Need a hand? We've got you covered.

Knowledge Base Home aero-right Delivery aero-right How to Set Up Email Domain Authentication

How to Set Up Email Domain Authentication

Delivery Updated on April 28, 2022

There are three email domain authentication methods that help prevent email spoofing phishing and help avoid emails being marked as spam. SPF, DKIM, and DMARC are records added to your DNS settings to enable complete email domain authentication.

Each record provides a different level of authenticity. When used together, receiving Internet Service Providers (ISPs) can validate that emails from your domain are coming from a legitimate source.

Topics included in this article:


 

SPF Record

 

The Sender Policy Framework record known as an SPF record is a TXT record used to specify which domains or IP addresses are authorized to send emails on behalf of your domain. Adding this record to your DNS settings is the first step in email authentication.

Benchmark’s SPF record

Copy and paste the SPF record in your DNS settings exactly as shown below.

v=spf1 a mx include:bmsend.com ~all

When adding the SPF record, you’ll need to add a name and value.

Name: @
Value: v=spf1 a mx include:bmsend.com ~all

You can change the TTL or leave it as is.

If there is an existing SPF record, instead, you’ll add include:bmsend.com to the current value.

Here is an example:

Value: v=spf1 a mx include:_spf.otherserivce.com include:bmsend.com ~all.

Back to the top


 

How to add an SPF record in your DNS provider

 

Below, we have some popular domain hosting services with instructions on adding an SPF record. Click on your provider to see instructions. Please let our support team know if you do not see your domain service listed.

To check the SPF record, use one of the following services. If you are not sure, please contact our support team.

Back to the top


 

DKIM Signature

 

DKIM is short for DomainKeys Identified Mail; it is another type of email domain authentication used to prevent email messages from being forged by adding a digital signature to all emails sent from your domain. DKIM verifies the domain through cryptographic authentication. When DKIM is signed, receiving ISPs, such as Yahoo, Gmail, AOL, and others, can confirm that emails from your domain are legitimate.

Your email headers will display your company’s information, making you look more professional and helping your emails land in the inbox instead of junk.

CNAME RECORDS PUBLISHED

DKIM-Signature:v=1; a=rsa-sha256; d=yourdomain.com; s=bmdeda; c=relaxed/relaxed; i=email@yourdomain.com; t=1598860888; h=subject:from:reply-to:to:date:message-id:list-unsubscribe: content-type: mime-version; bh=VJiLnp1piFKGczzrsciR1Mxy1LTL+aPflXht5kNI5w=; b=Csm6hrngAjg7GebKP4UBybWGC8i1SS8z/tkW9CUqDG9f1QtHFPe+6i2SSD2/dgTYL3xitdEMYuCtRwTQZRreH6xLOjKy7A5vWbx5HgKei4+3jUuWhXboTZGK20PSF+tXjRI1OcBGHLDITaMvZyk4n4ue4pFbPfLT+YHjdBynoV4=

WITHOUT CNAME RECORDS PUBLISHED

DKIM-Signature:v=1; a=rsa-sha256; d=yourdomain.com; s=bmdeda; c=relaxed/relaxed; t=1598860888; h=subject:from:reply-to:to:date:message-id:list-unsubscribe: content-type: mime-version; bh=VJiLnp1piFKGczzrsciR1Mxy1LTL+aPflXht5kNI5w=; b=IhpgMyO1JEy4FhullJon/dkAldaguMqU6ppYvg6ZUjMT49MczetfzHTTg3tlQnmiQPg2COSAersBfaxPdSxVQuhkg2qUDDgdOE5cNJWwgPgScYiNod6cf3HLgZLHI34QXqvqbrj0mhMk+gZmeTIrYn9A/oO1HFImH06S4Qbyeo=

From: user1 <email@yourdomain.com>

 

Additionally, DKIM removes the message that shows in the inbox next to your email address as “via” or “on behalf of bmsend.com.” This text is used to indicate the sending server. For some email clients removing this text is not an option.

To sign DKIM; you’ll need to add two Benchmark CNAME records. The CNAME records can be generated from your Benchmark account and then added to your DNS settings.

Before you can configure your Benchmark CNAME records, you’ll need a confirmed domain in your Benchmark account.

Back to the top


 

How to add a domain to authenticate

 

If you’ve previously verified an email address, chances are you already have a domain in your account ready for authentication. Please note that only private domains can have email authentication.

To see a list of previously verified email addresses, visit your Email Verification page. If there are no private verified email addresses, please add the email associated with the domain you’d like to authenticate.

If you cannot verify your private domain, please contact our support team at Support@benchmarkemail.com.

To learn how to verify an email address, please click here.

Back to the top


 

How to get CNAME Records

 

Once you have a verified email domain, you can move on to the next step, the CNAME Records.  We recommend using two browser windows to move from one page to another quickly—one for Benchmark Email and another for your Domain DNS settings.

To generate your CNAME Records, follow the steps below.

  1. Click on your account name and select Account Settings.

  1. Then, select Domain Authentication. Here you will see the domains available to authenticate.
  2. If your domain is available to authenticate, click on the Start option.

  1. Confirm your choice by clicking Start Authentication. After confirming, we will begin generating your records. These can typically take up to 30 minutes to generate. Exit this page by clicking on the X on the top right of the page.

Back on the Domain authentication page, you’ll see the authentication status of the records. If your records are ready to be added to your DNS, the DNS Record column will read View instead of Start.

  1. Click on the View option to see your CNAME records.

  1. In another browser window, go to your domain’s DNS settings. If you are not sure how to add the records to your DNS settings, check out some of the services listed here for instructions.
  2. Copy and paste each CNAME record separately in your DNS settings.

  1. Once you are done, go back to Benchmark and click on the Check Configuration option.

  1. You will see a success message and green checkmarks next to each record if you added them correctly.  Record configuration can take up to 48 hours, depending on your domain hosting service.

Additionally, the domain status will change to Authenticated. Please allow 24 hours before sending any emails from your domain to accommodate for the 24-hour authentication period. Any email sent during this time may not reflect the changes.

If you did not add your records correctly, you would see an error message and an X next to the records that need updating.

If you receive an error message, review the records you added to your DNS settings. If the error is not visible to you, delete both of the records previously added and add them again.

If you continue to see an error message, please contact our support team at support@benchmarkemail.com

Back to the top


 

Domain Status Descriptions

 

Not Authenticated

The CNAME records have not been created.

In Progress

The records were created and added to your DNS settings but waiting for confirmation. During this stage, no action is needed.

Action Required

The records were created, but they were not added to your DNS settings, or the records do not match. If you see this, check the message within the records. You’ll see a red X on the error that needs to be corrected. Back in your DNS settings, check if the records were added exactly as Benchmark provided. If you are not sure, delete the previous CNAME records, and proceed to add them again. If you still see an error, please contact our support team.

Authenticated

Indicates the records were added successfully, and no further action is needed.

Back to the top


 

DMARC Signature

 

DMARC, short for Domain-based Message Authentication, Reporting & Conformance, is the third method for email domain authentication. ISPs like Yahoo, Gmail, AOL, and others, check to see if SPF and DKIM align with the DMARC signature. To take full advantage of the SPF and DKIM records, we recommend adding a DMARC signature to your domain.

If you already have a DMARC signature, skip this step as you can only have one DMARC signature per domain.

The DMARC signature is added as a TXT record in your DNS settings. You’ll need to add your Benchmark client ID and your email address.

DMARC Signature Example

v=DMARC1;p=none;sp=none;pct=100;adkim=r;aspf=r;rua=mailto:rCLIENTID@dc.bmesrv.com,mailto:YOUREMAILADDRESS;ruf=mailto:rCLIENTID@dc.bmesrv.com,mailto:YOUREMAILADDRESS;rf=afrf;ri=86400;fo=0

 

Name:  _dmarc
Value: v=DMARC1;p=none;sp=none;pct=100;adkim=r;aspf=r;rua=mailto:rCLIENTID @dc.bmesrv.com,mailto:YOUREMAILADDRESS;ruf=mailto:rCLIENTID @dc.bmesrv.com,mailto:YOUREMAILADDRESS;rf=afrf;ri=86400;fo=0

You can change the TTL or leave it as is.

Your client ID can be found within your CNAME records, or on your Partner page. To get your Client ID, follow the steps below.

From your CNAME record:

  1. Log in to your Benchmark account, and click on your account name.
  2. Select Domain Authentication, and then click on the View option.
  3. Copy ONLY the number ID within one of the CNAME records.

From the Partner page:

  1. Log in to your Benchmark account, and click on your account name.
  2. Click on the Partner Program option.

  1. Copy the Partner ID (this is the same as your ClientID).

While the DMARC signature is not required, adding it to your DNS will maximize the benefits of your domain authentication. The DMARC signature tells email providers where they can send their DMARC Reports, a type of report created by email providers to share domain and IP addresses that send emails on your behalf.

Back to the top


 

How to add your CNAME Records to your DNS provider

 

The process of adding the records will vary depending on your domain host. If you do not have access to your DNS settings, contact your IT team or contact your domain hosting service.

IMPORTANT:

Please allow 24 hours before sending any emails from your domain to accommodate the 24 hours.  Any email sent during this time may not reflect the changes.

Video URL

Below we have added some popular domain hosting services; for steps on adding your CNAME Records or your DMARC signature, click on the CNAME Records link or the DMARC link for your domain hosting service.

Please let our support team know if you do not see your domain service listed.

GoDaddy

BlueHost

InMotion

HostGator

HostMonster 

Arvixe

Cloudflare

Network Solutions

Name.com

 

Back to the top


Please feel free to contact our support team via Email, LiveChat, or Phone if you have additional questions.


Did this answer your questions?
You already voted!