Self-authenticate your emails using your own domain

Build your sending reputation by self-authenticating your domain using DKIM CNAME records or a TXT record, and adding a DMARC record

Want to improve your email deliverability and make sure your emails land in the inbox? If you have your own website domain name (ex: halfmoonyoga.com) and an email address at that domain that you use as your "From Address" (ex: marsha@halfmoonyoga.com), authenticating your outbound email helps to verify that the message is actually coming from your organization and that it’s not a spoof or spam.

All email sent through Constant Contact receives basic authentication, but setting up self-authentication within your Constant Contact account builds your reputation as a safe sender under your domain instead of under Constant Contact. Learn more about email authentication.

In order to self-authenticate your emails, you'll need to be able to access the DNS records for your domain, usually through your hosting provider. Not sure where your DNS records are hosted? You can do a lookup with this tool.

You have two options for the type of record you can add:

1. CNAME records - This is the simplest and most secure way to authenticate your domain email address.
2. TXT record - This is the best option if you have multiple Constant Contact accounts using the same domain.

Note: When self-authenticating your emails, you also need to publish a DMARC policy in your DNS records to comply with the latest authentication requirements.

Constant Contact generates the CNAME or TXT record information, as well as the DMARC policy information, you'll need to publish in your domain's DNS settings, which can be done by your IT department or webmaster if you have one, or with the help of your hosting provider. Once your DNS records are updated, it can take anywhere from a couple of hours to a couple of days for the newly published authentication records to propagate through the internet.
 

• Self-authenticate using CNAME records
• Self-authenticate using a TXT record
• Test your authentication records
• Update your authenticated domain

Self-authenticate using CNAME records

Self-authenticating using CNAME records is the simplest and most secure way to authenticate your domain email address.

Note: You can only authenticate one domain in your account.
 

1. Click the profile icon in the lower-left and select Account settings.
   
   
    
2. Click the Advanced settings tab.
3. Click Add self-authentication.
   Note: If you’ve customized a subdomain to use for your rewritten “From” address, you’ll be able to continue sending from that subdomain until your self-authentication is successfully activated for your custom domain. Once activated, the customized subdomain will be deactivated. 
   
   
    
4. Select “Self-authenticate using DKIM CNAME records.”
5. Click Continue.
   
   
    
6. From the drop-down, select the domain you want to use for self-authentication. If the custom domain you want to use isn’t listed, choose “Select another domain” from the drop-down to add and verify a new email address.
7. Click Continue.

   Important: If you receive a message that says “This domain is already authenticated in another Constant Contact account,” you'll need to self-authenticate using a TXT record instead.

   
   
    
8. Use the copy symbols to copy each of the CNAME and DMARC record names and values to update your DNS records through your hosting provider. Your IT department or Mail administrator can do this, if you have one. Click Copy information to easily share the information with them.

   Tip: If you're using a web hosting provider, they can help you create the records within their admin console. Some DNS providers may even automatically add your domain to the record by default. Learn more.

9. Once you’re done, click OK.
   
   
    
10. Click Got it. Once you add the CNAME and DMARC records to your DNS settings, it can take up to 48 hours to fully propagate. Don't worry, you'll still be able to send emails while you wait for your DNS records to update.

    Important: Don't forget to also publish the DMARC policy record, in addition to the CNAME records, to be able to activate your self-authentication in step 13.

    
    
     
11. Click OK to return to your account.
    
    
     
12. About 24 to 48 hours after you've pasted the CNAME and DMARC records into your DNS settings, click Check status or Activate to finish activating your self-authentication.
    
    
     
13. If ready, click Activate. If you're receiving an error message and unable to activate, learn more about troubleshooting self-authentication.
    
    

Self-authenticate using a TXT record

Important: You won't be able to send emails until your DNS records fully propagate, which can take up to 48 hours. Make sure your webmaster or IT admin is looped into the process before you generate your DKIM key. Sending an email after your DKIM key is generated, but before your DNS record is updated, results in an error message. After your DNS record is updated, it's best to send a test email before sending an email to your contacts.

When you self-authenticate using a TXT record, Constant Contact generates a public/private DKIM key pair for you. We use the private key to sign your outgoing emails, while you publish the public key in the DNS records for your domain. This option is best if you have multiple Constant Contact accounts using the same domain.

Note: You can only authenticate one domain in each Constant Contact account.
 

1. Click the profile icon in the lower-left and select Account settings.
   
   
    
2. Click the Advanced settings tab.
3. Click Add self-authentication.
   Note: If you’ve customized a subdomain to use for your rewritten “From” address, you’ll be able to continue sending from that subdomain until your self-authentication is successfully activated for your custom domain. Once activated, the customized subdomain will be deactivated.
   
   
    
4. Select “Self-authenticate using DKIM TXT record.”
5. Click Continue.
   
   
    
6. From the drop-down, select the domain you want to use for self-authentication. If the custom domain you want to use isn’t listed, choose “Select another domain” from the drop-down to add and verify a new email address.
7. Click Continue.
   
   
    
8. Click Generate key.
   
   
    
9. Click the copy symbols to easily copy the TXT and DMARC host names and values. Click Copy information to easily share it with your domain administrator, hosting provider, ISP, or Constant Contact re-seller to update the authentication records in your domain's DNS entry. They'll need to create a DNS TXT record, using the Host name as the name of the TXT record and the Value as the content of the TXT record. 

   Did you know? If you're using a web hosting provider, they can help you create the TXT records and store your DKIM key within their admin console. Some DNS providers may even automatically add your domain to the TXT record by default. Learn more.

10. Once you’re done, click Ok.
    
    
     
11. About 24 to 48 hours after you've pasted the TXT and DMARC records into your DNS settings, click Check status or Activate to finish activating your self-authentication.
    
    
     
12. If ready, click Activate. If you're receiving an error message and unable to activate, learn more about troubleshooting self-authentication.
    
    
     

Note: If you send email from multiple locations, such as Constant Contact, Google apps, and a CRM tool, each location signs with a different private DKIM key. You will have multiple public keys on your DNS to correspond to the private keys. DKIM keys are differentiated by the selector—in the above example, the selector is 10008432. Constant Contact uses numbers for the selector, but that's not always the case. For example, Google uses letters for the selector instead.  
 

Important: Don't forget to also publish the DMARC policy record, in addition to the TXT record, for your domain to ensure you comply with the latest authentication requirements.

Test your authentication records

Important: Before you send your next email, make sure your custom domain email address is verified in your account so that you can use it as the "From Address" in your emails. Once you've self-authenticated, you can only use a "From Address" with your authenticated domain, or your emails are likely to bounce.

It's a good idea to test your authentication before you send out an email, because it may take anywhere from a couple of hours to a couple of days for the newly published authentication records to propagate through the internet.

To test the new settings:

1. In Constant Contact, copy one of your recent emails to use as a test campaign.
2. Create a new contact list called TestAuthentication, and add one (or several) of your own private email addresses to that list.
3. Send your test email to the TestAuthentication list, making sure that the "From" address you set in the email header has the same domain as the one where you published your authentication records.
4. Check the email to see if it was sent successfully.

Once you have a successful test send, you can start sending emails that help build your reputation. If your initial test fails due to having "no signature," wait and try again later.

 

Update your authenticated domain

If you want to authenticate a different domain to use for your emails going forward, you’ll need to first remove your current self-authentication.

1. Click the profile icon in the lower-left and select Account settings.
   
   
    
2. Click the Advanced settings tab.
3. Click the Check status or Manage button.
   
   
    
4. Click Remove self-authentication.
   
   
    
5. Click Remove self-authentication again to confirm.
   
   
    

You can now follow the steps above to self-authenticate your new domain using CNAME records or a TXT record.


Any links we provide from non-Constant Contact sites or information about non-Constant Contact products or services are provided as a courtesy and should not be construed as an endorsement by Constant Contact.

Questions?