How to verify and authenticate your domain
Email verification and authentication are important in the world of email marketing as they help ensure the proper deliverability of your campaigns.
A domain can be verified via a confirmation email or by authenticating it.
|Note: Large public mailbox providers like Gmail or Yahoo are not recommended, as there are too many limitations when using their free domains for sending. These can also not be authenticated since you do not own the domain.|
You can also watch a video tutorial here.
In this article, you will learn:
- Why you should authenticate your email domain
- How to verify your domain
- How to authenticate your domain
- How to get the records approved
- Troubleshooting steps if authentication isn’t working
Why you should authenticate your email domain
While any domain that you add is automatically authenticated on our behalf, the link “via mlsend” will always be displayed next to the sender’s email address.
Although optional, we highly suggest that you authenticate your own custom domain to improve your deliverability rates.
It also significantly increases the chances of your email landing in the recipients’ inboxes rather than the spam or junk folder.
To authenticate it, you will need to add two TXT records to the DNS page of your domain:
- DKIM (DomainKeys Identified Mail): a sender identification tool that is used by email clients (such as Google, Yahoo, and Outlook) to identify and protect from phishing, spoofing and forgery.
- SPF (Sender Policy Framework): indicates which IP addresses and/or hostnames have been authorized to send emails from the specific domain.
|Note: The DKIM and SPF records given to you on your Domains page cannot be changed within MailerLite and the exact records must be added to your DNS page for the authentication to work.|
How to verify your domain
- Head to the Domains page.
- Click Add domain.
- Enter the email address you wish to use to send emails from and click Send verification email.
- Once you receive the confirmation email, click on the Confirm my email address link.
- You will see a success message confirming the domain verification.
|Note: If you haven’t received a verification email from us, use the resend feature, authenticate your domain, or contact our Support team at firstname.lastname@example.org.|
How to authenticate your domain
- Head to the Domains page.
- Click on Authenticate for verified domains, or Add domain for unverified ones (and then click on Send confirmation email).
- You’ll get the Name and Value fields for the DKIM and SPF records. Keep this page open.
- Access the DNS page of your domain. If you don’t know how, contact your hosting provider for further support (in most cases, the Support team of your hosting provider can add the DKIM and SPF records for you).
- Add both the DKIM and SPF as TXT records with their respective Name and Value fields that we provide for you. Please note that these records cannot be modified within MailerLite, so they have to be an exact match.
How to get the records approved
Head back to your MailerLite Domains page and click on the green Check DNS records button located below the records.
Once both records have been approved, you will see the following page:
However, sometimes the site will say that 1 or both records were not approved, even if all of the information was correctly submitted.
There are 2 reasons why this happens:
- It can take the servers up to 24 hours to completely update this information. Most of the time, however, it is approved and updated in a matter of minutes.
- Some information has to be re-checked and updated.
Troubleshooting steps if authentication isn’t working
Even if you are sure you set up the information correctly, we suggest that you follow the troubleshooting steps below, just in case.
DKIM record is not approved
If the DKIM record fails, check:
- If you typed only ml._domainkey (without your domain) in the Host field.
- Check that both Value fields are exactly the same, as they’re case-sensitive.
If you’re unsure, you can check both texts here.
If you’ve already checked the above and both fields are exactly as they are shown in MailerLite, it may be that your domain system may not parse the DKIM value correctly.
If this is the case, you could use an external tool such as DKIM Core to check for any errors. If you see that only the k=rsa part is being recognized and nothing else, then this means that the DKIM value is not parsing correctly on your DNS.
To rectify this, you should ‘escape’ the semicolon (;) symbol by adding a backslash (\) symbol before it.
To do this, simply change the initial value from k=rsa; p= to k=rsa\; p=. This should make the DNS read the DKIM value correctly.
SPF record is not approved
There are 3 reasons why an SPF record may not be approved:
- SPF records don’t match
- SPF Name record field must be left empty
- More than 1 SPF record was found
SPF records don’t match
- Check the Host Name.
- Check if the Value field on your DNS page is exactly the same as the one in your MailerLite Domains page. They have to be identical as they are case-sensitive. The record won’t be approved otherwise.
You can use this site to compare both texts.
SPF Name record field must be left empty
Some hosting providers have settings that don’t allow the domain as the Name field for any record.
Use ‘@’ as the Name field for the TXT record or leave it empty.
If you see that there is a common Name field being used for the rest of the records in the DNS page of your domain, try using that one.
More than 1 SPF record was found
It’s only possible to have 1 SPF record on your DNS zone. If you have more than 1, they need to be merged.
In the picture below, there are 2 different TXT records for SPF. Both of these need to be merged into 1 single record.
Luckily, MailerLite does this for you after you click once on the green Check DNS records button. This allows the site to check and update the SPF record’s Value with the merged version after clicking on it. The updated SPF value will be available on the same pop-up page.
At first, you will notice that the SPF value record will look something like this:
v=spf1 a mx include:_spf.mlsend.com ?all
After clicking on the green Check DNS records button and receiving the error message that more than 1 SPF record has been found, refresh the page, click on the Check status button, and most likely, you will see that there is a new merged value for the SPF record.
You can confirm this by examining it. The merge was successful if the text includes more than 1 include.
An example of a merged SPF record from MailerLite and Outlook:
v=spf1 a mx include:_spf.mlsend.com include:spf.protection.outlook.com -all
|Note: if the method above is not working for you, take a look at our article How to merge SPF records.|
Before setting up the new merged SPF record, it’s important to:
- Remove all of the current SPF records in your DNS zone, including the original one from MailerLite that is not merged.
- Add a new TXT record with the merged SPF record.
- Go back to your MailerLite Domains page and click on the green Check DNS records button.
An error may still come up even after setting up the merged SPF record in the DNS zone. Don’t worry if this happens. Remember that servers can take up to 24 hours to completely update this information. Most of the time, however, it’s approved within a few minutes to a few hours.
You can check if the SPF record is correctly set up with this third-party tool.