If you send emails using the Email app on Marketing 360®, it is required that you authenticate your sending domain (the domain name that is attached to the email address where you send emails from). This allows receiving mail servers to verify that the emails were authorized by the owner of the domain name, and have not been tampered with.

To authenticate your domain, you will need to make changes within your Marketing 360® Email dashboard and your domain registrar that hosts your sending domain.

1. Set up a new sending domain
2. Add the TXT record in your domain registrar
3. Add the DMARC code in your domain registrar
4. Add a SPF record in your domain registrar

Set up a new sending domain

First, you will set up a sending domain in your Marketing 360® Email app.

1. Set up the domain you want to send from in your web host.
2. In the Email app, click the Settings tab in the top left.
3. Click Sending Domains under Email Marketing Settings.
4. Click Add domain. 
5. In the Domain field, enter a fully qualified domain name, for example, mail.example.com. Authenticating a second level domain (for example, example.com) will not authenticate its subdomains. Once you have entered your domain, Continue. 

The records you'll need to add in the following steps can be found by clicking on the ellipsis to the right of the domain you're adding under View details.

Add the TXT record in your domain registrar

1. Create a new DNS record, and set the type to TXT.
2. Copy the Name/host field to paste into the corresponding field in your DNS. For the TXT name/host, what you enter depends on your DNS host. Some require you to enter the full cm._domainkey.mail.example.com, others only need the cm._domainkey part.
3. Copy and paste the TXT record in the Value box into the appropriate field in your DNS.
4. Copy and paste the TTL into your DNS. We have set the default at the minimum value of 300, which corresponds to the time it will take to validate the domain (300 seconds or 5 minutes), though your system or IP may require a higher value (for example the minimum for GoDaddy is 600).
5. Once you have added the records into your DNS, go back into your Marketing 360® Email dashboard and click Authenticate now at the bottom of the screen. 

Note: Each domain registrar has different settings for adding DNS records, so we are unable to provide support on navigating their platform. If you hit any roadblocks, then you can contact your domain registrar's support team, and reference the steps in this article.

You will see a confirmation message once the domain has been successfully authenticated. The next time you create an email campaign, you will be able to select your authenticated domain when defining the sender.

Add the DMARC code in your domain registrar

Once you have verified your DKIM setup, the next step is to ensure that your sending domain also has a valid DMARC record.

The domain you're setting up may already have a record beginning with _dmarc. If so, you should probably skip this step. Any valid existing DMARC configuration is acceptable, and making changes to an existing record could have dangerous consequences to your organization's email ecosystem.

You can check that what's there is valid with a tool like EmailStuff validator if you're not certain. As with all technical things, get assistance if needed.

If you do not have a DMARC record, the one we are suggesting is the minimal valid record. It is safe to add without having any adverse impact on any of your organization's mail, and will be useful for establishing the legitimacy of the email you're sending.

1. Login to your domain registrar.
2. Create a new DNS record, and set the type to TXT.
3. Type _dmarc into the name field. Some require you to enter the full cm._domainkey.mail.example.com, others only need the cm._domainkey part.
4. Copy this code exactly into the value field: v=DMARC1; p=none;
5. Set a TTL value of at least 300 seconds (some hosts may require a higher value like 30 minutes).
6. Save the new DMARC record.
7. You can wait a few minutes and check your new record in a validator like EmailStuff.

Note: Each domain registrar has different settings for adding DNS records, so we are unable to provide support on navigating their platform. If you hit any roadblocks, then you can contact your domain registrar's support team, and reference the steps in this article.

Add a SPF record in your domain registrar

The final step in the authentication process is to add an SPF record for your sending domain. This is optional, but still a recommended action to provide receiving servers further evidence of the legitimacy of the mail you're sending through our servers.

The process depends on whether you already have an SPF record in place. To determine that, you can use the EmailStuff SPF checker or just look for a record on your sending domain that contains "v=spf1".

These steps assume you are already logged into your DNS host.

If you have an SPF record already:

1. Add include:_spf.createsend.com immediately after the "v=spf1" in the existing record. Make sure you include a space.
2. Save the record and recheck (you may need to wait until the time indicated by the TTL passes).

If you do not have an SPF record:

1. Create a new DNS record, and set the type to TXT.
2. Type @ into the name field, or leave it blank, depending on the requirements of your domain registrar.
3. Copy this code exactly into the value field: v=spf1 include:_spf.createsend.com ~all
4. Set a TTL value of at least 300 seconds (some hosts may require a higher value like 30 minutes).
5. Save the new SPF record.
6. You can wait a few minutes and check your new record in a validator like EmailStuff.