What is domain authentication?

Domain authentication, formerly known as domain whitelabel, shows email providers that PublicInput.com has your permission to send emails on your behalf. To give PublicInput.com permission, you point DNS entries from your DNS provider (like GoDaddy, Rackspace, or Cloudflare) to PublicInput.com. Your recipients will no longer see the “via PublicInput.com” message on your emails.

Even though this is a small change from your recipient's perspective, this change has a huge positive impact on your reputation as a sender and your email deliverability. Email service providers distrust messages that don't have domain authentication set up because they can not be sure that the message comes from you. Explicitly stating that it comes from you increases your reputation with email service providers which makes it much less likely that they will filter your mail and not allow it get to your recipient's inbox, which increases your deliverability. You are also explicitly showing your recipients that this email comes from you, so they are less likely to mark your mail as spam.

Key terminology

DNS

DNS stands for Domain Name System. This is a naming system for domains on the internet. When PublicInput.com refers to your DNS, we are talking about your domain name that you want to send emails from, or that you want to link images from. When we talk about your DNS provider, we are talking about the service that hosts your domain name. For example, GoDaddy, Rackspace, or Cloudflare.

DKIM

DKIM stands for DomainKeys Identified Mail which was designed to help email providers prevent malicious email senders by validating email from specific domains.

As one of the most popular email authentication methodologies, it works by using cryptographic technology that adds a digital signature to your message header. This DKIM signature validates and authorizes your domain name in the eyes of the receiver. The DKIM signature is created using a unique string of characters stored as a public key.

When your email is received, the public key is retrieved through the DNS and decrypted by the receiver to allow them to confidently verify the identity of your domain.

CNAME

The CNAME record creates an alias for subdomain.yourdomain.com and points to PublicInput.com. The CNAME is needed for our click and open tracking features in order for those statistics to be routed back to your PublicInput.com account. This will also be what your messages are signed by, so your recipients will be able to see what you have chosen for your CNAME. You set up the CNAME files that PublicInput.com provides with your DNS host. 

Setting up domain authentication

Before you begin

To set up domain authentication, you must submit the DNS records provided by PublicInput.com to your DNS or hosting provider (for example, GoDaddy, Hover, CloudFlare, etc.). First, figure out who your hosting provider is and if you have access. If you don't have access to your DNS or hosting provider, you should figure out who in your company has this access before you begin setting up domain authentication.

To set up domain authentication:

  1. In the PublicInput.com admin dashboard, select Settings > Email.
  2. Type your desired custom sending domain in the "Add Domain" input. Do not include www or http://www in this field. Your domain needs to match the domain of your FROM address on the emails you are sending out. For example, if I am sending an email from [email protected], I would set my domain authentication domain to be mycity.gov. 
  3. Click "Add Domain"
  4. The domain will appear in the list with the CNAME records to add to your DNS host. This process varies depending on your DNS host. For videos on how to add your CNAME to some popular DNS service providers, check out these videos. If you don't have access to modify your companies DNS records, you can also email the CNAME records to a coworker who has access. They do not need to have PublicInput.com admin access to apply these CNAME changes to your DNS provider. 

A recent change with how GoDaddy handles new DNS record values automatically adds your domain, resulting in a CNAME entry with too much information and a failure when trying to complete domain authentication. An example of this would be em123.yourdomain.com.yourdomain.com.

DigitalOcean has this same behaviour in their Networking - Manage Domain - Create new record section.

Below is an example of the CNAME values under the HOST column as they are displayed and how you will need to enter them into your GoDaddy/DigitalOcean DNS Management:

  • HOST/NAME em123.yourdomain.com . ENTER CNAME RECORD HOST/NAME AS: em123
  • HOST/NAME s1._domainkey.yourdomain.com  ENTER CNAME RECORD HOST/NAME AS: s1._domainkey
  • HOST/NAME s2._domainkey.yourdomain.com  ENTER CNAME RECORD HOST/NAME AS: s2._domainkey

Entries made in the VALUE or POINTS TO field do not need to be changed.

It can take up to 48 hours for the records to verify after you upload them into your DNS host, so you will likely have to come back later to verify.

Verifying your DNS

Once you add the CNAME records to your DNS host, return to the Settings page and click Validate.

If you click validate and the domain comes back with the grey "x" denoting it is awaiting validation, this usually means that you need to wait a bit longer. It's also possible that you entered one of your records in incorrectly.

Next Steps 

Once your domain is validated, you'll see it appear in the email sending interface as an option. You'll also retain the option of using a dedicated PublicInput.com email address from the list of project, event, and topic-specific addresses:

Note: When you send an email with a FROM address whose domain matches the domain set in the domain authentication, PublicInput.com applies that domain to your email. You only need to update your domain authentication if you want to update the domain you are emailing from.

Did this answer your question?