What is an Authenticated Sending Domain?
An authenticated sending domain is a subdomain of your business’s primary domain used exclusively for sending marketing content. Authenticating a sending domain is considered a best practice for all email marketers, particularly those with 100k+ Contacts.
Sendlane’s technique for authenticating a sending domain is called subdomain DNS delegation. This technique provides SPF, DKIM, and DMARC authentication for your chosen sending domain in the simplest way possible. Delegating a subdomain to Sendlane lets us handle all the technical details for you! Sendlane will manage your subdomain’s DNS while having no control of or impact on your primary domain.
Using a subdomain to send marketing content protects your primary, top-level domain so that your marketing channel does not negatively affect your primary domain’s email delivery, which you rely on for daily internal and external business communication.
⏭️ Ready to get started?
Check out our step-by-step guide to authenticating a sending domain!
Frequently Asked Questions
- What is a subdomain?
- What does an authenticated sending domain look like in the inbox?
- Why can’t I just use my primary domain to send marketing content?
- Does delegating a subdomain involve changing my default nameservers or giving Sendlane control of my primary domain?
- Will Sendlane still control my subdomain if I switch to another ESP?
- How are sending domains authenticated?
What is a subdomain?
A subdomain is an extension of your primary domain. Subdomains are typically used to create staging sites to test updates to a website before they are formally published. In this case, the subdomain you create will be used as part of the email address you send marketing content from.
What does an authenticated sending domain look like in the inbox?
Let’s look at two from addresses in the inboxes of a Sendlane staff member:
This is the from email address on an email recently sent to Sendlane staff from our CEO, Jimmy. Because Jimmy sent non-marketing content to Sendlane staff, he used his @sendlane.com email address which operates on Sendlane’s primary domain.
This is the from email address on an email recently sent to everyone who subscribes to Sendlane’s (fabulous 💅) marketing content by our Senior Director of Marketing, Caitlin. Because Caitlin sent marketing content to opted-in subscribers, she used an authenticated sending domain of @mail.sendlane.com instead of an email address using the primary @sendlane.com domain.
Why can’t I just use my primary domain to send marketing content?
Businesses should never mix their marketing domain with their corporate domain or use the same domain for both purposes. If content or links in a marketing email are flagged by a real-time block list (RBL), email channels that send and receive email from the primary domain, including internal and vendor communication, could be blocked for an unknown time.
Delegating a specific sending domain allows Sendlane to maintain and update your DNS records to protect your business' website and to ensure that nothing is accidentally changed for your primary domain, causing domain authentication to break for your entire website.
Sendlane continuously monitors the latest developments in domain authentication and security. By delegating a sending domain to Sendlane, you will benefit from features we add to enhance security!
Does delegating a subdomain involve changing my default nameservers or giving Sendlane control of my primary domain?
Nope. Your primary domain’s default nameservers should never be changed or adjusted on Sendlane’s behalf. Much like the IRS will never call you on the phone, Sendlane will never ask you to change or adjust your default nameservers.
Let’s say your primary domain is example.com. Your default nameservers would look something like:
$ dig +short example.com NS a.iana-servers.net b.iana-servers.net
and will remain completely unchanged by the process of delegating a subdomain.
You will create a subdomain in your Sendlane account, such as something like mail.example.com, then log into your DNS control panel and create the following new NS records for that subdomain:
| Type | Host | Value | TTL |
|---|---|---|---|
| NS | ns1.sendlane.com | 3600 | |
| NS | ns2.sendlane.com | 3600 | |
| NS | ns3.sendlane.com | 3600 | |
| NS | ns4.sendlane.com | 3600 |
Once the subdomain and new NS records have been created, the following authentication checks will resolve via Sendlane’s DNS servers rather than your primary domain’s servers:
mail.example.com TXT _dmarc.mail.example.com TXT slkey1.domainkeys.mail.example.com TXT
Sendlane will only process authentication checks at the mail.example.com level or above. Sendlane will never control example.com.
Will Sendlane still control my subdomain if I switch to another ESP?
Not if you don’t want us to! You can revoke Sendlane’s control of your subdomain at any time by deleting the four NS records you added to authenticate your sending domain from your DNS.
How are sending domains authenticated?
Sending domains are authenticated by:
- Creating a subdomain in Sendlane
- Creating new NS records in your DNS control panel to delegate the subdomain to Sendlane
- Attaching an existing or new Sender Profile to the subdomain
⏭️ Ready to get started?
Check out our step-by-step guide to authenticating a sending domain!