Knowledge Base Home Delivery How to Set Up Email Domain Authentication
Before sending emails from your Benchmark Email account, make sure your email domain is authenticated. Authenticating your domain involves adding two CNAME records provided by Benchmark to your domain’s DNS settings and ensuring that you also have a valid DMARC record. The necessary Benchmark records are on your account’s Domain Authentication page.
If you are unable to authenticate your domain, your ‘from’ email address will be rewritten and sent from an authenticated Benchmark Email domain. For example, if your email address is sales@companyname.com and your domain is not authenticated, your email address will appear as sales.yourcompanyname.com@123456.clients.bmsend.com in your contact’s inbox.
NEED HELP?
If you’re experiencing difficulties authenticating your domain, click on the chat widget located on the bottom right of this screen to chat with a support representative, or click here to send us a message.
BEFORE GETTING STARTED
Authenticating your domain is a key step when sending emails from a third-party service. It’s what tells inbox providers that you’re authorized to send emails from your domain. Without this verification, your emails could be mislabeled as spam or even blocked. By adding the necessary authentication records to your domain’s DNS settings, you’re not just building trust with email servers, you’re also improving your email deliverability and protecting your brand from potential phishing or spoofing attacks. Just as official documents need a verified signature to confirm they’re legitimate, authentication records act as signatures for your emails, showing that they truly come from your domain.
BEST PRACTICE
We recommend using a subdomain for all email marketing and email domain authentication. Inbox service providers may treat subdomains independently, reducing the risk of affecting the reputation of the main domain.
If you do not add these records, your ‘from’ email address will be rewritten and sent from an authenticated shared Benchmark Email domain. For example, if you cannot authenticate your domain, and your from email address is sales@companyname.com, your email address would appear as: sales.yourcompanyname.com@123456.clients.bmsend.com.
NOTE
As of February 1st, 2024, Gmail and Yahoo required email senders to authenticate their domains to ensure their emails reached the inbox. This meant that senders needed to have an SPF record, DKIM record, and DMARC policy configured in their domain’s DNS settings. No exceptions were made—full authentication required all three components to be properly set up.
To learn how Benchmark prepared for this requirement, click here.
Once you have verified the email address associated with your private domain, your domain will be ready to authenticate. You’ll need to copy and paste the Benchmark CNAME records into your domain’s DNS settings.
To authenticate, follow the steps below.
These can take up to 30 minutes to generate. Exit this page by clicking on the X on the top right.
Back on the Domain authentication page, you’ll see the authentication status of the records. If your records are ready to be added to your DNS settings, the DNS Record column will read View instead of Start.
If a record has a green check mark next to it, do not add it to your DNS settings. A green checkmark indicates that the record is already in place. This is often the case with the DMARC policy.
However, if a DMARC record is incorrectly configured, we’ll provide your existing value and a suggested correction. Be sure to replace the existing value with the suggested one.
If the records were added correctly, you will see a success message and green checkmarks next to each record.
Also, the authentication status may change to In Progress; you don’t need to do anything else. Avoid sending any emails until the domain is authenticated.
When your domain is ready to send emails, the status will change to Authenticated.
If the records were added incorrectly, you will see an error message and an X next to the missing or invalid record. Review the records you added in your DNS settings. If the error is not visible to you, delete the records previously added to your DNS and add them again.
IMPORTANT
Most DNS updates will take effect immediately. However, depending on your domain hosting service, the DNS update may take up to 48 hours to fully propagate. Even if you have added the records correctly, they may not display immediately on our site. If this occurs, you can recheck the configuration after a few minutes.
Consider
When done, you should have two Benchmark CNAME records and at least one valid DMARC record in your DNS settings. If you add a DMARC Policy, you’ll have three new records in your DNS Settings.
NEED HELP?
If you’re experiencing difficulties authenticating your domain, here are a few ways to contact a support representative.
Indicates the records were added successfully, and no further action is needed.
The records were created and added to your DNS settings, but we are waiting for confirmation. During this stage, no action is needed.
The records have not been created.
The records were created but not added to your DNS settings, or the records do not match. If you see this, check the message within the records. You’ll see a red X on the error that needs to be corrected. In your DNS settings, check if the records were added exactly as Benchmark provided. If you are not sure, delete the previous records, and proceed to add them again. If you still see an error, please contact our support team.
The process of adding the records will vary depending on your domain host. If you can’t access your domain’s DNS settings, contact your IT department or domain hosting service. If you have access but need guidance, schedule a call with our authentication specialist.
Below is a list of popular domain hosting services. You can select your provider to find a link to detailed steps on adding your authentication records. If your domain host isn’t listed, please contact our support team so we can include them.
When adding a CNAME or TXT record in Cloudflare, the Proxy status must be changed to DNS Only to ensure the records are validated.
Resource: https://developers.cloudflare.com/dns/manage-dns-records/reference/proxied-dns-records/
When adding a CNAME record, select Other Host in the Refers to step.
If your existing DMARC record does not meet the authentication requirements, we’ll resolve the issue and provide an optimized record to ensure 100% authentication. Contact your IT team to review the suggested Record.
Previously, Benchmark used TXT records for SPF (Sender Policy Framework) authentication. However, due to updated requirements from inbox providers, our team has optimized SPF authentication by switching to CNAME records. As a result, your old TXT record may now appear invalid. If this happens, you can replace the outdated SPF (TXT) record with the new CNAME record required for proper authentication.
If you do not authenticate your domain, you can still send emails, but they will be sent from a shared authenticated Benchmark domain. For instance, if your original email address is sales@companyname.com, it will appear as sales.yourcompanyname.com@123456.clients.bmsend.com when delivered.
This could impact how your recipients view your emails, so it’s recommended that you authenticate your domain for better brand visibility and deliverability.
Most DNS updates will take effect immediately. However, depending on your domain hosting service, the DNS update may take up to 48 hours to fully propagate. Even if you have added the records correctly, they may not display immediately on our site. If this occurs, you can recheck the configuration after a few minutes.
Yes, you can remove domains from the account. To remove a sending domain from your account, you will need to email our support team.
Yes, subaccounts also require domain authentication. Please note that subaccounts do not share domain authentication with the master account. To authenticate a domain within a subaccount, log in to the subaccount and follow the same steps outlined above.
If you have any questions, please contact our support team.