For each domain that you want to send newsletters from, you can set up your own email authentication. To do this, you need access to edit the domain's DNS records through the domain registrar or DNS provider.
It can be tricky to set up your own records because every host handles DNS management differently. For this reason we can't provide step-by-step instructions, but our guide below will help. We also provide a list of instructions for some commonly used DNS providers.
Tip: Campaign Monitor provides email authentication for all clients by default, but managing your own authentication gives you control of your sender reputation. By managing your own authentication, only the emails that you send will affect deliverability for your domain.
On this page:
Setting up your own email authentication
The following guide will assist you with editing your DNS records. Before you start, check that the DNS provider supports TXT records.
Step 1. Generate the TXT records to add to your DNS
From your Campaign Monitor account, open Client Settings for the relevant client then click Authentication Settings in the right sidebar.
Below the option to "manage my own authentication", click Add a sending domain.
On the following page, enter the domain you plan on using as the "From" address for each campaign the client sends. For example, if you want to send emails from firstname.lastname@example.org, enter abcwidgets.com as shown here:
Alongside the Domain field is a checkbox labelled: "I want to manually enter my own DKIM details for this domain". This means, if you already have DKIM set up, we can authenticate any emails you send through this system. Just select the checkbox, enter your DKIM details, and we'll do the rest.
Otherwise, click the Generate DNS records button. This will create two records, as shown below, that you need to add to the DNS for your sending domain.
The records generated are DKIM and Sender ID. We recommend adding them both to make sure you're covered by all of the major ISPs.
Leave this page open. You will need to copy and paste the records to complete step two.
Note: SPF records are automatically set up for all clients in the Campaign Monitor DNS. If you already have your own SPF record, just add include:cmail1.com to it. For example:
v=spf1 mx a include:exampledomain.com include:cmail1.com ~all
Step 2. Add the TXT records to your DNS
We can't tell you exactly what to do in this section of the guide because different DNS hosts use different names to reference TXT records, and some require record values to be entered differently.
What you need to do, though, is add new TXT records to your DNS which contain the unique TXT values generated for DKIM and Sender ID in step one. To assist you, we've collected a list of instructions for modifying DNS records from some commonly used domain hosts.
Step 3. Tell Campaign Monitor you've added the records
After you've added the TXT records to your DNS, click the button in your Campaign Monitor account labeled: I've added these records, please verify them (see the last screen capture in step one).
We will then check your records to make sure they've been added correctly. It can take a few minutes, hours or sometimes even a few days for DNS records to be updated. If our servers don't see them right away, we'll keep checking and notify you by email when it's done.
When both Sender ID and DKIM have been added correctly to your DNS, you will see your client's authenticated domain under Client Settings > Authentication Settings, as shown here:
Next time you set up an email campaign, you will be able to select the domain for the sender's "From" address:
Instructions for modifying DNS records
Updated: 01.10.13 | Below are links to instructions or TXT record information for commonly used DNS providers. If your host is not listed, browse some of the other examples as they may be similar to your DNS system.
- DNS Made Easy
- Dreamhost: SPF record and DKIM information
- Media Temple
- Melbourne IT
- Network Solutions
- My host won't let me modify my DNS, what should I do?
- My web host doesn't support domain keys, do I have to switch to one who does?
- Will adding domain keys (DKIM) to my DNS affect my regular email?
- My DNS records are still not verified in my account, what should I do?
- I get an error when trying to add the DKIM record, what does it mean?
My host won't let me modify my DNS, what should I do?
There are quite a few web and DNS hosts that won't let you modify your own DNS records, but many will add authentication records for you. We've had plenty of customers in this situation who have contacted their provider to get it done.
Note: You don't have to add your own DNS records to send authenticated campaigns. The default option is to have us authenticate emails for you using our TXT records and sending domains.
My web host doesn't support domain keys, do I have to switch to one who does?
Not necessarily. Instead, you can switch DNS providers. Usually DNS records are hosted by the same people who host your site, but it doesn't have to be that way. Services like DNS Made Easy, ZoneEdit, and easyDNS let you host DNS records, without changing web hosting.
This can be both faster and safer than hosting DNS and website together. It gives you more flexibility and makes changing web hosts easier.
Will adding domain keys (DKIM) to my DNS affect my regular email?
This won't be a problem. We format your domain key record to indicate that not all email sent using that domain will be authenticated. This means you'll get improved deliverability for Campaign Monitor campaigns, and your regular emails will not be affected.
My DNS records are still not verified in my account, what should I do?
DNS record changes can take a while to propagate, sometimes more than 24 hours. If the records have not been verified after a couple of days it may be because they were not added correctly.
The first step in troubleshooting is to check if the DNS records have propagated. You can use a third party DNS testing tool like EmailStuff to do this. At the website, click DNS and enter the domain name you are trying to verify into the hostname TXT field, for example:
If no record is found, check the TTL value in your DNS. This value – the "time to live" – is the number of seconds DNS servers will cache your record for. Lowering the value will make the record propagate faster.
If the records are still not showing up, you'll need to contact your DNS host to follow up. If they report that it looks okay, then contact our support team who will look into it for you. Please let us know the domain name you are trying to verify so we can help you faster.
I get an error when trying to add the DKIM record, what does it mean?
Errors when trying to add a record to your DNS can be caused by the provider requiring the record to be formatted differently, for example:
No support for underscores
Some DNS providers do not support underscores (_) in DKIM TXT records. Check with your provider to see if they allow underscores.
If they don't, you will need to consider changing DNS hosts because Campaign Monitor DKIM TXT records contain an underscore: cm._domainkeys.yourdomain.com
Escape the semicolons
Semicolons can also be the cause of formatting errors. Some DNS control panels require you to escape the semicolons in your record. Try replacing
\; to see if it resolves the problem.