How do I validate my domain for email sending?

One of the key services that we provide is to send out emails containing your orders and quotes, both to your back-office but also to your customers. These emails go through a myriad of different networks and email servers before they reach their recipients. One of our goals is to improve the deliverability of these emails. This means preventing the emails from being flagged as spam and ensuring that the emails reach the recipient’s Inbox. In furtherance of this goal, we have implemented DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC) for all our outgoing emails. Here is a link to some technical information about the topic: About DKIM and DMARC.

What does this mean for you? It means that your From: email address (called ‘Sender Email Address’ in Onsight) will have to be a validated domain.

If you do not validate your domain then your From: address for all your outgoing emails will be: ‘Company Name’ <[email protected]>.

If you would like to replace [email protected] with an email address on your own domain ([email protected]), please contact [email protected] and we will send you the process for how to validate your domain.

How does the domain validation work?

You will be required to create some DNS records on your domain. This is an example of how the required DNS records will look.

DNS records

Is there really an underscore in the subdomain name? It seems strange.

Yes, there is an underscore in the subdomain name.

More details:

Underscores are allowed in DNS entries for subdomains

DKIM requires a subdomain named _domainkey

Can I just copy and paste the required DNS records?

Some DNS hosts provide easy-to-use web interfaces for managing DNS records. For these copying-and-pasting is sufficient.

Other DNS hosts have complicated interfaces with specific configuration requirements. In that case you will need to follow the specific configuration requirements to ensure that the DNS records are created correctly.

I copied and pasted the DNS records into BIND but the records do not work

BIND has specific requirements for how you specify DNS records.

Let’s say you want to create a CNAME record:

s1._domainkey.domain.com

that points to

s1._domainkey.u2134534840.wl0345391.sendgrid.net

If you created this record in BIND, it would be incorrect:

s1._domainkey.domain.com IN CNAME s1._domainkey.u2134534840.wl0345391.sendgrid.net

There are 2 mistakes here.

The part on the left should be

s1._domainkey.domain.com.
(note the full stop)

or it can be:

s1._domainkey
(note the absence of a full stop)

Either of those will work.

The second mistake is on the right hand side.

s1._domainkey.u2134534840.wl0345391.sendgrid.net

is missing a full stop at the end.

The correct record would be:

s1._domainkey IN CNAME s1._domainkey.u2134534840.wl0345391.sendgrid.net.

These full stops and convoluted requirements are specific to BIND.

How do I test that the DNS records exist?

You can use the NSLOOKUP command to check that the DNS records have been created correctly.

This is what it will look like when the record has NOT been set up correctly:


~ $ nslookup em9836.domain.com
Server: 192.168.1.1
Address: 192.168.1.1#53

** server can't find em9836.domain.com: NXDOMAIN

This is what it will look like when the record has been set up correctly:


~ $ nslookup em1966.domain.co.za
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
em1966.domain.co.za canonical name = u2143543540.w34534.sendgrid.net.