We're making it easier to get around Constant Contact with a brand new left navigation. Not all accounts have that change yet, so if your navigation looks different from our articles, that's why–but everything from the top can now be found on the left!

Email and Digital Marketing
How can we help you?
Search our help articles, video tutorials, and quickstart guides

You've got this. You've got us. Search our Knowledge Base to quickly find answers to your questions.

Self-authenticate your emails using your own domain

Article: 000005932
Updated: February 14, 2025

Build your sending reputation by self-authenticating your domain using DKIM CNAME records or a TXT record, and adding a DMARC record


Want to improve your email deliverability and make sure your emails land in the inbox? If you have your own website domain name (ex: halfmoonyoga.com) and an email address at that domain that you use as your "From Address" (ex: marsha@halfmoonyoga.com), authenticating your outbound email helps to verify that the message is actually coming from your organization and that it’s not a spoof or spam.

All email sent through Constant Contact receives basic authentication, but setting up self-authentication within your Constant Contact account builds your reputation as a safe sender under your domain instead of under Constant Contact. Learn more about email authentication.

In order to self-authenticate your emails, you'll need to be able to access the DNS records for your domain, usually through your hosting provider. Not sure where your DNS records are hosted? You can do a lookup with this tool.

    You have two options for the type of record you can add:

    1. CNAME records - This is the simplest and most secure way to authenticate your domain email address.
    2. TXT record - This is the best option if you have multiple Constant Contact accounts using the same domain.
    Light Bulb IconNote: When self-authenticating your emails, you also need to publish a DMARC policy in your DNS records to comply with the latest authentication requirements.


    Constant Contact generates the CNAME or TXT record information, as well as the DMARC policy information, you'll need to publish in your domain's DNS settings, which can be done by your IT department or webmaster if you have one, or with the help of your hosting provider. Once your DNS records are updated, it can take anywhere from a couple of hours to a couple of days for the newly published authentication records to propagate through the internet.
     

     


    Self-authenticate using CNAME records

    Self-authenticating using CNAME records is the simplest and most secure way to authenticate your domain email address.

    Note: You can only authenticate one domain in your account.
     

    1. Click the profile icon in the lower-left and select Account settings.

      Profile Name and My Account Option
       
    2. Click the Advanced settings tab.
    3. Click Add self-authentication.
      Note: If you’ve customized a subdomain to use for your rewritten “From” address, you’ll be able to continue sending from that subdomain until your self-authentication is successfully activated for your custom domain. Once activated, the customized subdomain will be deactivated. 

      Advanced Settings tab, Email Authentication section, and Add Self-Authentication button
       
    4. Select “Self-authenticate using DKIM CNAME records.”
    5. Click Continue.

      Self-authentication options, CNAME option selected, and Continue button
       
    6. From the drop-down, select the domain you want to use for self-authentication. If the custom domain you want to use isn’t listed, choose “Select another domain” from the drop-down to add and verify a new email address.
    7. Click Continue.
      Exclamation Point IconImportant: If you receive a message that says “This domain is already authenticated in another Constant Contact account,” you'll need to self-authenticate using a TXT record instead.

      Select a domain drop-down and Continue button
       
    8. Use the copy symbols to copy each of the CNAME and DMARC record names and values to update your DNS records through your hosting provider. Your IT department or Mail administrator can do this, if you have one. Click Copy information to easily share the information with them.
      Light Bulb IconTip: If you're using a web hosting provider, they can help you create the records within their admin console. Some DNS providers may even automatically add your domain to the record by default. Learn more.
    9. Once you’re done, click OK.

      CNAME Record Names and Values generated and OK button
       
    10. Click Got it. Once you add the CNAME and DMARC records to your DNS settings, it can take up to 48 hours to fully propagate. Don't worry, you'll still be able to send emails while you wait for your DNS records to update.
      Exclamation Point IconImportant: Don't forget to also publish the DMARC policy record, in addition to the CNAME records, to be able to activate your self-authentication in step 13.

      Activating Self-Authentication with CNAME confirmation and Got It button
       
    11. Click OK to return to your account.

      CNAME authentication Pending and OK button
       
    12. About 24 to 48 hours after you've pasted the CNAME and DMARC records into your DNS settings, click Check status or Activate to finish activating your self-authentication.

      My Account, Advanced Settings tab, Self-authentication CNAME record ready to activate, and Activate button
       
    13. If ready, click Activate. If you're receiving an error message and unable to activate, learn more about troubleshooting self-authentication.

      CNAME authentication ready to activate and Activate button

     




    Self-authenticate using a TXT record

    Exclamation Point IconImportant: You won't be able to send emails until your DNS records fully propagate, which can take up to 48 hours. Make sure your webmaster or IT admin is looped into the process before you generate your DKIM key. Sending an email after your DKIM key is generated, but before your DNS record is updated, results in an error message. After your DNS record is updated, it's best to send a test email before sending an email to your contacts.


    When you self-authenticate using a TXT record, Constant Contact generates a public/private DKIM key pair for you. We use the private key to sign your outgoing emails, while you publish the public key in the DNS records for your domain. This option is best if you have multiple Constant Contact accounts using the same domain.

    Note: You can only authenticate one domain in each Constant Contact account.
     

    1. Click the profile icon in the lower-left and select Account settings.

      Profile Name and My Account Option
       
    2. Click the Advanced settings tab.
    3. Click Add self-authentication.
      Note: If you’ve customized a subdomain to use for your rewritten “From” address, you’ll be able to continue sending from that subdomain until your self-authentication is successfully activated for your custom domain. Once activated, the customized subdomain will be deactivated.

      Advanced Settings tab, Email Authentication section, and Add Self-Authentication button
       
    4. Select “Self-authenticate using DKIM TXT record.”
    5. Click Continue.

      Self-authentication options, TXT record option selected, and Continue button
       
    6. From the drop-down, select the domain you want to use for self-authentication. If the custom domain you want to use isn’t listed, choose “Select another domain” from the drop-down to add and verify a new email address.
    7. Click Continue.

      Select a domain drop-down and Continue button
       
    8. Click Generate key.

      Set up self-authentication using DKIM TXT record confirmation and Generate Key button
       
    9. Click the copy symbols to easily copy the TXT and DMARC host names and values. Click Copy information to easily share it with your domain administrator, hosting provider, ISP, or Constant Contact re-seller to update the authentication records in your domain's DNS entry. They'll need to create a DNS TXT record, using the Host name as the name of the TXT record and the Value as the content of the TXT record. 
      Light Bulb IconDid you know? If you're using a web hosting provider, they can help you create the TXT records and store your DKIM key within their admin console. Some DNS providers may even automatically add your domain to the TXT record by default. Learn more.
    10. Once you’re done, click Ok.

      Generated Domain Key Host Name and TXT Record, Copy symbols, and OK button
       
    11. About 24 to 48 hours after you've pasted the TXT and DMARC records into your DNS settings, click Check status or Activate to finish activating your self-authentication.

      My Account, Advanced Settings tab, Self-authentication TXT record ready to activate, and Activate button
       
    12. If ready, click Activate. If you're receiving an error message and unable to activate, learn more about troubleshooting self-authentication.

      TXT authentication ready to activate and Activate button
       

    Note: If you send email from multiple locations, such as Constant Contact, Google apps, and a CRM tool, each location signs with a different private DKIM key. You will have multiple public keys on your DNS to correspond to the private keys. DKIM keys are differentiated by the selector—in the above example, the selector is 10008432. Constant Contact uses numbers for the selector, but that's not always the case. For example, Google uses letters for the selector instead.  
     

    Exclamation Point IconImportant: Don't forget to also publish the DMARC policy record, in addition to the TXT record, for your domain to ensure you comply with the latest authentication requirements.

     

     

    Test your authentication records

    Exclamation Point IconImportant: Before you send your next email, make sure your custom domain email address is verified in your account so that you can use it as the "From Address" in your emails. Once you've self-authenticated, you can only use a "From Address" with your authenticated domain, or your emails are likely to bounce.


    It's a good idea to test your authentication before you send out an email, because it may take anywhere from a couple of hours to a couple of days for the newly published authentication records to propagate through the internet.

    To test the new settings:

    1. In Constant Contact, copy one of your recent emails to use as a test campaign.
    2. Create a new contact list called TestAuthentication, and add one (or several) of your own private email addresses to that list.
    3. Send your test email to the TestAuthentication list, making sure that the "From" address you set in the email header has the same domain as the one where you published your authentication records.
    4. Check the email to see if it was sent successfully.

    Once you have a successful test send, you can start sending emails that help build your reputation. If your initial test fails due to having "no signature," wait and try again later.

     

    Update your authenticated domain

    If you want to authenticate a different domain to use for your emails going forward, you’ll need to first remove your current self-authentication.

    1. Click the profile icon in the lower-left and select Account settings.

      Profile Name and My Account Option
       
    2. Click the Advanced settings tab.
    3. Click the Check status or Manage button.

      Advanced Settings tab, Email Authentication section, and Manage button
       
    4. Click Remove self-authentication.

      CNAME authentication Active and Remove Self-Authentication button
       
    5. Click Remove self-authentication again to confirm.

      Remove Self-Authentication confirmation message and button
       

    You can now follow the steps above to self-authenticate your new domain using CNAME records or a TXT record.


    Any links we provide from non-Constant Contact sites or information about non-Constant Contact products or services are provided as a courtesy and should not be construed as an endorsement by Constant Contact.


    Questions?

    Ask the Community

    Did this article answer your question?


    Constant Contact Logo

    Copyright © 2025 · All Rights Reserved · Constant Contact · Privacy Center