Authenticating email domains for standalone websites

Emails are sent automatically when clients interact with your website, whether that be via your online store or contact forms. If you use these functionalities in your CMS, you must authenticate your email domain settings. This is a critical step to ensure that your emails are delivered successfully to recipients' inboxes. This article will guide you through the steps for standalone websites. 

Why is this necessary?

Emails sent through Artlogic are processed and delivered by Sendgrid, our third-party mailing provider. Major email services like Outlook and Gmail are sensitive to emails sent from mass mailing providers and may mark them as spam if the correct authentication settings are not in place.

By authenticating your email domain settings, you add an extra layer of verification, assuring these services that the emails originate from you. This measure is essential to comply with tightened sending policies enforced by major email inbox providers, such as Gmail and Yahoo Mail, especially after the recent industry changes in February 2024.

In simpler terms, authenticating your email domain ensures that your emails reach their intended recipients' inboxes, avoiding potential spam filters.

Overview

Your domain is the address of your website, and the custom address of your emails: for example, gallerydomainname.com, gallerydomainname.co.uk, gallerydomainname.fr. You (or your IT specialist) can first navigate to your DNS settings within your domain account. From there, you will need to create some additional set rules to make sure emails sent via Artlogic are authenticated. 

If you have trouble making the changes yourself, or are unsure, we recommend you contact your domain provider's help desk (where you purchased your @gallerydomainname.com email address from), as they will be best placed to help you make these changes safely and securely. We have a template email you can use below. 

What needs to be done? 

To authenticate your email domain settings, you'll need to follow these steps:

  1. Identify your domain provider
  2. Access DNS settings: Log in to your domain account and access the DNS settings of the domain from which your emails are sent.
  3. Complete domain authentication: Follow the guidelines to set up Canonical Name (CNAME) records and adjust or create a Sender Policy Framework (SPF).
  4. Additionally, set up a DMARC record (Domain-based Message Authentication, Reporting & Conformance)
  5. Verify completion: Please note that it may take up to 24 hours to process fully.

Please note: If you have two email domains, you have to choose one to send emails from Artlogic. We can’t support multiple domains. When we complete our technical set-up of your product, we validate your chosen domain with SendGrid, our third party mailing provider. We are not able to do this with multiple domains as this would impact your email deliverability negatively. If you have authenticated one domain and want to change it, please contact our Support team on support@artlogic.net.

What are the criteria for successful domain authentication? 

Ensure the following components are completed for successful authentication:

  • Add domain authentication CNAME DNS records.
  • Create an SPF rule that includes 'include:_spf.artlogic.net.'
  • Optionally, create a DMARC record for enhanced email validation.

Warning: If you send a high volume of emails from your email domain (around 5000 within a day), we strongly recommend you add all three components.

If you encounter difficulties or are unsure, we recommend contacting your IT specialist, DNS manager, or domain provider for assistance. Unfortunately, Artlogic Support cannot directly assist with the setup of CNAME, SPF, DKIM, or DMARC records.

I don't have an IT specialist

If you don't have an IT specialist, contact your domain host (e.g., GoDaddy, Google Domains) for guidance. Simply share the following email template with them:

Dear ___

I need to set up some additional authentication rules on my email domains, so that I can use Artlogic's  mailing features. Please can you help me complete these tasks:

1. Add 'include:_spf.artlogic.net' into my SPF record rule

2. Set up the following CNAME records on my email domains:

send -> u12006358.wl109.sendgrid.net

dk._domainkey -> dk.domainkey.u12006358.wl109.sendgrid.net

dk2._domainkey -> dk2.domainkey.u12006358.wl109.sendgrid.net

link -> sendgrid.net

12006358 -> sendgrid.net 

3. Set up and publish my DMARC policy.

 

Getting started

Firstly identify who your domain provider is, and login to your domain account with them.


After logging into your domain account, you will need to access the DNS settings of the domain from which your emails are sent from e.g. gallerydomainname.com, to perform the below tasks. Each domain provider will have a different interface, so we have provided general guidance below, but the actual interface will differ and is not something we can directly advise on.

Authenticating your domain through CNAME records

Domain authentication helps ensure that the emails that you send through the mass mailing system in Artlogic appear as though they are coming directly from your email domain and are verified correctly as coming from you.

You should setup your CNAME records in the following way below.

send -> u12006358.wl109.sendgrid.net

dk._domainkey -> dk.domainkey.u12006358.wl109.sendgrid.net

dk2._domainkey -> dk2.domainkey.u12006358.wl109.sendgrid.net

link -> sendgrid.net

12006358 -> sendgrid.net

Common setup issue

When adding the CNAME records to your DNS settings, some domain hosts require that you add your domain (e.g. gallerydomainname.com/ gallerydomainname.co.uk/ gallerydomainname.fr) into each line. Inspect the other records that have already been added in your DNS settings - if they end with your domain then it is necessary to include your domain in the new CNAME records. Other hosts (like GoDaddy and Google) will add it for you. If it is required, you can set up your CNAME records in the following way, replacing “[domain]” with your organisation's domain e.g. gallerydomainname.com:

send.[domain] -> u12006358.wl109.sendgrid.net

dk._domainkey.[domain] -> dk.domainkey.u12006358.wl109.sendgrid.net

dk2._domainkey.[domain] -> dk2.domainkey.u12006358.wl109.sendgrid.net

link.[domain] -> sendgrid.net

12006358.[domain] -> sendgrid.net

Technical notes: The first three CNAME records validate the domain and setup DKIM, while the latter two make sure that tracked links in the email appear as if they are hosted on the domain the email is being sent from, increasing the legitimacy of the email in the eyes of the recipient servers. 

 

Add or adjust an SPF rule

To pass authentication, your SPF rule must contain the phrase 'include:_spf.artlogic.net'  

If you do not have an SPF record set up then we highly recommend that you ask your IT specialist or domain host to create an SPF file inside your DNS settings following the advice below.

If you already have SPF rules set up, then you should ensure that Artlogic's mailing systems are authorised under this policy to send mail from your domain.

Please read the following help notes on how to specifically adapt or setup your SPF records. It is crucial that SPF is set up correctly for your domain.

View this guide to setup your SPF settings.

Optional: DMARC Records

DMARC is an email validation system, which uses SPF and DKIM protocols to combat email spoofing. It verifies sender authenticity and protects your sender reputation. DMARC records are implemented in part by setting the correct TXT and CNAME records on your domain. 

If you have no other DMARC records, you can start by creating a version of the simplest DMARC policy. See an example DMARC rule shown below.

v=DMARC1; p=quarantine, rua=mailto:dmarc@gallerydomainname.com

The string rua=mailto:dmarc@gallerydomainname.com tells receiving email servers where to email reports. You may wish to set up an email address for this purpose.

If you are not sure what to include in your DMARC rule, you should ask your domain host to help you set this up for you. Your organisation may choose to enforce a stricter policy, which you can work with your domain host to apply. 

Glossary of Email Authentication Terms

DNS (Domain Name System) A system that translates human-readable domain names (like yourcompany.com) into IP addresses that computers use to identify each other. Think of it as the internet's phone book.

CNAME (Canonical Name) Record A type of DNS record that maps one domain name to another. In email authentication, CNAMEs connect your domain to your email service provider's systems, allowing them to send emails that appear to come directly from you.

SPF (Sender Policy Framework) A security protocol that specifies which mail servers are authorized to send email on behalf of your domain. It's like a guest list that tells receiving email servers, "These servers are allowed to send emails that claim to be from us."

DKIM (DomainKeys Identified Mail) A security standard that adds a digital signature to your emails. This signature verifies that the email content hasn't been tampered with since it was sent and confirms it genuinely came from your domain.

DMARC (Domain-based Message Authentication, Reporting & Conformance) A policy framework that builds upon SPF and DKIM to protect your domain from email spoofing and phishing attacks. DMARC tells receiving servers what to do with emails that fail authentication checks and provides reporting on authentication results.

Verification: Confirming Your Setup

After completing the authentication setup, follow these steps to verify everything is working correctly:

1. Check DNS Propagation (1-48 hours)

  • Use a DNS lookup tool like MXToolbox or DNSChecker
  • Enter your domain name and check for the specific record types (CNAME, TXT for SPF/DMARC)
  • Verify all records match exactly what was provided in the setup instructions

2. Perform a DKIM/SPF Test

  • Send a test email from Artlogic to an email address you control
  • View the email headers (in Gmail: click the three dots menu → "Show original")
  • Look for "DKIM=pass" and "SPF=pass" in the authentication results

3. Check DMARC Compliance

  • Use a DMARC analyzer like DMARC Analyzer or DMARC Inspector
  • Enter your domain and verify your DMARC policy is properly configured
  • After a few days, check the reports sent to your designated email address

Successful setup:

  • All DNS records are visible in lookup tools
  • Test emails show "DKIM=pass" and "SPF=pass" in headers
  • Emails consistently arrive in inbox rather than spam folders
  • Links in emails work correctly and don't trigger security warnings

Related Articles

 

Was this article helpful?
0 out of 0 found this helpful

Related articles