Benchmark Email Help Center

or chat with:

smart support, our Benchmark Email expert powered by AI

chat now

Knowledge Base Home aero-right Delivery aero-right How to Set Up Email Domain Authentication

How to Set Up Email Domain Authentication

Delivery Updated on May 2, 2024

To authenticate your email domain, you’ll need to add a Benchmark Email SPF and DKIM record, along with a valid DMARC record to your domain’s DNS provider. These records can be found in your account on the Domain Authentication page.

If you are unable to authenticate your domain, your ‘from’ email address will be rewritten and sent from an authenticated Benchmark Email domain. For example, if your email address is and your domain is not authenticated, your email address will appear as in your contact’s inbox.


If you’re experiencing difficulties authenticating your domain, click on the chat widget located on the bottom right of this screen to chat with a support representative, or click here to send us a message.


To send authenticated emails from Benchmark, you’ll need to do the following:

  1. Add and verify an email address that’s associated with your private domain.
  2. Go to the Domain Authentication page in Benchmark via account settings to generate SPF and DKIM records.
  3. Access to your domain’s DNS settings, where you can add SPF and DKIM records and check for a valid DMARC policy.

If you are authenticating a sub-domain, ensure the SPF and DKIM records, along with a DMARC policy, are added to the sub-domain.


We recommend using a subdomain for all email marketing and email domain authentication. Inbox service providers may treat subdomains independently, reducing the risk of affecting the reputation of the main domain. 

Authentication Records Needed

In your Benchmark Email account, you’ll find unique SPF and DKIM records for each private domain that has been verified; both of these records need to be added to your domain’s provider DNS settings. Additionally, you’ll see a DMARC record. The DMARC record is not specific to your Benchmark Email account and only needs to be updated if the record we found is invalid. 

Click on the record tabs below to learn how each record contributes to your email domain authentication.

The Sender Policy Framework record, commonly known as an SPF record, is a record added to your DNS settings. The SPF record is used to specify which domains have authorization for email sending. 

You can access your domain’s Benchmark SPF record from within the Domain Authentication page.

DomainKeys Identified Mail; is used to prevent email messages from being forged by adding a digital signature to all emails sent from your domain.  DKIM verifies the domain through cryptographic authentication. When DKIM is signed, receiving ISPs can confirm that emails from your domain are legitimate.

You can access your domain’s Benchmark SPF record from within the Domain Authentication page.

DMARC, short for Domain-based Message Authentication, Reporting & Conformance, is another record used for domain authentication. ISPs like Yahoo, Gmail, AOL, and others check to see if SPF and DKIM align with the ‘from email address’ and what action to take if they do not align. Email senders must have a DMARC Policy in place for emails to pass ISP filters. 

Your Benchmark Account lets you see if your email domain has a valid DMARC record.

If you have a valid DMARC policy, you will see a green check mark indicating that the record is valid. Domains can only have one DMARC Policy, so if you have a green check mark next to the DMARC name and value, you do not need to update DMARC.

If no DMARC record is found, or your DMARC record is invalid, Benchmark will provide a suggested DMARC record to use to ensure you pass the requirements for sending from your domain using Benchmark Email.

Next to each record, you’ll see indicators that tell you whether or not you need to update the records. If you have a green check mark, then the record is valid and authenticated. However, if you have a red X the record is invalid.

Authenticated Records

Invalid – Not Yet Authenticated


If you do not add these records, your ‘from’ email address will be rewritten and sent from an authenticated Benchmark Email domain. For example, if you cannot authenticate your domain, and your from email address is, your email address would appear as:

Back to the top ↑

How to add a domain to authenticate

If you’ve previously verified a private email address, chances are you already have a private domain in your account ready for authentication. Please note that only private domains can be authenticated. Public domains, like Gmail and Yahoo, can not be authenticated. Emails sent from Benchmark using a public email address will have their ‘from email address’ adjusted to use an authenticated Benchmark domain. For example, if your email address is, your domain would look like this:


To learn how to verify an email address, please click here.

To see a list of previously verified email addresses, visit your Email Verification page. If there are no private verified email addresses, please add the email associated with the domain you’d like to authenticate.


If you cannot verify your private domain, please contact our support team at

Back to the top ↑

How to get Authentication Records

Once you have verified an email address associated with your private domain, you can authenticate. 

If you prefer a video tutorial, watch this video.

To authenticate, follow the steps below.

  1. Click on your account name and select Account Settings.
  1. Then, select Domain Authentication. Here you will see the domains available to authenticate.
  2. Find the domain you would like to authenticate and click on the Start option.
  1. Confirm your choice by clicking Start Authentication. After confirming, we will begin generating your records. These can take up to 30 minutes to generate. Exit this page by clicking on the X on the top right. 

Back on the Domain authentication page, you’ll see the authentication status of the records. If your records are ready to be added to your DNS settings, the DNS Record column will read View instead of Start.

  1. Click on the View option to see your records.
In another browser window, go to your domain’s DNS settings. If you are unsure how to add the records to your DNS settings, check out some services listed here for instructions.
  1. Copy and paste each record separately in your domain’s DNS settings.
  1. Once you are done, return to Benchmark and click the Check Configuration option.
  1. If you add the records correctly, you will see a success message and green checkmarks next to each record.  Record configuration can take up to 48 hours, depending on your domain hosting service.

Additionally, the authentication status will change to In Progress; no further action is needed from you. The authentication period can take up to 24 hours. You should not expect any emails to be sent from your domain during this time, as the domain has not yet been authenticated. If you have mail that must be sent, it will default to our authenticated subdomain before sending.

When your domain is ready to send emails, the authentication status will change to Authenticated.


You should have two Benchmark CNAME records and at least one valid DMARC record in your DNS settings when you are done. If you add a DMARC Policy, you’ll have three new records in your DNS Settings.

If you did not add your records correctly, you will see an error message and an X next to the records that need updating. Review the records you added to your DNS settings if you receive an error message. If the error is not visible to you, delete both records previously added and add them again.


If you’re experiencing difficulties authenticating your domain, here are a few ways to contact a support representative.

  • Send us a message by clicking here, and a support representative will contact you via email. 
  • Start a live chat by clicking on the chat widget at the bottom right of this screen. 
  • Schedule a call with a team member who can help review your records and guide you through the process of updating your email domain authentication records. 

Back to the top ↑

Domain Status Descriptions

Not Authenticated

The records have not been created.

In Progress

The records were created and added to your DNS settings, but we are waiting for confirmation. During this stage, no action is needed.

Action Required

The records were created but not added to your DNS settings, or the records do not match. If you see this, check the message within the records. You’ll see a red X on the error that needs to be corrected. In your DNS settings, check if the records were added exactly as Benchmark provided. If you are not sure, delete the previous records, and proceed to add them again. If you still see an error, please contact our support team.


Indicates the records were added successfully, and no further action is needed.

Back to the top ↑

How To Add Your Authentication Records to Your DNS Provider

The process of adding the records will vary depending on your domain host. If you do not have access to your DNS settings, contact your IT team or contact your domain hosting service.


Please allow 24 hours before sending any emails from your domain to accommodate the 24 hours.  Any email sent during this time may not reflect the changes.

If you prefer a video tutorial, watch this video.

Below we have added some popular domain hosting services; for steps on adding your CNAME Records, click on the CNAME Records link for your domain hosting service.

Please let our support team know if you do not see your domain service listed.








Network Solutions

Back to the top ↑

If you have any questions, please contact our support team.