the Value field, enter o=~
For DMARC TXT record:
In the Name field, enter _dmarc
In the Value field, enter v=DMARC1; p=none; rua=mailto:dmarc@your_domain.com
For SPF TXT record:
If there is already a SPF record present, add this to the Value field include:mtas.emaildeliveryhq.com
If there is NOT already a SPF record present:
In the Name field, enter @
In the Value field, enter v=spf1 mx include:mtas.emaildeliveryhq.com ~all
Amazon Web Services: Configuring DNS, Resource Record Types
Dreamhost: DNS Overview
Google Domains: DNS Basics
Hostgator: Manage DNS records
Hover: Edit DNS Record
Namecheap: SPF & DKIM
Squarespace: Advanced DNS Settings
In the Host field, enter fd._domainkey
In the Data field, enter dkim.emaildeliveryhq.com
For DKIM TXT record:
In the Host field, enter _domainkey
In the Data field, enter o=~
For DMARC TXT record:
In the Host field, enter _dmarc
In the Data field, enter v=DMARC1; p=none; rua=mailto:dmarc@your_domain.com
Stablehost: How do I get to cpanel?
1&1: Domain Guidelines
Setting up DMARC
DMARC works with DKIM and SPF to add a stronger custom authentication to your emails. DMARC will increase your deliverability than just using Custom DKIM alone. DMARC consists of 5 parts, Custom Domain Authentication (see above), creating a DKIM TXT record, creating a DMARC TXT record, creating an SPF TXT record and Test DNS Records. All of DNS records are stored in your domain name server or “DNS” server. If you are not sure how to edit your DNS records contact support, or your domain hosting provider.
Creating a DKIM TXT record
You can find the DKIM records in the Authenticated Domains section. An example is below. You must have the CNAME record published first before adding the TXT record.
Note, that you will probably want to add the quotes around the value. Most registrars should understand this. You would want to make sure they haven’t double-double-quoted the value (e.g. “”o=~””) If it causes an error, try without the quotes, and we will verify it.
Note that your particular system for DNS records may require trailing . dot after (Your From Domain). If not having the dot doesn’t work, try it with the trailing dot.
Creating a DMARC TXT record
You can find the DMARC records in the Authenticated Domains section. An example is below. You must have the CNAME record published first before the other records appear.
Value: v=DMARC1; p=none; rua=mailto:dmarc@your_domain.com
Note that your particular system for DNS records may require the trailing dot after (Your From Domain). If not having the dot doesn’t work, try it with the trailing dot.
Creating an SPF TXT record
You can find the SPF records in the Authenticated Domains section. You must have the CNAME record published first before the other records appear. Add this text record to your DNS – or update your SPF record to include our MTAS
Value: v=spf1 mx include:mtas.emaildeliveryhq.com ~all
IMPORTANT: If an existing SPF record is already in your DNS simply append the “include:mtas.emaildeliveryhq.com” before ~all and save the record
Forward the DMARC Reports (Optional)
Create a mail forward for dmarc@your_domain.com
If you need to change this mailbox name, that’s fine, just be sure to switch the “rua” property in (Part 3) above. If you want to forward it to multiple people, that’s fine too, but we would appreciate getting a copy at the above address so that we can confirm everything is set up and continue to function properly.
Test DNS Records
Changes to DNS records can take up to 24hrs or more. If your tests are not working, wait 1 hour and try again.
Once you have added an Authenticated Domain, you’ll see it listed in a new section under Authenticated Domains. Select Test DNS Records for the domain you want to test. The test will indicate if the DKIM, DMARC, and SPF records have been configured correctly.
If all records are setup correctly you’ll see a green checkmark at the top of the results.
For each record, red indicates that there’s an issue with that DNS record. Look at the output of the test for the cause of the error. Green indicates that the record is correct.
If you can’t seem to get this to work, contact support for assistance.