Google, Microsoft, and other Internet service providers (ISPs) check your emails to see if the domain you are sending from (such as you@yourcompany.com) is authenticated. This is the information they need to recognize you and your clients as trusted senders.
This article will detail how to authenticate emails through DKIM and SPF by adding CNAME records.
Article Contents
| Trial | ✓ | |
| Essential | ✓ | |
| Advanced | ✓ | |
| Ultimate | ✓ |
Settings| Administrators | ✓ | |
| Company Managers | ||
| Marketing Managers | ||
| Sales Managers | ||
| Salespersons | ||
| Jr. Salespersons |
Getting Started
CNAME records impact what your email looks like in the inbox. The email will show the sending domain as the domain you have configured with DKIM (signed-by), and a return path (mailed-by), including that same domain.
If your emails are authenticated, then more of your emails will get into the inbox instead of the spam folder. Setting up DKIM and SPF is how you authenticate your emails. Doing so means that these ISPs will trust the content that you send. In order to do so, you must add CNAME records for your domain via your hosting provider (such as GoDaddy, HostGator, or NameCheap).
Below is a breakdown of what each of these terms mean:
| Acronym | Term | Description | ||||
| CNAME | Canonical Name |
A type of DNS record added to hosting providers that is used to specify that a domain name is an alias for another domain, which is considered the canonical domain. |
||||
| DKIM | DomainKeys Identified Mail |
An important email authentication mechanism for protecting senders and receivers from forged email. |
||||
| SPF | Sender Policy Framework |
A type of DNS (Domain Name System) record used to identify which mail servers are permitted to send email on behalf of a domain. |
||||
Important: By default, only one domain per Lead Gen & CRM instance can be authenticated with DKIM and SPF.
Lead Gen & CRM provides an in-application configuration tool which creates CNAME records. When configuring CNAME records, in order to set up DKIM and SPF, you will need to add CNAME records to your DNS settings.
The DNS settings must be for the domain you are looking to authenticate. The configuration tool will generate these CNAME records, which will point to your unique DKIM keys.
Then, wholly outside of Lead Gen & CRM, these CNAME records must be added to your domain’s DNS settings.
These settings are often handled by your Domain Name Registrar (such as GoDaddy, HostGator, or NameCheap), or managed by a dedicated DNS service provider (such as DNSimple or EasyDNS).
Click to enlarge.
Note: Lead Gen & CRM Support can assist with configuring CNAME and DKIM.
Understanding CNAME Records
A CNAME (Canonical Name) record is a type of resource record in the DNS (Domain Name System).
These records are used to specify that a domain name is an alias for another domain, which is considered the canonical domain.
You will need to set up CNAME records, which is located under Email Settings, to whitelabel links in your email.
Lead Gen & CRM's CNAME records are as follows:
| Key | Description | |||
| em |
A SPF record. Identifies which mail servers are allowed to send emails from your domain. |
|||
| link |
A CNAME record. Used for safelabeling email links. Shows links in your email going through yourdomain.com. |
|||
| owner |
A CNAME record. Used for safelabeling email links. Shows links in your email going through yourdomain.com. |
|||
| s1._domainkey |
Used for DKIM authentication. Authenticates the message in transit as it is being handed off to the recipient server. |
|||
| s2._domainkey |
Used for DKIM authentication. Authenticates the message in transit as it is being handed off to the recipient server. |
Important: Placing all five CNAME records on a secured (https://) site could cause issues with your links. Removing the link and owner CNAME records afterwards without contacting Lead Gen & CRM Support will break the links. Links then will not work in emails, even though links in test emails will work.
Regarding Cal Records
By itself, the cal record is not related to Lead Gen & CRM's overall DKIM and SPF authentication process. It is, however, integral to setting up custom domain information for the Meetings feature. If you are not using custom domains for the Meetings feature, then you do not need to utilize cal records when setting up authentication.
Refer to For Administrators: Configuring Custom Domain Settings for Meetings for more information on configuring the cal record for Meetings.
Determining Secured Status
To determine whether or not your site is secured and if you will need to refrain from adding the link and owner CNAME record keys, you will need to inspect your page.
To inspect your page and determine secured status, do the following:
- Open the web page that you are looking to inspect in a browser window.
- Right-click the screen.
- Select Inspect.
- Click the Network tab in the developer console pop-out window that appears.
- Refresh the page.
- Click the domain entry.
- Click the Headers tab.
- Locate Strict Transport Security: Include Subdomains.
Note: Domain entries are normally located at the top of the list of entries.
Setting Up DKIM and SPF in Lead Gen & CRM
Authentication with DKIM and SPF is required to send from a domain in Lead Gen & CRM.
To set up DKIM and SPF, do the following:
- Click Settings in the left toolbar.
- Click Company Email Settings, located under Features in the left panel.
- Click the DKIM & Sending Domains tab.
- Verify your domain.
- Click Set Up DKIM once your domain is verified.
- Click Get My CNAME Settings.
- Navigate to your hosting provider in a new browsing tab.
- Depending on secured website status, add the following CNAME records:
Record Instructions Secured
(HTTPS)Add only the em, s1._domainkey, and s2._domainkey records to
the DNS settings of your domain.If you see include subdomains, then your secured website status is secured.
Unsecured
(HTTP)Add each of the five CNAME records to the DNS settings of your domain.
If you do not see include subdomains, then your secured website status is unsecured.
- Once all CNAME records have been added, verify that there is a green check box under the DKIM Status column.
- A green check box means that DKIM has been configured correctly.
Example of adding records to GoDaddy.
Important: If you add the link and owner CNAME records to a secured site and then remove them, you must contact Lead Gen & CRM Support for backend assistance. If you do not, no opens or clicks will be registered.
Note: Certain DNS providers append the domain to the end of the record. If you are still seeing Waiting on CNAME Records, be aware that it could take as long as 24 hours for the DNS settings to update.
Adding CNAME Records Externally
Configuring CNAME records in Lead Gen & CRM is only part of the overall DKIM setup process. To complete configuring CNAME records, you will need to do so outside of Lead Gen & CRM.
While Constant Contact can verify if you have correctly configured the CNAME with a registrar or hosting provider, Constant Contact cannot provide CNAME configuration procedures for individual hosting providers.
Note: CNAME, DKIM, and SPF terminology will change from provider to provider. For example, Network Solutions uses Host Name and Alias. Lead Gen & CRM instead uses Name and Data.
As the CNAME configuration process varies for each hosting provider, you will need to refer to the help documentation provided by the individual providers. You will need to do so for each hosting provider of the website you are adding a CNAME record for. As such, website owners must log in to their hosting provider accounts and configure CNAME records there.
The following external documentation links will redirect to CNAME configuration articles for more popular registrars and hosting providers. However, this is by no means a complete list. If your provider is not listed, refer to their help documentation on CNAME configuration.
Contact your registrar or hosting provider for more information on registrar or hosting provider CNAME configuration.
Locating SPF Records
You can check to see if you correctly set up CNAME records with MxToolBox. This website features a tool that can help. With it, insert the full key name from Lead Gen & CRM, and search as a CNAME Lookup. If successful, you should see the data from Lead Gen & CRM under the Canonical Name column in MxToolBox. In fact, you can use this website to locate your SPF records.
To locate your SPF records, do the following:
- Navigate to MxToolBox in a browser tab.
- Click the MX Lookup tab.
- Enter your domain name in the Domain Name text field.
- Click MX Lookup.
- Click the link in the Canonical Name column in the table that appears.
- Click the link in that table's Canonical Name column in the table row that appears.
- Click the More Options > SPF Record Lookup in the search bar above the tables.
- Click SPF Record Lookup.
Click to enlarge.
Important: When entering your domain name, include the em. prefix.
Be aware that when you add your CNAME records for Lead Gen & CRM, you are adding both SPF and DKIM. No additional steps are necessary for email authentication.
Safelisting Addresses
Safelisting ensures that your own Lead Gen & CRM-sent emails land in the inbox when testing. When an Internet Protocol (IP) address is safelisted, then emails sent from that IP address will not end up in the spam folder.
Refer to Safelisting IP Addresses for Lead Gen & CRM Emails for more information on safelisting.