Domain authentication is crucial to successful email sending.
Note: This feature is in Beta mode. If you need additional help with this functionality, please reach out to our technical support team.
To get started, hover over the left side bar, then select Settings. Under Settings, select All Settings.
From there, select the Connectivity tab, and then press the Verify Identity button under 'Email Sender Identity.'
This will take you to a page where you can see tabs for Domain Authentication and Link Branding. Make sure you are on the Domain Authentication tab.
Go to the Actions button in the upper right and then select Authenticate Your Domain.
Step 1: To Use Branded Links or Not
You can authenticate your domain with or without branded links. Link branding rewrites all of your tracking links to use the domain you choose, which can further improve email deliverability.
Select the 'Yes' or 'No' radio button to determine if you would like to move forward with or without this step.
If you select 'Yes,' you will see the option to enter your custom link subdomain in Step 3: Advanced Settings.
If you select 'No,' no further action would be needed here.
Step 2: Enter Your Domain
This would be the domain name that would show who emails are sent from. If you included branded links, those links would also be shown from this domain. As you type out your domain, you will see a visual displaying how an email from your domain might look.
Here are a couple things to keep in mind when entering your domain:
- Do not include www or http://www in your domain name.
- Your domain needs to match the domain of your 'from' address on the emails you send.
- For example: If you use the domain example.savetheunicorns.org, you would set your link branding domain to be savetheunicorns.org.
- If you have a GoDaddy domain: Do not include the .domain.com portion of the record in your domain name. This is because GoDaddy automatically adds the domain name to the CNAME record, so entering the domain name in this stage will duplicate it and fail authentication.
- For example: Instead of adding 1234.savetheunicorns.org, simply add 1234.
- If you enter 1234.savetheunicorns.org, it will actually be added as 1234.savetheunicorns.org.savetheunicorns.org, which will lead to failed authentication.
Step 3: Advanced Settings
Depending on additional rules you want to set for authentication, you can check the box next to any of these options:
'Use Custom Link Subdomain': When you select 'Yes' from Step 1 and check this box, a text field will appear where you can enter your custom link subdomain. Keep in mind that the same domain used for authentication will be used for these links.
This will override the link subdomain we create that tells mailbox providers where to find your SPF and DKIM records.
'Use Custom Return Path': When you check this box, a text field will appear where you can enter your return path.
Here, you can enter letters or numbers to build a custom return-path, which is another way to help email deliverability and sender reputation by providing a separate location for processing bounced emails as part of a Sender Policy Framework (SPF). This will override the return path we create that tells mailbox providers where to find your SPF and DKIM records, and these providers can use this to decide how or if they want to filter your emails.
'Use Custom DKIM Selector': When you check this box, a text field will appear where you can enter your DKIM selector. If the "s" DKIM selector is already in use by another service, you can use one of your choosing. Here, you need to input three letters or numbers to build a custom subdomain.
DomainKeys Identified Mail (DKIM) is one of two authentication methods that can prevent email spoofing.
'Use Automated Security': If you check this box, no further entry is needed. When this is enabled, Virtuous generates CNAMES that point to a domain we control. It also automatically rotates your DKIM keys so that they are impossible to break. Essentially, it generates DKIM and SPF records for you and allows you to add a dedicated IP address or update your account without having to update your DNS records.
When you've configured all your rules, press the Authenticate button in the lower right of the modal.
Install DNS Records
Virtuous has now generated a series of CNAME records for you to add to the Domain Name System (DNS) section of your DNS host (the service that hosts your domain name, e.g., GoDaddy, Rackspace, or Cloudflare). Each record is an alias for subdomain.yourdomain.com that points to sendgrid.net. If you included a custom return path and/or custom DKIM selector in the previous screen, you will notice that these are each included in a host link.
If you included branded links in the previous screen, you will see these as well - the value for these records will show as 'sendgrid.net.'
If you check the box next to "Use as Default Domain," this will be used for all sending on your account, unless you have multiple authenticated domains and one of them matches your FROM email domain.
After reviewing these, press the Verify button in the lower right of the modal.
Reviewing Your Records
Unless verification fails, you will be returned to the Domain Authentication screen where you can see all of the domains you have attempted to verify with their respective verification statuses. You will also be able to edit or delete these entries.
You can also go to the Link Branding tab to view all of your branded links, including those generated during Step 3 while authenticating your domain.
What each status means:
- Verified: Your records have been successfully implemented in the DNS section of your DNS host and your domain is authenticated!
- Pending: This can mean one of two things:
- Your records have been generated by Virtuous, but have not been implemented in the DNS section of your DNS host, OR
- Your records have been generated and implemented in the DNS section of your DNS host, but your domain is not officially authenticated yet.
Keep in mind that it may take up to 48 hours for the records to verify after you've implemented them into your DNS host.
- Failed: The record failed to authenticate.
Creating Branded Links Separately
While you can create branded links using the same domain you wish to authenticate, you can also create branded links using a different domain that **has already been authenticated**.
If you would like to create branded links outside of standard authentication, go to the Actions button in the upper right and then select Brand Your Links.
There, you will be able to enter the domain from which you want to send.
Under Advanced Settings, check the box next to 'Use Custom Link Subdomain' and then a text field will appear where you can enter your custom link subdomain.
Now that you've authenticated your domain, be sure to check out this article for additional tips on best email sending practices, then get started with creating emails!