Skip to main content
How to verify your domain

Completely whitelabel your emails using your own domain to improve email deliverability.

Support Team avatar
Written by Support Team
Updated over 4 months ago

Getting Started

In order to verify your domain, navigate to Settings>Domains>Manage Domains screen:

Next, click "Start Verification" in order to bring up the "Domains" modal. In here you can choose between domain and email verification. Choose the domain option to start the verification process.

1) Input your domain name and hit "Continue". The domain must be owned by you and not registered with any other account

2) Log in to your domain provider

3) Add entries to your DNS settings

When properly set up, you can hit the "Verify record" button to continue.

4) Confirmation

If everything was set up correctly, you should be at a confirmation step of the verification process. This informs you that you can now use any email address related to your domain to send emails.

5) Set default sender

When there is a default sender set on the account, emails are still branded using the default sender, even if sent from a non-verified domain. If there is no default sender set, and an email is sent from a non-verified domain, then elasticemail.com is used. Also, if a default sender is set, then sub accounts will inherit the ability to use the main account's default verified sender domain.

You can find more information on why setting a domain as the default sender is important in our other article called Default sender domain.

When your domain is added to the account, it's now visible in the domains list. If a blue star is present next to the domain name, it indicates that it's set as a Default Sender. You can enter a domain's details by clicking View details next to the domain name.

The following screen shows detailed information about your domain's verification status. Here, you can set your domain as default sender and check if your SPF, DKIM, Tracking, MX and DMARC records are properly verified.

SPF is mandatory if you expect to experience good email deliverability. We also encourage you to verify DKIM. If you click the name of a record (e.g. "SPF") on this screen, a popup with detailed instructions on how to verify it will be displayed for you. Instructions on verification of every record will also be included below.

1. SPF

SPF stands for "Sender Policy Framework". An SPF record is in place to identify which mail servers are authorized to send mail for a given domain. It is used to prevent spammers from sending mail with fraudulent From addresses in that domain.
Though many DNS editors allow for the creation of a SPF record, the SPF record must be entered as a TXT record in your domain's DNS settings. Enter:

Host/Name: @ (This means that the record is pointed at your own domain. Some editors will require the "@" symbol, some will require you to enter your own domain, and others will not let you enter anything. Every DNS Editor is different - you may need to contact your hosting provider for information on how to enter this record correctly).

Value: v=spf1 a mx include:_spf.elasticemail.com ~all

SPF tips: Check to see if there are any other SPF records in your domain's DNS. There can only be one SPF record per domain, so if there is an existing record, just add "include:_spf.elasticemail.com" to that record. Make sure you remove the quotes.

For example, if your domain already has the record: v=spf1 a mx include:_spf.google.com ~all, then you would just add: include:_spf.elasticemail.com

The final record would look like this: v=spf1 a mx include:_spf.google.com include:_spf.elasticemail.com ~all

If you're still not able to verify the SPF record, make sure to check common SPF errors article.

2. DKIM

DKIM stands for "DomainKeys Identified Mail". They allow receiving servers to confirm that mail coming from a domain is authorized by the domain's administrators.

Create a TXT record. Enter:

Host/Name: api._domainkey

Value:k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB

TIP: DNS settings can have as many DKIM records as needed.
In some DNS settings, the Host/Name field may require you to enter "api._domainkey.yourdomain.com", replacing your domain with your actual domain.

3. Tracking

Elastic Email "tracks" opens, clicks, unsubscribes, etc. To do that, we must rewrite links and use web pages. Setting up a "tracking domain" brands these rewritten links and pages with your own domain.

Create a CNAME record. Enter:

Host/Name: tracking

3.1 Tracking Troubleshooting

  • Elastic Email's system will look for either "tracking" or "email" automatically. If another CNAME is used please contact support to get it validated.

  • If you are using Cloudflare as your host, you need to disable it for that particular record by clicking the "cloud" icon.

  • Some domain hosting providers add their own domain name at the end of a tracking record value automatically. So if you try to set a tracking record with value api.elasticemail.com, it would be automatically set up as api.elasticemail.com.yourhostingproider.com In order to work around this, just add a period "." at the end of your tracking record value, so it would look end up as "api.elasticemail.com.".

4. DMARC

We strongly recommend using our DMARC Generator - it will help you create a DMARC record suited to your domain.

Domain-based Message Authentication, Reporting & Conformance is an email authentication protocol that is built on top of SPF and DKIM protocols. SPF and DKIM are prerequisites of DMARC and must be in place before setting up a DMARC policy.
A DMARC policy allows a sender to indicate that their emails are signed by SPF and DKIM and tells a receiver what to do if neither of those authentication methods passes – such as junk or bounce the email. DMARC removes the guesswork from the receiver’s handling of these failed emails, limiting or eliminating the user’s exposure to potentially fraudulent & harmful emails. DMARC also provides a way for the email receiver to report back to the sender about emails that pass and/or fail DMARC evaluation.

Note, there is no specific configuration needed in Elastic Email besides ensuring that your SPF and DKIM are both valid. Further, a DMARC policy on your domain(s) will affect all of your email sending from that domain (not just the mail you are sending through Elastic Email), so you need to ensure you are using SPF and DKIM for all your email delivery. For more information please click here.

The following are example DMARC TXT entries to set up on your domain(s) DNS.

Option A

Setup your DMARC policy with a simple, most common DMARC record. You will not receive any reports with this setup.

Host/Name:_dmarc

Value: v=DMARC1;p=none;

Option B

This setup will include reports. The DMARC Reports will come to the email you specify in ruf= and rua= parameters. If you do not wish to receive them anymore, remove these parameters (Similar to Option 1).

When you no longer receive negative reports, change your DMARC policy to quarantine which will not necessarily bounce email, but indicate to the recipient server they should consider quarantining it (junk or spam folder).

Host/Name:_dmarc

Value: v=DMARC1; p=quarantine; ruf=mailto:youremail@yourdomain.com; rua=mailto:youremail@yourdomain.com

Option C

Another option with reports included. When you are satisfied that you are validating all the email from your domain(s) with SPF and DKIM, change the policy to reject which will bounce the emails that do not pass SPF and DKIM validation.

Host/Name:_dmarc

Value: v=DMARC1; p=reject; ruf=mailto:youremail@yourdomain.com; rua=mailto:youremail@yourdomain.com

Please click here to view a list of the most popular tags available for your DMARC policy as above are only examples.

5. MX

For most users, you will not be adding or changing any MX records in your domain's DNS. The only reason why you would change or add an MX record for use with Elastic Email is if you are using Inbound Email Notifications which are webhooks that are part of our HTTP API. Otherwise, this will give you a green check mark if you have an existing MX record that is used for directing mail to your own mail server. If it does not give you a green check mark then you do not have any MX records for your domain. This is okay - it is not required and all it means is that you do not currently have a mail server setup for your domain.


Please note that new data input in a DNS zone of a domain can take up to 48h to propagate. It varies between hosting providers.

Subdomain

You may sometimes need to verify a subdomain instead of a main domain. The process here is similar but the host names are a bit different. Let's use an example domain name sub.domain.com. In order to properly verify a subdomain you will have to include the subdomain part name in your records as follows:

SPF (TXT):

Host/Name: sub

Value: v=spf1 a mx include:_spf.elasticemail.com ~all

DKIM (TXT):

Host/Name: api._domainkey.sub

Value:k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB

Tracking (CNAME):

Host/Name: tracking.sub

DMARC (TXT):

Host/Name: _dmarc.sub

Value: v=DMARC1;p=none;

Frequently Asked Questions:

This section will help you with understanding more detailed obstacles that you might encounter during domain verification.

What are SPF Records? What are they for?

SPF stands for "Sender Policy Framework". An SPF record is in place to identify which mail servers are authorized to send mail for a given domain. It is used to prevent spammers from sending mail with fraudulent From addresses in that domain.

It is highly recommended that the SPF record is entered as a TXT record, as otherwise it will be not recognized as a valid record in most cases.
If you are creating the SPF record you will likely see a form with at least two fields, they are: "Host" or "Name" and "Value".
Here is what you enter under those fields:

Host/Name: @ (yes you put the @ symbol here under the host or name category)
Value: v=spf1 a mx include:_spf.elasticemail.com ~all

SPF TIPS:


Check to see if there are any other SPF records in your domain's DNS. There can only be one SPF record per domain, so if there is an existing record just add "include:_spf.elasticemail.com" to that record.
Make sure you remove the quotes.

For example, if your domain already has the record: v=spf1 a mx include:_spf.google.com ~all then you would just add: include:_spf.elasticemail.com. The final record would look like this: v=spf1 a mx include:_spf.google.com include:_spf.elasticemail.com ~all

Another tip: Sometimes '@' needs to be replaced with something else specific to your hosting. Check with your hosting provider to see if a special entry is needed in the Host/Name field if there is one. There are MANY different DNS editors and the set up can be different for each.

What is a TXT record?

This is a short form which means "text record" and can be nearly any form of text.

What are DKIM records? What are they for?

DKIM stands for "DomainKeys Identified Mail". They allow receiving servers to confirm that mail coming from a domain is authorized by the domain's administrators. This record also needs to be entered as a TXT record, you will see at least two fields, they are: "Host" or "Name" and "Value".

Here is what you enter in those fields:
Host/Name: api._domainkey
Value: k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB
(Yes, it really is this long list of numbers and letters, make sure you copy and paste correctly).

In some DNS settings, the Host/Name field may require you to enter "api._domainkey.yourdomain.com", replacing your domain with your actual domain.

What is a "Verified Sender Domain"?

A verified sender domain is a domain that has given Elastic Email permission to send email from your domain. This means that the emails are being sent by Elastic Email servers, but the emails are using your domain as the "From" address.

Why is it a good idea to verify your sending domain?

Recipient ISPs need to verify that the domain has given permission for Elastic servers to use it. They can verify this by looking up certain records in your domain's DNS.

What does DNS mean? Can anything be a domain?

DNS stands for Domain Name System. Each Hosted Domain can be looked up by a server by it's domain or corresponding IP address. Each domain has its own settings. Nearly anything can be a domain, for example, myowncompany.com could be a domain if registered.

Where do I start, where do I go to fill in the correct form for this? What will I see?

First, you will go to where your domain is hosted (ie. GoDaddy, Dreamhost, Hostgator etc.), there will be an option there to adjust your DNS settings. You will see several fields of information to fill. The most common are SPF and DKIM.

Once I've entered those records in my DNS settings, what do I do next?

Once those records have been added to your domain's DNS settings, visit your Elastic account's Settings screen. Green Check marks mean that the domain records are valid and you can now send email from "anything@yourdomain.com".

What if the domain is set as the "Default"?

It is good practice to have a default verified sender domain. Our system will use the default verified sender domain if a non-verified domain is used for the email for the account. This is particularly important if sub-accounts are using the main account sender domain or resellers want notification emails to send using their domain.

What is a Tracking Domain?

If tracking is enabled for your account, then our system re-writes links in the emails. Any link will first direct the user through "api.elasticemail.com".
So, for an instant, while the link is rerouted to its original destination, the URL will show "api.elasticemail.com".
We offer the ability to "whitelabel" this URL with your own domain. In your domain's DNS settings, create a new CNAME record:

Host/Name: tracking
Value: api.elasticemail.com
Then go to your Elastic account's Settings Screen and click "Verify". Our system automatically looks for the CNAME "tracking". So if you enter anything else, please contact support so that we can validate the record manually. A green check mark means that the tracking domain is active.

Related links:

Did this answer your question?