Email domain authentication isn’t just about security – it’s also about ‘deliverability’. By putting DKIM and SPF records in place and authenticating your emails, you can protect your brand and help your emails successfully reach the inbox.
Authenticating your email domain will not only protect your domain from being used for fraudulent, spam or spoofing purposes, but it will also build your trust and reputation score with the major ISPs, translating directly into greater deliverability success - and ultimately even better email campaign results!
Steps to authenticate your sender domain:
*This step should be done by your IT team/domain hosting unless you are responsible for this in your company.
STEP 1 — Add a Sender Domain
You can set up domain authentication in your account, in the section Email Authentication.
Click Add a domain in the right side of the page:
A pop-up screen will appear and you will need to enter the domain for authentication.
Already added DomainKeys for this domain - check this box if you have added any of the records to your DNS hosting service already. This can happen if you have this domain authenticated in another Mailigen account already.
Click the blue Get DNS records button to continue.
STEP 2 — Copy SPF, DKIM, and DNS verification record values
After entering the domain, a page with three entries will appear - DKIM, SPF, and DNS verification.
You will see a TXT Name and TXT value for each record. You can copy each of them by clicking on the Copy to clipboard option.
When that’s done, forward the records to the people responsible for making changes to your domain’s DNS. This is usually the IT team or your domain hosting service provider.
STEP 3 — Setup SPF, DKIM and DNS verification records for your domain
This step is done outside the Mailigen platform and it will require you to access and update the DNS settings in your web hosting service account dashboard - for example, GoDaddy, Bluehost, InMotion, HostGator, etc. This is usually done by your IT team or domain hosting service provider.
Here are some tips to keep in mind when adding the records to your DNS:
DKIM record
Exclude spaces or additional symbols for DKIM record
In some cases when a TXT value for DKIM is added, it can contain spaces. Always make sure that the record for insertion doesn't have any spaces. Sometimes host panels tend to add additional symbols like '' '', if you see that these symbols or any other symbols are added please delete them, to prevent any errors with the authentication process.
Check several TXT name options for DKIM
When adding a TXT name please check and try several combinations of the name. Every host panel is different, therefore they have mismatched settings for the TXT name.
For example, a DKIM name can be added in these ways:
Full entry: mg._domainkey.yourdomain.com.
Entry without a dot at the end: mg._domainkey.yourdomain.com
Entry without a domain: mg._domainkey.
SPF record
Make sure only one SPF record is added
This is a very common mistake, as most companies have authenticated their domain with other services as well. All SPF records must be combined into one record. When authenticating a domain with another service, their SPF records have to be integrated with the existing SPF record.
For example, you already have an SPF record:
v=spf1 mx ptr include:_spf.otherdomain.com ~all
Now you need to add a second SPF record. The combination of two should look like this:
v=spf1 mx ptr include:spf.example.com include:_spf.otherdomain.com ~all
Check local Name/ Host variations
Some hosting services (e.g. GoDaddy) only require you to add @ or www instead of copying the entire TXT name from Mailigen. If copying the TXT record from Mailigen results in an error, try one of these variations instead.
Here you can learn more about combining SPF records.
DNS record
Check local Name/ Host variations
Similarly to adding the SPF record, some hosting services (e.g. GoDaddy) only require you to add @ or www instead of copying the entire TXT name from Mailigen. If copying the TXT record from Mailigen results in an error, try one of these variations instead.
Validators
You can check if the records have been properly added by using validators.
SPF
https://dmarcian.com/spf-survey/
Possible problems:
- Record is not added
- More than one record is added
DKIM
https://dmarcian.com/dkim-inspector/
For selector selection use “mg”
Possible problem:
- Record is not added
DNS verification record
https://mxtoolbox.com/SuperTool.aspx#
Select TXT Lookup from the dropdown and click to proceed
Possible problem:
- Record is not added
What if Record is Not Found?
If the record is not found, but you have added it, please check your TTL value. It means “time to live” and it is the number of seconds it takes for the DNS server to check your records. By decreasing this value, records will distribute faster.
When the records have been successfully added, you can proceed to step 4.
STEP 4 — Verify your domain
After adding records to the domain zone, go back to your Mailigen Settings page where you received the entries and click the blue "Verify Records" button at the bottom of the page.
a) If everything is correct, the status of the records will change to Record is confirmed.
Authentication was successful if SPF, DKIM, Sender ID, and Verification were marked Verified. On the settings page a verified domain will look like this:
.png)
b) If you see an error message that indicates that DNS records are not found, then it could be that you didn't add records correctly to your host panel. You can check which records are added by testing your domain on one of DNS testing tools. In the event of unsuccessful authentication, return to step 3.
STEP 5 — Authenticating campaigns
When your domain is authenticated, you will have the option to authenticate your campaigns. You can learn how to authenticate a campaign here.
All email authentication starts with authenticating your domain. You need to allow your Email Service Provider (ESP), in this case, Mailigen, to send emails with permission from your domain hosting company.
These records tell your customer’s email servers that the marketing emails you’re sending are safe and from a trusted company.
Changes in your campaigns From line
-
If you have not authenticated your domain, your clients will receive your campaigns which "From" line will contain: "From Company X [info=deliverability.com@mlgnsrv.com] on behalf of Company X [info@deliverability.com]”.
-
But when you use our platform to send an email campaign and your own email address has been validated, your recipients will receive your email address shown in the “From” line, not our server domain. The result is the following line: "From: Company X [info@deliverablity.com]".
If you are still experiencing any troubles with your domain authentication please contact the support team at support@mailigen.com or use our chat widget on the right side of the page.