Skip to main content

How Do I Authenticate My Domain for Sending Email and Create Branded Links?

Rachel Specht
  • Updated

The process of domain authentication allows you to verify that you are the owner of the website emails are being sent from. Domain authentication is crucial to successful email sending as it reduces the likelihood of your email blasts landing in recipients’ spam inboxes and builds trust with recipients as well as email providers. This article will walk you through the one-time process to confirm all authenticate your domain. Once complete, you will be able to send value-packed Marketing Emails using Virtuous CRM+ Marketing

Table of Contents 

  1. Identify Domain and Website Host
  2. Email Sender Identity
  3. Step 1: To Use Branded Links or Not
  4. Step 2: Enter Your Domain 
  5. Step 3: Advanced Settings
  6. Step 4: Embed DNS Records in Web Host
  7. Reviewing Your Records 
  8. Creating Branded Links Separately 
  9. Next Steps 

Identify Domain and Website Host

First, identify your domain and website host. Your domain is the name that will display as the sender, showing who emails are sent from. For example, if the email sender is Bob.Smith@Virtuous.Org, “Virtuous.Org” is the domain. A domain host manages your domain name and DNS records. Common domain hosts include:

  • GoDaddy
  • Cloudflare
  • HostGator
  • Hostinger

If you are unsure who your domain host is, navigate to WHOIS.com and search your domain (e.g. yourorgname.org). The domain registrar field will display your domain host.

Your website host is the platform that makes your webpage accessible online. Common website hosts:

  • GoDaddy
  • WordPress
  • Squarespace
  • Bluehost
  • Wix

If you are unsure of your website host, the WHOIS.com search can reveal the registrar, and sometimes directly the hosting provider, or if not, it will show the Name Servers that point to the hosting provider.

Email Sender Identity

Once you have your domain and web host information, you’re ready to authenticate. In CRM+, go to Settings, then select All Settings.

Settings_-_All_Settings.png

From there, select the Connectivity tab, and then press the Verify Identity button under 'Email Sender Identity.'

Email_Sender_Identity.jpg

This will take you to a page where you can see tabs for Domain Authentication and Link Branding. Ensure you are on the Domain Authentication tab. 

domain_authentication_tab.jpg

Select the Actions button in the upper right and then select Authenticate Your Domain

Actions_-_Authenticate_Your_Domain.png

Step 1: To Use Branded Links or Not

You can authenticate your domain with or without branded links. Link branding rewrites all of your tracking links to use the domain you choose, which can further improve email deliverability.

Select the 'Yes' or 'No' radio button to determine if you would like to move forward with or without this step.

Step_1.jpg

If you select 'Yes,' you will see the option to enter your custom link subdomain in Step 3: Advanced Settings.

If you select 'No,' no further action would be needed here.

Step 2: Enter Your Domain

Enter the domain you will send emails from. If you included branded links, those links would also be shown from this domain. As you type, you will see a visual displaying how the email sender might look when sending an email.

Step_2.jpg

Important Formatting Details

  • Do not include “www” or “http://www” in your domain name.
  • Your domain needs to match the domain of your 'from' address on the emails you send.
    • Example: If you use the domain “example.savetheunicorns.org,” set your link branding domain to be “savetheunicorns.org.”

Step 3: Advanced Settings

Depending on additional rules you want to set for authentication, you can check the box next to any of these options:

  • 'Use Custom Link Subdomain': When you select 'Yes' from Step 1 and check this box, a text field will appear where you can enter your custom link subdomain.
  1.  
    1. Keep in mind that the same domain used for authentication will be used for these links.
    2. This will override the link subdomain we create that tells mailbox providers where to find your SPF and DKIM records.
  • 'Use Custom Return Path': When checked, a text field will appear where you can enter your return path.
  1.  
    1. Here, you can enter letters or numbers to build a custom return-path, which is another way to help email deliverability and sender reputation by providing a separate location for processing bounced emails as part of a Sender Policy Framework (SPF). This will override the return path we create that tells mailbox providers where to find your SPF and DKIM records, and these providers can use this to decide how or if they want to filter your emails.
  • 'Use Custom DKIM Selector': When checked, a text field will appear where you can enter your DKIM selector. If the "s" DKIM selector is already in use by another service, you can use one of your choosing. Here, you need to input three letters or numbers to build a custom subdomain.
  1.  
    1. DomainKeys Identified Mail (DKIM) is one of two authentication methods that can prevent email spoofing.
    2. If your organization already has a CNAME for SendGrid, using a DKIM with the three letters “VIR” is recommended so avoid creating a duplicate SendGrid CNAME in your domain host.
  • 'Use Automated Security': If you check this box, no further entry is needed. When this is enabled, Virtuous generates CNAMES that point to a domain we control. It also automatically rotates your DKIM keys so that they are impossible to break. Essentially, it generates DKIM and SPF records for you and allows you to add a dedicated IP address or update your account without having to update your DNS records.

When you've configured all your rules, select Authenticate in the lower right of the modal.

Step 4: Embed DNS Records in Web Host

Virtuous has now generated a series of CNAME records for you to add to the Domain Name System (DNS) section of your web host (the service that hosts your domain name, e.g., GoDaddy, Rackspace, or Cloudflare). Each record is an alias for “subdomain.yourdomain.com” that points to SendGrid.net. If you included a custom return path and/or custom DKIM selector in the previous screen, you will notice that these are each included in a host link. Note: If your DNS Record does not display immediately, refresh your page. You should see them listed afterward.

CNAMES_1.jpg

If you included branded links in the previous screen, you will see these as well - the value for these records will show as 'sendgrid.net.'

CNAMES_2.jpg

If you check the box next to Use as Default Domain, this will be used for all sending on your account, unless you have multiple authenticated domains and one of them matches your FROM email domain.

Once you’ve created these CNAMES, you will need to embed these codes in your web host to establish the connection. Depending on the web host provider, this process may look different. Formatting details may vary depending on your specific domain. Refer to the list below for domain-specific guidance:

GoDaddy

  • Do not include the .domain.com portion from the generated CNAME into the Host field in GoDaddy. GoDaddy automatically adds the domain name to the CNAME record, so entering the domain name in this stage would duplicate it and fail authentication.
    • Example: Instead of adding 1234.savetheunicorns.org from the CNAME into the GoDaddy Host field, simply add 1234. If you enter 1234.savetheunicorns.org, it will actually be added as 1234.savetheunicorns.org.savetheunicorns.org, which will lead to failed authentication.

Cloudflare

  • When completing your authentication your DNS MUST be included or the record will fail. The screenshot below shows how this is displayed in Cloudflare. cloudfare.png

After reviewing and embedding each of CNAMEs in your web host, navigate back to CRM+ and select the Verify option in the lower right of the modal.

Reviewing Your Records

Unless verification fails, you will be returned to the Domain Authentication screen where you can see all of the domains you have attempted to verify with their respective verification statuses. You will also be able to edit or delete these entries.

You can also go to the Link Branding tab to view all of your branded links, including those generated during Step 3 while authenticating your domain.

What each status means:

  • Verified: Your records have been successfully implemented in the DNS section of your DNS host and your domain is authenticated!
  • Pending: This can mean one of two things:
    • Your records have been generated by Virtuous CRM+, but have not been implemented in the DNS section of your DNS host, OR
    • Your records have been generated and implemented in the DNS section of your DNS host, but your domain is not officially authenticated yet. Keep in mind that it may take up to 48 hours for the records to verify after you've implemented them into your DNS host.
  • Failed: The record failed to authenticate.

Creating Branded Links Separately

While you can create branded links using the same domain you wish to authenticate, you can also create branded links using a different domain that has already been authenticated.

If you would like to create branded links outside of standard authentication, go to the Actions button in the upper right and then select Brand Your Links

Actions_-_Brand_Your_Links.png

There, you will be able to enter the domain from which you want to send.

Brand_links.jpg

Under Advanced Settings, check the box next to Use Custom Link Subdomain and then a text field will appear where you can enter your custom link subdomain.

custom_link_subdomain.jpg

Next Steps

Now that you've authenticated your domain, be sure to check out the articles linked below for additional guidance regarding managing spam thresholds and creating emails! 

How Do I Build an Email? 

Email Spam Threshold and Good Sending Practices 

Related articles