Authenticating a Sending Domain
Implementing domain authentication to a Sending Domain is a way to verify that an email came from the sender listed in the "from" field in the recipient's inbox and that the email was not forged or tampered with while in transit. For example, a Sending Domain for
company.com could be
Using an authenticated Sending Domain is considered a best practice for all email marketers, particularly those with 100k+ Contacts! Sendlane's authentication process includes SPF, DKIM and DMARC authentication mechanisms.
🚦 Before Getting Started
- Have access to your website's DNS settings; the Sendlane team cannot make adjustments to your DNS settings for you.
- Review your DNS provider's documentation, which should be similar to Cloudflare or GoDaddy's processes.
Authenticating a Sending Domain is a simple process that requires access to your website's DNS settings and your Sendlane account:
- Set Up Your Sending Domain in Sendlane
- Add NS Records
- Attach a Sender Profile to Your Sending Domain
Set Up Your Sending Domain in Sendlane
Click the Account icon > Sending Domains > Setup Domain> Enter your Domain Name and Sending Domain > Save
The Sending Domain Authentication pop-up window will populate with the Sending Domain you’ve just created and the following information which you'll need for adding DNS records in your DNS provider's control panel:
- Host - The customer's desired Sending Domain
- Value - In most DNS settings interfaces, this field is labeled "Points To"
- TTL - Some domain providers describe TTL in hours or minutes rather than seconds; Sendlane's default TTL of 3600 seconds equals 1 hour or 60 minutes
Exit the pop-up window and click the Re-Verify DNS icon to communicate with your DNS. You may not see an immediate change because DNS records can take up to 24 hours to update successfully.
Check out the Troubleshooting section if you get stuck!
🙋 Does this process change my "default" nameservers?
Nope! We are not asking you to change your "default" nameservers. This authentication process is DNS delegation and is only giving Sendlane the ability to control DNS above the Sending Domain level. In other words, when you set up a Sending Domain of
email.company.com, Sendlane is delegated the
Doing this will not allow Sendlane to change the DNS records of the Sending Domain you have delegated to Sendlane. Other A, MX, TXT, CNAME records will still be accessible and controlled by your existing DNS provider.
🙋 Why can't I just use my main domain?
Companies should never mix their marketing domain with their corporate domain or use the same domain for both purposes. If content or links in a marketing email raise the suspicion of a major real-time block list (RBL), you risk your corporate email channel, including internal communication and communication with vendors, being blocked for an unknown amount of time.
Because of these risks, it is important to authenticate a Sending Domain and send from a marketing specific domain like
email.company.cominstead of using the main
Authenticating a Sending Domain allows Sendlane to maintain and update your DNS records to protect your business' website and to ensure that nothing is accidentally changed for your primary domain, causing domain authentication to break for your entire website.
Sendlane is continuously monitoring the latest developments in domain authentication and security. By delegating a Sending Domain to Sendlane, you will benefit from features we add to enhance security!
Instructions for adding NS records vary by hosting provider. Search your hosting provider's knowledge base for specific instructions!
Log in to the DNS Settings section of your primary domain's hosting company. You should see a button labeled something like "Add Record." Click the button and select NS as the record type. Add the following NS records as separate records (from the Sending Domain Authentication pop-up window in the previous step.)
The process for adding NS records is slightly different for every DNS provider. Review your DNS provider's specific documentation before continuing!
If you do not see NS as a record type, please contact your DNS provider for information on adding NS records and see the Troubleshooting section for next steps.
Add NS Records
Sending Domains must be linked to at least one new or existing Sender Profile.
Once your NS Set and DNS Verified icons are populated with green checkmarks, click the link icon button in the Actions column of the Sending Domain page to open the Connect to Sender window:
In the Connect to Sender window:
- Select a Sender Type
- New - All fields are required to save a new Sender Profile
- Existing - Select an existing Sender Profile and edit any field as needed
- Fill out or edit the Sender fields as needed
- From Email fields cannot be edited from this window in an existing Sender Profile.
- Reply-To email addresses can be different from the From Email and should be an active email address using the customers' main domain (not a free email address like Gmail) if they want to receive replies from their contacts.
- The Sender's address must be a valid physical mailing address or PO Box.
- Click Confirm
The Sender Profile created or attached to the new Sending Domain will appear first on the Sender Profile tab of the Audience page and will be identified by a green checkmark next to the Sender Name.
Add additional Sender Profiles to the same domain by clicking the link icon
- Select a Sender Type
Attach a Sender Profile to Your Sending Domain
I can't add an NS record to my domain!
Some hosts, such as Bluehost and Fastcomet, do not allow end users to create NS records. If you bought your domain directly from Shopify or BigCommerce and your DNS is managed in those platforms, adding NS records is not currently supported. Sendlane has open requests to both platforms to add support in the future for updates.
Many customers who cannot create NS records in their original host platform move their DNS to Cloudflare or register their domains with Go Daddy, Google Domains, AWS Domains, or other providers that allow NS records to be added.
Sendlane staff cannot directly assist you in switching hosting providers. If you want to switch hosting companies to an option that allows you to add your own NS records, we strongly suggest you find a technical consultant to help you ensure it is done correctly and without downtime on your website.
I added my NS records, but they are not authenticated in Sendlane!
There are two common reasons your Sending Domain may not authenticate in Sendlane after following the instructions above:
- You added NS records to the account where you registered the domain, but you have actually moved DNS control to another DNS provider. Go to the current DNS provider for your domain and add them there.
- The Sending Domain you added has other associated records. Remove any records associated with your subdomain that are not Sendlane's NS records. For example, if you chose mail.domain.com as your Sending Domain, mail.domain.com cannot have A, CNAME, TXT, or MX records currently existing in its DNS. If you do consider changing your Sending Domain from "mail" to "email" or "e" or something other than "mail" in the first step above
If you use separate services for your domain and hosting, please be sure to add these records to the service that controls DNS. You can determine which service controls your DNS using a service like https://dnschecker.org/#NS/ to check. Enter sendlane.com, and you will see we use Cloudflare for our DNS!
I use Amazon Web Services for domain hosting and can only add one NS record!
Create one NS record for the subdomain you are delegating to Sendlane and enter the four required values on one line each in the Value field of the Create Record console. Some providers allow you to add all 4 at once, others make you do each one of the four one at a time.
I use Google Domains and can't add NS records!
Check out Google's instructions under "Create or modify a resource record," then add the four NS records in a single row.
I need my Sending Domain Type, Host, Value, or TTS information!
This information can be retrieved by clicking the pink arrow next to the Root Domain on the Authenticated Sending Domain page: