How to authenticate your emails

Before you start

• To send mailings from a specific email address, you must first add it to your list of sender addresses and validate it. Learn how >
• It's only possible to activate a custom DKIM signature for addresses that have a business domain that you control, i.e., a domain personalized to your organization (e.g., info@thenameofyourcompany.com). If you use a free email address such as Gmail, Hotmail or Yahoo (e.g. mycompany@gmail.com), you won't be able to activate the custom DKIM authentication, and we'll provide you with a temporary address for your mailings. This will be generated from your sender address (e.g., if your email address is mycompany@gmail.com, your sending address will be: mycompany.gmail.com@email.cyberimpact.com (or .net). This ensures that your email is correctly authenticated, and that it is not rejected by Gmail or Yahoo. Find out why it's not recommended to use a free email address for your mailings >

How to authenticate your mailings

In order to be able to use your email addresses to send your mailings from our platform and ensure that their sending domains are correctly authenticated, you must:

1. Authenticate your sending domains with a DMARC policy. Learn more about DMARC configuration >
2. Create a CNAME in your DNS records for each of the domains and subdomains you use for your mailings.
3. Contact us to activate the custom DKIM signature for your sending domains in your account.

Below you'll find the technical information you'll need to make these changes. These changes require access to your DNS. If you can't access them, or don't know how, you can simply copy and paste the instructions and send them to the person or company who manages your domain name. This is a routine operation which is usually relatively simple for them to carry out. At the end of the article, you'll also find an example of a standard email in English and French to help you communicate with your provider.

DMARC policy implementation

A DMARC policy is now required for your mailings. If you don't already have one on your sending domain, please add a TXT record like this one to your DNS:

Type: TXT
Host/Name: _dmarc.mywebsite.com
Value: v=DMARC1; p=none;

Creation of CNAME

The following record must be added to your DNS so that we can authenticate your emails with a custom DKIM with your domain name:

Type: CNAME
Host/Name: cyberimpact._domainkey.mywebsite.com
Value: clients._domainkey.email.cyberimpact.com

Type: TXT
Host/Name: @
Value: v=spf1 include:spf.cyberimpact.com ~all
TTL: 1 heure ou 3600 secondes

Sample email to send to your domain registrar

You can copy and paste the following text to send your request to your domain registrar:

Dear Support,

Would you please help me add a CNAME record to my domain's DNS records?

• My domain is: mywebsite.com
• My CNAME record (destination/target) is: cyberimpact._domainkey.mywebsite.com
• My CNAME record (host/label) points to: clients._domainkey.cyberimpact.com

Also, could you check if my domain is authenticated with a DMARC policy? If not, can you help me set it up by creating the following record:

• Type: TXT
• Host/Name: _dmarc.mywebsite.com
• Value: v=DMARC1; p=none;

 Thanks,

FAQs

• Why is Cyberimpact asking me to authenticate my domain?
• What happens if I can't authenticate my domain right now?
• How long can I keep my temporary email address?
• Will my contacts still be able to reply to me?
• If I make the changes, does that mean my emails will no longer be classified as spam?
• Why is my email address being replaced even though I've taken steps to authenticate my domain?

Why is Cyberimpact asking me to authenticate my domain?

Important changes at Gmail and Yahoo now require that your sending domain is authenticated with SPF, DKIM, and DMARC. To make sure your mailings comply with these new requirements, we ask all our clients to authenticate their email domain in their account. It is important to understand that these guidelines apply to all email senders worldwide. These requirements are not specific to the use of the Cyberimpact platform.

What happens if I can't authenticate my domain right now?

This is not a problem. Your emails will continue to be sent, but the sender address will be changed to an address automatically generated by our platform so that we can ensure that your mailings are properly authenticated and not automatically rejected or classified as spam by platforms like Gmail and Yahoo. You don't have to do a thing. We take care of everything.

How long can I keep my temporary email address?

There's no time limit at the moment. But we advise you to make changes as soon as possible. Authenticating your emails is one of today's standards. This will enable you to further personalize your mailings to your brand and establish an independent sending reputation. It also protects your organization against email spoofing.

Will my contacts still be able to reply to me?

If your domain is not authenticated in your account, this will only modify your sender address. You can continue to personalize the return address. When your recipients will press "Reply", they'll write to the address you chose in your mailing configuration.

If I make the changes, does that mean my emails will no longer be classified as spam?

As mentioned above, authenticating your domain has long been part of good mailing practice, but it has now become essential to reduce the risk of your emails being automatically blocked or classified as spam. However, even if you authenticate your domain, other factors can affect the way your emails are processed, such as the quality of your list, the content of your emails, their relevance and the frequency with which you send them. Get tips on how to improve your mailings >

Why is my email address being replaced even though I've taken steps to authenticate my domain?

In order for us to authenticate your emails with your domain, you must meet the following conditions:

• have a valid DMARC policy on your sending domain
• have created a CNAME record as described in the article above
• have notified our team that changes have been made to activate the custom DKIM signature.

If these steps have all been taken and have worked in previous mailings, but your address is being replaced again, it's because we have detected a problem with your DMARC or CNAME record. This could be due to a change in your DNS records that has affected your DMARC and/or CNAME.

If you need help, don't hesitate to contact us.

How to manage DNS records according to your provider

Below are links to help articles on how to add or modify your DNS records with the most popular domain name registrars:

• Bluehost: Add a CNAME | Setup a DMARC record
• Cloudflare: How to manage DNS records
• DreamHost: Add a CNAME | Setup a DMARC record
• GoDaddy: Add a CNAME | Setup a DMARC record
• HostGator: How to change your DNS records in cPanel | How to change your DNS records in Plesk
• Hover: Add a CNAME | How to create a TXT record (for DMARC)
• IONOS: Add a CNAME | Setup a DMARC record
• Namecheap: Add a CNAME (video tutorial) | Setup a DMARC record
• Siteground: Add a CNAME | Setup a DMARC record
• Squarespace: Add a CNAME | Setup a DMARC record
• Wix: Add a CNAME | Manage your DNS records
• Wordpress: Manage your DNS records

Glossary

•  What is a DMARC policy?
•  What is DKIM?
•  What is a CNAME?
•  What is DMARC alignment?

What is a DMARC policy?

DMARC is an authentication method for ensuring that messages sent from your email address really do come from you, and for specifying to others how emails that fail authentication tests should be handled. Should they do nothing and accept them even if validation has failed? Should they quarantine them in the spam folder or reject them? In the last two cases, if someone tries to forge your email address, this will prevent false emails from reaching their destination and damaging your reputation in the process. DMARC also allows you to obtain detailed reports so you can detect if there have been any attempts to impersonate your domain.

What is DKIM?

DKIM is an email authentication method that allows the person or organization sending an email message to use a digital signature to associate the message with their domain. It enables the servers that receive your emails to verify that the email has indeed been sent by the domain it claims to come from, and that it has not been modified or altered in transit.

What is a CNAME?

A CNAME, or canonical name record, is a type of DNS record that maps an alias name to a true or canonical domain name.

What is DMARC alignment?

For a mailing to pass DMARC authentication checks, the e-mail must 1) be correctly authenticated with SPF authentication or a valid DKIM signature, and 2) the domain name of the address visible to recipients in the "From:" email field must be the same as the one in the Return-path email address (for SPF authentication) or DKIM signature (this is called SPF or DKIM alignment).

To ensure that your mailings via our platform pass DMARC verification, we need to add a custom DKIM signature with your sending domain in order to respect the domain alignment of your DMARC policy, as it is not currently possible to customize the domain linked to SPF verification (the one of the Return-path address).  Learn more about this >

See also: 

• Changes at Gmail and Yahoo starting from February 1st, 2024
• How to set up DMARC authentication
• What is SPF, DKIM, and DMARC authentication?
• Manage sender addresses