How to verify and authenticate your domain

It's necessary to have a verified domain to send an email, it boosts your deliverability and it also increases your authority by showing your brand name as the sender of the email.

To authenticate it, you will need to add two TXT records and one CNAME to the DNS editor of your domain: 

  • TXT: DKIM (Domain Keys Identified Mail): a sender identification tool that is used by email clients (such as Google, Yahoo, and Outlook) to identify and protect from phishing, spoofing and forgery.
  • TXT: SPF (Sender Policy Framework): indicates which IP addresses and/or hostnames have been authorized to send emails from the specific domain.
  • CNAME: Return Path: This is specifically for receiving bounce and spam feedback. This not only helps improve deliverability, but also allows your emails to pass DMARC alignment.

Keep in mind that the DNS records will not take over your root domain.



How to verify your domain

  • Head to the sidebar and select Domains
  • Click New domain
  • Enter your domain and save it.
  • Copy the shown DNS records to your domain DNS editor. If you don't know how, please do contact your domain or hosting provider.

And once verified, you can start sending emails with your new verified domain using any name (ex. name@domain.com).





Relax your aspf and adkim tags

If your domain is utilizing your DMARC policy you will need to ensure that your DMARC policy is using r (or relaxed) values for the aspf and adkim tags. If your policy doesn’t specify aspf or adkim tags, then they are already relaxed by default and no changes to your policy are necessary.

The reason for this requirement is because Dynosend uses a subdomain of your verified domain (ex. dsdlvr.example.com) for signing the return-path, SPF, and DKIM headers in the emails our servers send from.

Under relaxed policy, the emails you send from Dynosend will pass DMARC alignment because of the parent/child match of your mail-from domain (from address) and header-from subdomain (return-path) we sign to your emails.

For context, a strict (s) policy for these tags would require an identical match of the domains in these headers, which would result in your emails failing to pass alignment. Failing DMARC alignment could then cause your emails to either bounce back (p=reject) or filter to spam (p=quarantine), depending on your DMARC policy.