Email Domain Authentication: A simple step-by-step guide to success

Last Updated: May 05 2021 10:53 am UTC

Email domain authentication isn’t just about security – it’s also about ‘deliverability’. By putting DKIM and SPF records in place and authenticating your emails, you can protect your brand and help your emails successfully reach the inbox.

Authenticating your email domain will not only protect your domain from being used for fraudulent, spam or spoofing purposes, but it will also build your trust and reputation score with the major ISPs, translating directly into greater deliverability success - and ultimately even better email campaign results!

Steps to authenticate your sender domain:

STEP 1 — Add a sender domain to your Mailigen account.
STEP 3 — *Go to your domain hosting website's Settings page to Setup SPF, DKIM and DNS verification records for your domain. Paste the copied record values from your Mailigen account and Publish them to your DNS hosting service.
STEP 4 — After your records are published, go to your Mailigen Settings section and Verify your domain.

*This step should be done by your IT team/domain hosting unless you are responsible for this in your company.

STEP 1 — Add a Sender Domain

You can set up domain authentication in your account, in the section Email Authentication.

Note: If you already have a domain added, proceed to step 2.

Click Add a domain in the right side of the page:

A pop-up screen will appear and you will need to enter the domain for authentication.

Note: To authenticate your domain correctly you must enter only the name of your domain without "www". Correct: Wrong:

Already added DomainKeys for this domain - check this box if you have added any of the records to your DNS hosting service already. This can happen if you have this domain authenticated in another Mailigen account already.

Click the blue Get DNS records button to continue.

STEP 2 — Copy SPF, DKIM, and DNS verification record values

After entering the domain, a page with three entries will appear - DKIM, SPF, and DNS verification.

Note: If the records have already been added to your domain’s DNS, proceed to step 4.

You will see a TXT Name and TXT value for each record. You can copy each of them by clicking on the Copy to clipboard option.
When that’s done, forward the records to the people responsible for making changes to your domain’s DNS. This is usually the IT team or your domain hosting service provider. 

STEP 3 — Setup SPF, DKIM and DNS verification records for your domain

This step is done outside the Mailigen platform and it will require you to access and update the DNS settings in your web hosting service account dashboard - for example, GoDaddy, Bluehost, InMotion, HostGator, etc. This is usually done by your IT team or domain hosting service provider.

Here are some tips to keep in mind when adding the records to your DNS:

DKIM record

Exclude spaces or additional symbols for DKIM record

In some cases when a TXT value for DKIM is added, it can contain spaces. Always make sure that the record for insertion doesn't have any spaces. Sometimes host panels tend to add additional symbols like '' '', if you see that these symbols or any other symbols are added please delete them, to prevent any errors with the authentication process.

Check several TXT name options for DKIM
When adding a TXT name please check and try several combinations of the name. Every host panel is different, therefore they have mismatched settings for the TXT name.

For example, a DKIM name can be added in these ways:

Full entry:
Entry without a dot at the end:
Entry without a domain: mg._domainkey.

SPF record

Make sure only one SPF record is added

This is a very common mistake, as most companies have authenticated their domain with other services as well. All SPF records must be combined into one record. When authenticating a domain with another service, their SPF records have to be integrated with the existing SPF record.

For example, you already have an SPF record:
v=spf1 mx ptr ~all

Now you need to add a second SPF record. The combination of two should look like this:
v=spf1 mx ptr ~all

Check local Name/ Host variations

Some hosting services (e.g. GoDaddy) only require you to add @ or www instead of copying the entire TXT name from Mailigen. If copying the TXT record from Mailigen results in an error, try one of these variations instead.

Here you can learn more about combining SPF records.

DNS record

Check local Name/ Host variations

Similarly to adding the SPF record, some hosting services (e.g. GoDaddy) only require you to add @ or www instead of copying the entire TXT name from Mailigen. If copying the TXT record from Mailigen results in an error, try one of these variations instead.


You can check if the records have been properly added by using validators.

Possible problems: 

For selector selection use “mg
Possible problem:

  • Record is not added

DNS verification record
Select TXT Lookup from the dropdown and click to proceed
Possible problem:

  • Record is not added

What if Record is Not Found?

If the record is not found, but you have added it, please check your TTL value. It means “time to live” and it is the number of seconds it takes for the DNS server to check your records. By decreasing this value, records will distribute faster. 

When the records have been successfully added, you can proceed to step 4.


STEP 4 — Verify your domain

After adding records to the domain zone, go back to your Mailigen Settings page where you received the entries and click the blue "Verify Records" button at the bottom of the page.


a) If everything is correct, the status of the records will change to Record is confirmed.

Authentication was successful if SPF, DKIM, Sender ID, and Verification were marked Verified.  On the settings page a verified domain will look like this:

b) If you see an error message that indicates that DNS records are not found, then it could be that you didn't add records correctly to your host panel. You can check which records are added by testing your domain on one of DNS testing tools. In the event of unsuccessful authentication, return to step 3.

STEP 5 — Authenticating campaigns

When your domain is authenticated, you will have the option to authenticate your campaigns. You can learn how to authenticate a campaign here.
All email authentication starts with authenticating your domain. You need to allow your Email Service Provider (ESP), in this case, Mailigen, to send emails with permission from your domain hosting company.
These records tell your customer’s email servers that the marketing emails you’re sending are safe and from a trusted company.

Changes in your campaigns From line

  • If you have not authenticated your domain, your clients will receive your campaigns which "From" line will contain: "From Company X [] on behalf of Company X []”.

  • But when you use our platform to send an email campaign and your own email address has been validated, your recipients will receive your email address shown in the “From” line, not our server domain. The result is the following line: "From: Company X []".

If you are still experiencing any troubles with your domain authentication please contact the support team at or use our chat widget on the right side of the page.

Was this article helpful?
What can we do to improve articles like this?

© 2010-2020 Mailigen. All rights reserved.