Setting Up Authentication
Creating great copy means nothing if your message doesn’t make it to your user. Although it’s not a sure-fire method (your copy and overall reputation matter as much, if not more), setting up authentication can help. Check out our authentication overview on our blog to know more about how it works.
Setting up Authentication
To get your authentication records (SPF & DKIM), you’ll want to go to the Email & Actions area of your Settings, and select Deliverability:
There, you’ll be able to configure the domain you want to authenticate and you’ll see the SPF and DKIM records you need to add to your DNS.
While we can’t walk you through specifically how to add the records, we’ve found some instructions for commonly used hosts:
- DNS Made Easy
- Dreamhost: SPF and DKIM
- Media Temple
- Network Solutions
Do I need to set up authentication if I’m using a custom SMTP?
No, in that case, you’ll add the records provided by your custom SMTP. If you want to brand your tracking links to use your domain rather than customeriomail.com, though, you can still add the domain ownership record and the CNAME record. The CNAME record alone won’t validate.
How do I verify my records are there?
On your email deliverability page, we’ll show you the verification status of any domains you’ve added, like this:
Note: Until you verify ownership of your domain we will not be able to send signed emails on that domain’s behalf. For example, emails from the address email@example.com can’t be signed until
mydomain.com has been verified.
How do I add another “From Address”?
If you want to add another domain, click on the From Addresses tab in your Email & Actions settings, and add a new address.
What if I already have an SPF record?
All you’ll need to do is add include:customeriomail.com to your existing record. For example, this:
v=spf1 include:_spf.google.com ~all
v=spf1 include:_spf.google.com include:customeriomail.com ~all
What if I don’t add the records? What happens?
Without the authentication records, your emails could be filtered as spam or blocked all together. Your recipients will also see a “via” or “on behalf of” message displayed in Gmail and Outlook:
Do I need to add both SPF and DKIM?
Ideally, yes. Some receiving servers only look for one type of authentication and adding both ensures you’ll comply with a server looking only for SPF or only for DKIM.
The SPF record is correct, but it’s not validating!
Make sure you’re using a TXT record as indicated in our instructions, not a SPF one. If the record is still not validated after 48 hours, get in touch and we’ll troubleshoot the issue for you :)
The CNAME record is correct, yet the checkmark remains red.
CloudFlare CNAME records won’t be validated if the HTTP proxy feature is enabled. Disable it and the record will go through correctly.
I’m getting an error in my DNS panel when trying to add the records, what can I do?
Underscores: Some hosts do not support underscores (
_) in DNS records, and adding the DKIM record can cause an error. The underscore is required and you’ll want to contact your host and check if if they can manually add the record for you, or if they disallow underscores entirely.
Semicolons: Some hosts require that you escape semicolons in records. If you’re getting an error try replacing
Will adding authentication affect my regular email?
No. The records are written specifically to allow our servers to send for you but not to disallow other servers.
My host doesn’t support TXT records. What do I do?
Often, a host won’t allow you to add records yourself, but will add them for you. As a first step we recommend you talk to your hosting company to see if they can help. If records are disallowed entirely, you’d need to:
- Go without authentication
- Switch your web host
- Host your DNS at a company separate from your web hosting.