Skip to main content
All CollectionsMiscellaneous
Domain Authentication
Domain Authentication

Setting up domain authentication is crucial for improving email deliverability.

Updated over a week ago

Domain authentication is essential for ensuring that your marketing emails reach your audience’s inboxes and not their spam folders. By setting up a custom marketing domain, you can significantly improve email deliverability and present your messages as branded communications from your company. This guide will walk you through the process of domain authentication, using GoDaddy as an example for domain and DNS management.

Before you begin:

Ensure you have:

  1. A domain name that you own and want to use for configuring a custom marketing domain

  2. Access to make changes to the DNS configuration for that domain - this may or may not be with the domain registrar.

  3. Depending on your company, this may require involvement from your IT or tech team

Step 1: Accessing Your Email Platform’s Domain Authentication Feature

  1. Log into your email marketing platform or service provider (e.g., Bonzo).

  2. Navigate to the email settings and look for the “Domain Authentication” section.

  3. By default, you might not see any domains listed. Look for an option to “Add a Domain.”

Step 2: Preparing Your Domain

  1. Ensure you have a domain ready for use. For domain authentication, you cannot use your primary domain directly (e.g., yourcompany.com) but will set up a subdomain (e.g., mail.yourcompany.com).

  2. Decide on the subdomain you will use for email marketing purposes. Common choices include “mail,” “marketing,” or “outreach.”

Custom DKIM Selector is an optional field that does not need to be specified unless required based on your domain setup.

Step 3: Configuring DNS Records

After specifying your subdomain and clicking Save, Bonzo will provide a set of DNS records that need to be added to the DNS configuration for your domain. Two of these records are needed for DKIM and are generated by the mail service being used here, SendGrid. Those records have a default prefix and are not subdomain specific, so if your company has already connected SendGrid to the root domain being used, there may be conflicting records. The default records will have the following format:

s1._domainkey.{domain}.{extension} and s2._domainkey.{domain}.{extension}.

Check your DNS configuration ahead of time to see if records already exist with these hostnames and, if so, use the Custom DKIM Selector field to specify a different prefix to avoid conflicts.

Next…

  1. Log into your domain registrar’s dashboard (i.e. GoDaddy).

  2. Navigate to the DNS management section for your domain.

From the Domain Authentication screen, you will be presented with a set of five DNS records that need to be added to the DNS configuration for your domain. Steps below provide an example of creating these DNS records in GoDaddy, but these steps will vary slightly depending on the DNS service being used for your domain

The following are the types of DNS records that you will need to add to the DNS configuration of your domain:

  • CNAME Records: For connecting your subdomain to the email service provider and setting up DKIM

  • TXT Records: Used for configuring additional validation measures that help mail systems verify your emails’ legitimacy: SPF and DMARC

DNS changes directly affect the behavior of your domain, so your DNS provider may require secondary authentication before saving changes. In this cases, ensure that you have access to the account and any accounts or devices used for multi-factor authentication.

Adding DNS Records

  1. Select the option to Add New Record

  2. Choose the appropriate record type: CNAME and TXT are the two types used here

  3. Copy the Host and Points to values from Bonzo and paste them into the DNS console. Note: your DNS configuration may or may not require the full value provided for Host depending on the provider (in some cases you may need to remove the root domain and extension from the Host value).

  4. Repeat this process for each of the records provided in the Bonzo Domain Authentication screen

Step 4: Verifying Domain Authentication

  1. After adding and verifying all necessary DNS records, return to Bonzo and proceed with the domain verification process.

  2. Check the box acknowledging that you've "added these records" and click “Verify."

This verification process takes some time. Please keep the page / tab open and running in the background until it has completed.

Step 5: Attach Emails to Team Members in Bonzo

Domain Authentication is completed by the top level user, i.e. Super User or Team Lead. Once completed, they can attach emails to other team members within their account using the new authenticated domain address.

  1. In the "Domain Authentication" tab in Bonzo, click on "Options" and "Custom Emails." This is where you will see all the other team seats in your account.

  2. Scroll down on the list and locate the team members you would like to update.

  3. Use the drop down tab on the right to choose the new authenticated domain address. Use the field on the left to type in a unique identifier for that team member (i.e. brett@mail.bonzo.com)

Please be aware: many email providers now provide protection against email "spoofing." If you are sending test emails to your own email server (an inbound email from an address that looks like it comes from one of the users in the organization), the email provider might block the message entirely or provide a warning message that looks like this:

Best Practices and Troubleshooting

  • Propagation Time: DNS changes can take some time to propagate across the internet. While this used to take 24-48 hours, it’s usually much quicker now, especially with providers like GoDaddy.

  • Subdomain Use: Using a subdomain specifically for email marketing helps isolate your marketing efforts from your main domain activities, improving deliverability and reducing the risk of being marked as spam.

  • Verification Issues: If you encounter issues with verification, double-check the DNS records for accuracy. Consider reaching out to your domain registrar or DNS provider for assistance if problems persist.

Helpful Definitions

DMARC: Domain-based Message Authentication, Reporting, and Conformance is an email validation system designed to identify and thwart email spoofing, a technique commonly employed in phishing and email spam. This system plays a crucial role in countering deceptive practices by detecting emails with falsified sender addresses, aiming to create a barrier against fraudulent messages that masquerade as legitimate communications from reputable organizations.

Learn more about DMARC - https://dmarc.org/overview/

DKIM: DomainKeys Identified Mail is a protocol, similar to DMARC, that allows an organization to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify.

Lean more about DKIM - https://www.dkim.org/

SPF: Sender Policy Framework serves as an email authentication method that aids in the recognition of authorized mail servers for a specific domain. This technique enables Internet Service Providers (ISPs) to distinguish emails sent by potential spoofers, scammers, or phishers attempting to distribute malicious content under the guise of a company or brand's domain.

Learn more about SPF - https://support.google.com/a/answer/33786?hl=en

Additional Links:

Cloudflare Docs: Manage DNS Records

Amazon Route 53: Creating Records

Network Solutions: Manage DNS

​Domain.com: Update DNS​

Did this answer your question?