Employed for Good

Tech tips for social impact professionals. Do well at doing good.

Why (& How) to Authenticate your Domain with your Marketing Platform


If your org has just signed onto its first email marketing platform – like Mailchimp or Constant Contact – then you may be planning to sail off into the mass email sunset.

Credit: Giphy

But before you blast that newsletter, have you authenticated your domain? If not, try to do that ASAP.

First, how do domains relate to email marketing?

Your org probably has a website domain name already. (If you’re not sure what that is, the domain name for this site is employedforgood.com). Along with that, you hopefully also have an official organization email address.

When you registered for your marketing platform, you presumably used that official address. It certainly looks better to send emails from a “.org” rather than your personal gmail/yahoo/whatever else!

But as far as Gmail and other inbox providers are concerned, emails sent by sandra@[yourorg].org aren’t necessarily coming from your org. For all they know, those emails could be coming from someone trying to impersonate your org.

This is called spoofing, by the way. And it’s often used in phishing attacks, where bad actors pose as legitimate institutions in order to steal sensitive info.

But my org’s emails ARE legitimate. Why do I need to authenticate?

You’re no bad actor. But like I mentioned, inbox providers won’t know that unless your domain is authenticated.

And as long as it isn’t, some providers will warn their users against opening those emails. Here’s what that looks like in Gmail. Outlook offers something similar.

Note the massive yellow warning. Here, I sent a newsletter “from” my org address to my org address (prior to authenticating my domain).

This warning may not appear to every person on your list! (It looks a little different when the recipient’s email isn’t also the sender.) Some emails may even go straight to spam. Either way, I think we both agree…none of these scenarios is ideal.

You want people to see your org’s emails, open them, and feel confident that they aren’t harming their devices by doing so. That’s why domain authentication matters.

p.s. When your own domain isn’t authenticated, emails still send from another domain: typically a shared one provided by your marketing vendor. Since those are shared by other unauthenticated customers, you’ll have less control over the sender reputation for that domain (and ergo, the deliverability of your emails). More on this here if you’re curious.

Yikes! So how do we authenticate?

Good news is that this should only take a few minutes. And nearly all the major email platforms have their own instructions for how to set it up.

Important: If you’re an org without a webmaster to assist – my experience is that it’s still possible to figure this out IF you don’t mind getting your hands dirty with your DNS settings. (In other words, you don’t need to be a total DNS pro to get through this. But take extra care with the steps, because you can mess up.)

1) Start by finding your platform’s specific instructions

You can google “domain authentication [your email platform]” to start. To help expedite, here are steps for Mailchimp, Constant Contact, Mailerlite and Vertical Response.

The rest of the steps below are general, so please defer to your vendor’s specific instructions. Some vendors are awesome and will even walk you through this over the phone/via chat support.

2) Add your domain to your email marketing platform

Follow your vendor’s steps for adding and verifying your domain.

Remember, you need to add a domain that your org owns. This won’t work if you don’t have a domain already purchased!

3) Grab the key/s that you need to add to your domain records

Copy the DKIM, SPF and/or DMARC keys provided by your email marketing platform. Note if you’re going to create a CNAME or TXT record within your domain’s DNS settings.

4) Find your domain provider’s instructions for adding DMARC, DKIM, SPF and/or CNAME records

This is the tricky part. But much like tip #1, most domain providers have instructions for how to configure this on their side. (Tip: Mailchimp has a solid list of web hosts with linked, written instructions. Even if your org doesn’t use them, check if your provider is here.)

Ultimately, you need to navigate to your DNS settings within your domain provider account. That’s where you’ll create a new record & add that key you copied earlier.

p.s. For those who prefer video, here are some links I found from a few common email platforms. Campaign Monitor | MailChimp } Mailerlite

5) Create your record and save

Follow the steps for creating a new record, plug in/paste that key you copied earlier, and save. There’s usually a 72-hour max delay for records to register, though I’ve found it can work much faster.

Since you can mess up this part, I recommend anyone to get in touch with your host/domain provider’s Support team as you complete this step. While not all Support teams are created equal 😌, having the right person to confirm that your records are properly configured can make a huge difference.

I say this as someone who once messed up her DNS records and (unknowingly) stopped getting emails for days as a result. Thankfully, the Google Domains Support Team (my domain provider) helped me resolve the issue quickly.

At the end of the day, authenticated emails = better emails

Let’s do mass email right: authentically, and with authentication.

Thanks for reading!
Want to know when new posts go live?

Then subscribe! You’ll get a digest of the latest blogs, 1-2x per month. Unsubscribe at any time.

*Your email data is stored in a marketing database and never sold/shared with 3rd parties.*

.

Share your thoughts!

%d bloggers like this: