DNS - Email Domain Authentication
Domain authentication is the process of verifying that an email truly comes from the domain it claims to represent and must be configured in order to send email from Engaging Networks. When emails are sent from Engaging Networks, the DNS records SPF, DKIM and DMARC tell a recipient mail servers that Engaging Networks has permission to send email on behalf of that domain. Setting up domain authentication improves email deliverability, helps protects brands from spoofing and phishing, and builds trust with recipient mail servers.
DNS updates should be handled by someone with administrative access to your domain’s DNS settings. Typically that is an IT team, system administrator, or web hosting manager.
Finding DNS instructions in Engaging Networks
Sending domains are the domains in the email addresses used for broadcast emails or thank you emails. For example, the sending domain for the email address info@mycharity.org is mycharity.org.
To find the DNS information needed to authenticate sending domains to send email from Engaging Networks, go to Marketing Tools > Domain authentication. This will list any sending domains configured in your account (email addresses added under Hello > Account Settings > Account Emails > Broadcast email sender or Sender for thank you email types).
Clicking 
will provide DNS instructions and validate three types of DNS records: SPF, DKIM and Return Path Alignment (DMARC). Instructions for adding these records to your DNS can vary by hosting or DNS provider, but the basic steps are below using an example domain of mycharity.org.
Log In to Your DNS Hosting Provider
Go to your domain’s DNS or “DNS Management” section.
Look for a page labeled something like DNS Settings, Zone Editor, or Advanced DNS.
Add or Update the SPF Record (Sender Policy Framework)
SPF can have multiple entries if your organization is using other services to send email from the same domain. For that reason you might need to update an existing SPF record with the Engaging Networks rule rather than creating a new SPF record.
Add or update the TXT record for mycharity.org to include
include:_spf.e-activist.com. The whole record might look like this:
v=spf1 include:_spf.e-activist.com ~allOr like this if there are multiple entries:
v=spf1 mx ip4:66.11.156.248/29 ip4:66.11.152.144/29 include:_spf.e-activist.com ~allSave the record
Add DKIM (DomainKeys Identified Mail)
Create the two CNAME records for Custom Domain Authentication:
enkey1._domainkey.mycharity.org value masterkey1.e-activist.com.
enkey2._domainkey.mycharity.org value masterkey2.e-activist.com.Save the record
Return Path Alignment /DMARC (Domain-based Message Authentication)
Create the following CNAME to align return path processing
Save record
Allow DNS to propagate and validate
It can take up to 24 hours for DNS entries to update across the entire internet
After propagation, validate the domain again in Engaging Networks to ensure all the records are configured correctly
Check the ‘I wish to enable DKIM for mycharity.org' option in Engaging Networks
Check the ‘I wish to enable return path for mycharity.org' option in Engaging Networks
The checkboxes alert Engaging Networks that the records are in place for final verification
Viewing the results
After adding the records to your DNS, you can select validate again. If the records are correctly configured, the result will show a green tick. If the records are incorrectly configured or not yet in place, the results will show a red X or alert sign.
In the example below, three green ticks means the domain is fully authenticated.
In the example below, the red X means the domain is not authenticated.
Other resources
Engaging Networks will show if records are in place and configured correctly. It does not show if there are other issues with the record (for example, too many SPF rules). For that, a third-party tools such as or https://www.kitterman.com/spf/validate.html or https://mxtoolbox.com/ can be used.