How do I add DKIM records to my DNS?

For each domain that you want to send newsletters from, you can set up your own email authentication. To do this, you need access to edit the domain's DNS records through the domain registrar or DNS provider.

It can be tricky to set up your own records because every host handles DNS management differently. For this reason we can't provide step-by-step instructions, but our guide below will help. We also provide a list of instructions for some commonly used DNS providers.

Tip: We provide email authentication for all clients by default, but managing your own authentication gives you control of your sender reputation. By managing your own authentication, only the emails that you send will affect deliverability for your domain.

On this page:

Setting up your own email authentication

The following guide will assist you with editing your DNS records. Before you start, check that your DNS provider supports TXT records.

Step 1. Enter the domain for your "From" address

From your Campaign Monitor account, open Client Settings for the relevant client then click Authentication Settings in the right sidebar.

Below the option to "manage my own authentication", click Add a sending domain.

On the following page, enter the domain you plan on using as the "From" address for each campaign the client sends. For example, if you want to send emails from, enter as shown here:

Alongside the Domain field is a checkbox labelled: "I want to manually enter my own DKIM details for this domain". This means, if you already have DKIM set up, we can authenticate any emails you send through this system. Just select the checkbox, enter your DKIM details, and we'll do the rest.

Otherwise, click the Generate DNS records button.

Step 2. Add the DKIM record to your DNS

A DKIM record will be generated for you, like the example pictured below. It contains a unique TXT value that needs to be added to your DNS.

We can't tell you exactly what to do in this section of the guide because different DNS hosts use different names to reference TXT records, and some require record values to be entered differently.

To assist you, we've collected a list of instructions for modifying DNS records from some commonly used domain hosts.

Step 3. Tell Campaign Monitor you've added the record

After you've added the TXT record to your DNS, click the button in your Campaign Monitor account labeled: I've added the record, please verify it (see the screen capture above).

We will then check to make sure the record has been added correctly. It can take a few minutes, hours or sometimes even a few days for DNS records to be updated. If our servers don't see it right away we'll keep checking and notify you by email when it's done.

When the record has been added correctly, you will see your client's authenticated domain under Client Settings > Authentication Settings, as shown here:

Note: SPF records are automatically set up for all clients in Campaign Monitor's DNS records. If you already have your own SPF record, just add to it. For example:

v=spf1 mx a ~all

Next time you set up an email campaign, you will be able to select the domain for the sender's "From" address:

Instructions for modifying DNS records

Updated: 28 March 2015 | Below are links to instructions or TXT record information for commonly used DNS providers. If your host is not listed, browse some of the other examples as they may be similar to your DNS system.


My host won't let me modify my DNS, what should I do?

There are quite a few web and DNS hosts that won't let you modify your own DNS records, but many will add authentication records for you. We've had plenty of customers in this situation who have contacted their provider to get it done.

Note: You don't have to add your own DNS records to send authenticated campaigns. The default option is to have us authenticate emails for you using our TXT records and sending domains.

My web host doesn't support domain keys, do I have to switch to one who does?

Not necessarily. Instead, you can switch DNS providers. Usually DNS records are hosted by the same people who host your site, but it doesn't have to be that way. Services like DNS Made Easy, ZoneEdit, and easyDNS let you host DNS records, without changing web hosting.

This can be both faster and safer than hosting DNS and website together. It gives you more flexibility and makes changing web hosts easier.

Will adding domain keys (DKIM) to my DNS affect my regular email?

This won't be a problem. We format your domain key record to indicate that not all email sent using that domain will be authenticated. This means you'll get improved deliverability for Campaign Monitor campaigns, and your regular emails will not be affected.

My DNS records are still not verified in my account, what should I do?

DNS record changes can take a while to propagate, sometimes more than 24 hours. If the records have not been verified after a couple of days it may be because they were not added correctly.

The first step in troubleshooting is to check if the DNS records have propagated. You can use a third party DNS testing tool like EmailStuff to do this. At the website, click DNS and enter the domain name you are trying to verify into the hostname TXT field, for example:

If no record is found, check the TTL value in your DNS. This value — the "time to live" — is the number of seconds DNS servers will cache your record for. Lowering the value will make the record propagate faster.

If the records are still not showing up, you'll need to contact your DNS host to follow up. If they report that it looks okay, then contact our support team who will look into it for you. Please let us know the domain name you are trying to verify so we can help you faster.

I get an error when trying to add the DKIM record, what does it mean?

Errors when trying to add a record to your DNS can be caused by the provider requiring the record to be formatted differently, for example:

No support for underscores

Some DNS providers do not support underscores (_) in DKIM TXT records. Check with your provider to see if they allow underscores.

If they don't, you will need to consider changing DNS hosts because Campaign Monitor DKIM TXT records contain an underscore:

Escape the semicolons

Semicolons can also be the cause of formatting errors. Some DNS control panels require you to escape the semicolons in your record. Try replacing ; with \; to see if it resolves the problem.