Critical Impact offers sender authentication for your sending domains. Authenticating email from your domain helps protect your brand by reducing the chance that your email is mistaken for spam. It also helps build and maintain a good sender reputation by providing a digital signature that authorizes each email as coming from you.
When you set up sender authentication for your domain, you will need to add unique DNS records to your domain through your hosting provider. This includes a unique DKIM record as well as adding a Critical Impact mechanism to your existing SPF record - all of which will be explained within the authentication instructions. Adding these records allows emails sent from Critical Impact to have a digital signature that authorizes each email as coming from your sending domain instead of from Critical Impact.
If you would like to set up sender authentication for your domain, please follow the instructions below:
Generate Sender Authentication Instructions
- Go to Account -> Sender Authentication
- Note: If you do not see this tool, please reach out to your account manager.
- Click the Add Domain button
- Enter the domain or subdomain you want to authenticate (e.g. abc.com) and click Save
- Select the newly added domain in the grid and click the Authenticate Domain button. This will generate the unique DNS instructions for your domain.
- Click the Email Instructions button to receive a copy of the instructions in email form for you to forward to your IT team.
Complete Sender Authentication For Your Domain
- Once you have added the DNS records, select the domain and click the Authenticate Domain button.
- When you see green check marks next to the Existing Values and Recommended values, click the Begin Authentication button in the top right. (If you see red x marks, it means that the values do not match. Please see notes below.)
- You will receive an email notification confirming that your domain is now successfully authenticated through Critical Impact. The status for the domain in the grid will display Authenticated.
Domain Authorization and Instructions
When you click on the Authenticate Domain button, in the pop-up you will see three sections. The first two sections are tables displaying the Existing DNS Values and the Recommended DNS Values. The third section at the bottom displays the instructions for your convenience. Once the DNS records match the Recommended DNS Values table (both having green check marks), you can click the Begin Authentication button in the top right. If the DNS records are set up correctly, your domain will be authenticated automatically. This can take up to 24 hours.
If for some reason the DNS records do not match yet and you click the Begin Authentication button, you will see the following message:
The sending domain DNS records are not valid. If you have recently made a change, it can take up to 48 hours for the DNS propagation to take effect. If they are set correctly, your domain will be authenticated automatically. This can take up to 24 hours.
Once the status for the domain is Authenticated, no further actions are needed. You will receive an email notification confirming that your domain is now authenticated through Critical Impact.
1. You can only have one SPF record per domain. Do NOT delete your existing SPF record. Instead, add the missing directive to your existing record.
2. Every TXT DKIM record is unique to each domain. Please do not reuse the same DKIM record value for multiple domains.
3. If you have recently made changes to your domain's DNS records and need to reverify your domain to make sure it is still authenticated, you can select the domain from the grid and click Authenticate Domain again to start the authorization process over again.