How to authenticate your emails

To send emails from the email address of your choice and comply with the new Gmail and Yahoo requirements that will come into force in February 2024, we need to activate a custom DKIM signature with your sending domain and verify that it has been authenticated with DMARC.

Learn more about the changes at Gmail and Yahoo >

Before you start

  • To send mailings from a specific email address, you must first add it to your list of sender addresses and validate itLearn how >
  • It's only possible to activate a custom DKIM signature for addresses that have a business domain that you control, i.e., a domain personalized to your organization (e.g., If you use a free email address such as Gmail, Hotmail or Yahoo (e.g., you won't be able to activate the custom DKIM authentication, and we'll provide you with a temporary address for your mailings. This will be generated from your sender address (e.g., if your email address is, your sending address will be: (or .net). This ensures that your email is correctly authenticated, and that it is not rejected by Gmail or Yahoo. Find out why it's not recommended to use a free email address for your mailings >

What is a domain name? A domain name is a unique web address, consisting of a name and an extension (.com, .org, etc.), enabling users to easily access a specific site on the Internet. Your sending domain is the part that follows the @ in your email address. For example, if your email address is, your sending domain is

How to authenticate your mailings

In order to be able to use your email addresses to send your mailings from our platform and ensure that their sending domains are correctly authenticated, you must:

  1. Authenticate your sending domains with a DMARC policyLearn more about DMARC configuration >
  2. Create a CNAME in your DNS records for each of the domains and subdomains you use for your mailings.
  3. Contact us to activate the custom DKIM signature for your sending domains in your account.

Below you'll find the technical information you'll need to make these changes. These changes require access to your DNS. If you can't access them, or don't know how, you can simply copy and paste the instructions and send them to the person or company who manages your domain name. This is a routine operation which is usually relatively simple for them to carry out. At the end of the article, you'll also find an example of a standard email in English and French to help you communicate with your provider.

Don't forget to replace the fake domain "" in the examples below with your own domain name.

Don't know who your domain name registrar is? Learn how to find it in this Google help article.

DMARC policy implementation

A DMARC policy is now required for your mailings. If you don't already have one on your sending domain, please add a TXT record like this one to your DNS:

Type: TXT
Value: v=DMARC1; p=none;

Creation of CNAME

The following record must be added to your DNS so that we can authenticate your emails with a custom DKIM with your domain name:


Once your domain has been authenticated with a DMARC policy AND the CNAME has been created in your DNS, don't forget to contact our customer service department so that we can activate the custom DKIM signature to your account. 

This is important so that we can ensure that your DMARC policy is properly aligned in your mailings. Learn more >

About the Sender Policy Framework (SPF) (optional step)
SPF is an authentication method that allows you to specify which servers are authorized to send emails on your behalf. To send from our platform, it is not necessary to create an SPF record or modify an existing one, as they will be authenticated with our own SPF authentication.

However, if you wish to include Cyberimpact to your existing SPF record (even if it is not necessary), you just have to add “” to it.

For example, if your current SPF record is:
v=spf1 ~all.

You need to change it to:
v=spf1 ~all

If you don't have an SPF record, but would like to create one for your sending domain:

Type: TXT
Host/Name: @
Value: v=spf1 ~all
TTL: 1 heure ou 3600 secondes

To learn more about creating an SPF record >

Sample email to send to your domain registrar

You can copy and paste the following text to send your request to your domain registrar:

Dear Support,

Would you please help me add a CNAME record to my domain's DNS records?

  • My domain is:
  • My CNAME record (destination/target) is:
  • My CNAME record (host/label) points to:

Also, could you check if my domain is authenticated with a DMARC policy? If not, can you help me set it up by creating the following record:

  • Type: TXT
  • Host/Name:
  • Value: v=DMARC1; p=none;



Why is Cyberimpact asking me to authenticate my domain?

Important changes at Gmail and Yahoo now require that your sending domain is authenticated with SPF, DKIM, and DMARC. To make sure your mailings comply with these new requirements, we ask all our clients to authenticate their email domain in their account. It is important to understand that these guidelines apply to all email senders worldwide. These requirements are not specific to the use of the Cyberimpact platform.

What happens if I can't authenticate my domain right now?

This is not a problem. Your emails will continue to be sent, but the sender address will be changed to an address automatically generated by our platform so that we can ensure that your mailings are properly authenticated and not automatically rejected or classified as spam by platforms like Gmail and Yahoo. You don't have to do a thing. We take care of everything.

How long can I keep my temporary email address?

There's no time limit at the moment. But we advise you to make changes as soon as possible. Authenticating your emails is one of today's standards. This will enable you to further personalize your mailings to your brand and establish an independent sending reputation. It also protects your organization against email spoofing.

Will my contacts still be able to reply to me?

If your domain is not authenticated in your account, this will only modify your sender address. You can continue to personalize the return address. When your recipients will press "Reply", they'll write to the address you chose in your mailing configuration.

If I make the changes, does that mean my emails will no longer be classified as spam?

As mentioned above, authenticating your domain has long been part of good mailing practice, but it has now become essential to reduce the risk of your emails being automatically blocked or classified as spam. However, even if you authenticate your domain, other factors can affect the way your emails are processed, such as the quality of your list, the content of your emails, their relevance and the frequency with which you send them. Get tips on how to improve your mailings >

Why is my email address being replaced even though I've taken steps to authenticate my domain?

In order for us to authenticate your emails with your domain, you must meet the following conditions:

  • have a valid DMARC policy on your sending domain
  • have created a CNAME record as described in the article above
  • have notified our team that changes have been made to activate the custom DKIM signature.

If these steps have all been taken and have worked in previous mailings, but your address is being replaced again, it's because we have detected a problem with your DMARC or CNAME record. This could be due to a change in your DNS records that has affected your DMARC and/or CNAME.

If you need help, don't hesitate to contact us.

How to manage DNS records according to your provider

Below are links to help articles on how to add or modify your DNS records with the most popular domain name registrars:


What is a DMARC policy?

DMARC is an authentication method for ensuring that messages sent from your email address really do come from you, and for specifying to others how emails that fail authentication tests should be handled. Should they do nothing and accept them even if validation has failed? Should they quarantine them in the spam folder or reject them? In the last two cases, if someone tries to forge your email address, this will prevent false emails from reaching their destination and damaging your reputation in the process. DMARC also allows you to obtain detailed reports so you can detect if there have been any attempts to impersonate your domain.

What is DKIM?

DKIM is an email authentication method that allows the person or organization sending an email message to use a digital signature to associate the message with their domain. It enables the servers that receive your emails to verify that the email has indeed been sent by the domain it claims to come from, and that it has not been modified or altered in transit.

What is a CNAME?

A CNAME, or canonical name record, is a type of DNS record that maps an alias name to a true or canonical domain name.

What is DMARC alignment?

For a mailing to pass DMARC authentication checks, the e-mail must 1) be correctly authenticated with SPF authentication or a valid DKIM signature, and 2) the domain name of the address visible to recipients in the "From:" email field must be the same as the one in the Return-path email address (for SPF authentication) or DKIM signature (this is called SPF or DKIM alignment).

To ensure that your mailings via our platform pass DMARC verification, we need to add a custom DKIM signature with your sending domain in order to respect the domain alignment of your DMARC policy, as it is not currently possible to customize the domain linked to SPF verification (the one of the Return-path address).  Learn more about this >

See also: