In today's digital landscape, ensuring the authenticity of email communications is paramount. DominKeys Identified Mail (DKIM) stands out as a robust email authentication method designed to combat email spoofing, a common tactic employed by cybercriminals to forge sender addresses.
To implement DKIM in HubSpot, you will need to configure two CNAME records in your DNS provider. HubSpot will guide you through this process. By configuring these DKIM records with the public key provided by HubSpot, receiving mail servers (such as Gmail) can verify the signature of emails sent from your domain.
Once these DNS records are added and verified by both HubSpot and your DNS provider, the DKIM signature will be included in the headers of your sent emails, corresponding to the CNAME entries you configured.
To ensure your marketing emails comply with the authentication standards and sending policies enforced by major email providers, you can connect your email sending domain to HubSpot. HubSpot will assist you in setting up three essential DNS records type: DKIM, SPF, and DMARC. This article only focuses on DKIM.
BEFORE YOU BEGIN
CONFIGURE AUTHENTICATION FOR YOUR EMAIL SENDING DOMAIN
To fully authenticate your email sending domain, follow these steps in HubSpot:/msdyn_blobfile/$value)
To setup DKIM, add two CNAME records with your DNS provider. Click Copy under the Host and Required Data columns, then paste the values into the corresponding fields with your DNS Provider.
/msdyn_blobfile/$value)
VERIFY AND TROUGLESHOOT YOUR DNS RECORDS
When configuring the three DNS record types, you can click the Verify button in the bottom right corner to ensure your records are correctly added.
It may take several hours for DNS records to be fully verified. You can leave the domain setup and later check the status of each authentication method in your domain settings.
REVIEW AUTHENTICATION STATUS
As you add each DNS record type with your DNS provider, you can monitor the status of each authentication method to see if it has been setup up correctly or if further action is required.
Each DNS record type will display one of the following statuses:/msdyn_blobfile/$value)
Note: A subdomain will be considered authenticated if a DMARC record is configured at the root domain level, thanks to DMARC policy inheritance.
If there's an issue with any of your DNS records, you can click Continue setup to review the necessary DNS record values that need to be added in your DNS provider.
UNAUTHENTICATED EMAILS AND EMAIL VARIABLE DOMAINS
All marketing and transactional emails sent through HubSpot without a connected email sending domain will use a variable domain managed by HubSpot. This allows for the automatic detection and removal of your unauthenticated domain without canceling the email send. However, this process may negatively impact recipient engagement with your emails.
For example, if you send an email from an unauthenticated domain like user@yourcompany.com, HubSpot will change the email address to use a HubSpot-managed domain (e.g., hs-domain.com). The resulting sending address will appear as: user=yourcompany.com@hs-domain.com.
To implement DKIM in HubSpot, you will need to configure two CNAME records in your DNS provider. HubSpot will guide you through this process. By configuring these DKIM records with the public key provided by HubSpot, receiving mail servers (such as Gmail) can verify the signature of emails sent from your domain.
Once these DNS records are added and verified by both HubSpot and your DNS provider, the DKIM signature will be included in the headers of your sent emails, corresponding to the CNAME entries you configured.
To ensure your marketing emails comply with the authentication standards and sending policies enforced by major email providers, you can connect your email sending domain to HubSpot. HubSpot will assist you in setting up three essential DNS records type: DKIM, SPF, and DMARC. This article only focuses on DKIM.
BEFORE YOU BEGIN
- To connect your domain, you will need to update your DNS records. Ensure you have the login credentials for your DNS provider and access to the relevant DNS records.
- After configuring your DNS records, it may take between 15 to 80 minutes for HubSpot to verify their correct setup. You can review the status of your DNS records in your domain settings once they are configured.
- All accounts can connect an unlimited number of emails sending domains. You must own and have access to each domain.
- If you are using Cloudflare to configure your email sending domain, ensure that domain-wide CNAME flattening and proxy settings are disabled.
- You can connect a subdomain, such as info.domain.com, as your email sending domain. The subdomain you connect should match the domain in the "From" email address you use to send marketing emails in HubSpot.
CONFIGURE AUTHENTICATION FOR YOUR EMAIL SENDING DOMAIN
To fully authenticate your email sending domain, follow these steps in HubSpot:
- In your HubSpot account, click the settings icon in the top navigation bar.
- In the left sidebar menu, go to Content > Domains & URLs
- Click Connect a domain in the top right corner.
- In the dialog box, select Email Sending, then click Connect.
- On the domain connection screen, enter the email address you use for sending marketing emails, then click Next.
- Note: You can only authenticate an email sending domain that is not currently being used for another purpose, such as hosting your website.
- Verify that the email sending domain is correct, then click Next.
- In a separate tab, login to your DNS provider and navigate to your DNS record settings.
To setup DKIM, add two CNAME records with your DNS provider. Click Copy under the Host and Required Data columns, then paste the values into the corresponding fields with your DNS Provider.
VERIFY AND TROUGLESHOOT YOUR DNS RECORDS
When configuring the three DNS record types, you can click the Verify button in the bottom right corner to ensure your records are correctly added.
It may take several hours for DNS records to be fully verified. You can leave the domain setup and later check the status of each authentication method in your domain settings.
REVIEW AUTHENTICATION STATUS
As you add each DNS record type with your DNS provider, you can monitor the status of each authentication method to see if it has been setup up correctly or if further action is required.
Each DNS record type will display one of the following statuses:
- Not authenticated: None of the three authentication methods have been fully set up or verified.
- Partially authenticated: DKIM has been correctly set up and verified, but SPF or DMARC still need to be fully verified.
- Authenticated: DKIM, SPF, and DMARC have all been fully setup and verified.
Note: A subdomain will be considered authenticated if a DMARC record is configured at the root domain level, thanks to DMARC policy inheritance.
If there's an issue with any of your DNS records, you can click Continue setup to review the necessary DNS record values that need to be added in your DNS provider.
UNAUTHENTICATED EMAILS AND EMAIL VARIABLE DOMAINS
All marketing and transactional emails sent through HubSpot without a connected email sending domain will use a variable domain managed by HubSpot. This allows for the automatic detection and removal of your unauthenticated domain without canceling the email send. However, this process may negatively impact recipient engagement with your emails.
For example, if you send an email from an unauthenticated domain like user@yourcompany.com, HubSpot will change the email address to use a HubSpot-managed domain (e.g., hs-domain.com). The resulting sending address will appear as: user=yourcompany.com@hs-domain.com.