Creating great copy means nothing if your message doesn’t make it to your user. Although it’s just one piece of the deliverability puzzle (along with your copy and overall reputation), authenticating the domains you use to send email messages from Customer.io can help your messages reach your users. Check out our post on Email Deliverability to know more about how it works.
In addition to improving email deliverability, authenticating your sending domains in Customer.io will also let you control the appearance of your tracked links. How about Universal Links? If you need to enable them for your mobile app, HTTPS domain authentication is required.
To set up basic authentication you’ll need to add four DNS records at your DNS hosting provider for any domain you wish to send from using your Customer.io account:
Each domain you choose to authenticate must first be used in one or more of the From Addresses that are configured in your account. Once added, each domain will be assigned its own values for the DNS records that need to be added at your DNS host.
To see these values, follow the Message Settings link in the left-hand menu in your Customer.io account, choose Email from the list of message types and then select the Deliverability tab:
Next, click the Configure or re-check button for the domain you’d like to authenticate. This is where you will see the TXT and CNAME records you need to add to your domain’s DNS records in order to verify domain ownership, configure SPF, configure DKIM and to enable white labeling of your tracked links:
After you have added these records at your DNS host and they have had time to propagate, you will need to come back to the setting screen (pictured above) and click the Check now button. We will verify that the records are in place and take you back to the domain list where you’ll see the results of our check.
For your convenience, here is a list of links to the instructions for adding DNS records at commonly used hosts:
For verifying HTTPS for regular links please visit our documentation on Setting Up HTTPS Link Tracking. If you also need to support links to iOS or Android apps, our documentation on setting up Setting Up Universal Links would be more appropriate.
No. If you are using a custom SMTP you’ll add SPF and DKIM records according to your custom SMTP provider’s documentation. If you want to white label your tracking links to use your domain rather than customeriomail.com, you can still add the domain Ownership TXT record and the CNAME record. Note: The CNAME record alone will not validate.
On the Email Deliverability page, we’ll show you the verification status of any domains you’ve added, like this:
Note: Until you verify ownership of your domain we will not be able to send signed emails on that domain’s behalf. For example, emails from the address firstname.lastname@example.org can’t be signed until
mydomain.comhas been verified.
The domain list is made up of domains used in the From Addresses that are configured in your account. If you want to add another domain, follow the Message Settings link in the left-hand menu in your Customer.io account, choose Email from the list of message types, then select the From Addresses tab, and then click the “Add From Address” button at the bottom of the domain list.
All you’ll need to do is add include:customeriomail.com to your existing record. For example, this:
v=spf1 include:_spf.google.com ~all
v=spf1 include:_spf.google.com include:customeriomail.com ~all
Without the authentication records (Verified, SPF, & DKIM), your emails could be filtered as spam or blocked all together. Your recipients will also see a “via” or “on behalf of” message displayed in Gmail and Outlook:
Yes. If any of the first three TXT records (Verified, SPF, & DKIM) aren’t checked then we can’t sign your emails with your domain. This means your recipients will also see a “via” or “on behalf of” message in their email app. Note: Some receiving servers only look for one type of authentication and adding both ensures you’ll comply with a server looking only for SPF or only for DKIM.
Make sure you’re using a TXT record as indicated in our instructions, not a SPF one. If the record is still not validated after 48 hours, get in touch and we’ll troubleshoot the issue for you :)
CloudFlare CNAME records won’t be validated if the HTTP proxy feature is enabled. Disable it and the record will go through correctly.
Underscores: Some hosts do not support underscores (
_) in DNS records, and adding the DKIM record can cause an error. The underscore is required and you’ll want to contact your host to see if they disallow underscores entirely or if they can manually add the record for you.
Semicolons: Some hosts require that you escape semicolons in records. If you’re getting an error try replacing
No. The records are written specifically to allow our servers to send for you but not to disallow other servers.
Often, a host won’t allow you to add records yourself, but will add them for you. As a first step we recommend you talk to your hosting company to see if they can help. If records are disallowed entirely, you’ll need to:
- Go without authentication.
- Switch to a different web host that allows you to add TXT and CNAME records.
- Host your DNS at a company separate from your web hosting.