Skip to main content
Login to Brevo app

[New] Authenticate your domain to improve the deliverability of your emails (DKIM and Brevo code)

This article is relevant for users who created a Brevo account after June 29th, 2023, and for users who have switched to the new domain authentication method. If you are still using the old domain authentication method, check our dedicated articles Authenticate your domain to improve the deliverability of your emails (DKIM) and Verify your domain to approve new senders automatically.

Authenticating your domain to send emails is crucial for ensuring the deliverability of your emails and maintaining a reputable online presence. By establishing your domain's credibility and protecting against spoofing and phishing attempts, email authentication enhances the chances of your emails reaching recipients' inboxes instead of being flagged as spam.

Good to know

  • If you're unfamiliar with email deliverability, we recommend you first check our dedicated articles What is email deliverability? and Best practices for email deliverability.
  • The default DKIM key generated when adding your domain is a standard 1024-bit DKIM key. If you want to use a 2048-bit DKIM key to enhance your email security, ask our support team to activate it for your account. Your 2048-bit DKIM key will then appear in your generated DNS records for email authentication with a Hostname starting with sib2k:
    sib2k_2048bit.jpg

Why should I authenticate my domain?

Domain authentication is a process used to verify that an email is sent from the sender they claim to be. This is important in blocking harmful content, such as phishing scams. Emails that fail authentication are more likely to be filtered to the spam or junk folder.

🔒 Secure the online reputation of your domain

Authenticating your domain is crucial to protecting your brand and online reputation from spoofing attacks. Spoofing occurs when someone fakes the identity of a sender to send malicious emails.

For instance, if a phisher starts using your domain name to send malicious content, your reputation could be severely damaged. To prevent this, it's essential to ensure that your domain is correctly authenticated and prevent unauthorized use of your domain name.

🤝 Improve trust with ISPs and webmail services

Increasing email security will automatically improve trust with ISPs (Internet Service Providers) and webmail services, which can result in higher delivery and better inbox placement rates. When the identity of the sender cannot be authenticated, the email appears less reliable. As a result, mailbox providers may reject the email or subject it to additional filters to determine whether it should be delivered to the inbox or not. Without domain authentication, the chances of being delivered to the spam folder or being blocked by mailbox providers are much higher.

✍️ Sign your emails with your domain name

By default, all emails sent through Brevo are digitally signed with their domain name. However, if you want to add a personal touch to your emails and show that they come from your own business or website, you can authenticate your domain and use it for your email signature.

email_signature.jpg

What DNS records do I need to authenticate my domain?

DKIM Brevo code

When an email is sent, the recipient's server runs checks to verify if the message is legitimate and sent by an authorized sender. These checks require implementation of the DKIM protocol on the sender's domain.

The DKIM protocol, short for DomainKeys Identified Mail, is a cryptographic protocol that uses public keys published in your DNS. This protocol enables you to sign your emails with your domain name, similar to signing a letter with your signature. As a result, the recipient can be certain that the email they received was written by you and hasn't been modified during the transmission. This protocol is particularly effective against "man in the middle" attacks.

⚙️ Step 1: Generate the DNS records

To authenticate your domain, you first need to generate the necessary DNS records (DKIM and Brevo code) on Brevo. Based on whether or not you have already added your domain to Brevo, the procedure will be slightly different.

If you haven't added your domain yet If you have already added your domain
  1. Click the account dropdown > Senders & IP > Domains.
  2. Click Add domain
  3. Enter the domain name you wish to use for your email signatures.
  4. Select your domain provider from the dropdown menu. If you're unsure who your domain provider is, check our article Identify your domain host or select Other.
    add_domain.jpg
  5. Click Save this email domain

The necessary DNS records (DKIM and Brevo code) that need to be added to your domain host will be displayed.

🚀 Step 2: Add the DNS record to your domain host

To authenticate your domain, you need to add the DNS records you generated to your domain host. Based on the domain host you are using, the procedure will be slightly different. If you're unsure who your domain provider is, check our article Identify your domain host or select the Other tab.

Google Domains GoDaddy OVH Amen Gandi IONOS Other
❗️ Important
Google Domains doesn't allow adding a record with the same type and name twice. If you have to add an extra record with the same type and name as another, add it below the first one by clicking + Add more to this record and pasting the data in the new field.
  1. Open a new tab in your navigator and access your Google Domains account.
  2. Select the domain or subdomain that you want to configure.
  3. In the sidebar menu, select DNS.
  4. Go to the Default name servers tab.
  5. Optional: If you have used custom name servers before, click Switch to these settings.
  6. Click Manage custom records.
  7. Click Create new record.
  8. Add the Brevo code:
    1. Create a DNS entry of TXT type.
    2. From Brevo, copy the value from the Hostname field and paste it into the Host name field of Google Domains.
    3. From Brevo, copy the value from the Data field and paste it into the Data field of Google Domains.
      google_domains_brevo_code.jpg
    4. Leave the TTL field as is.
    5. Click Save.
  9. Add the DKIM record:
    1. Create a DNS entry of TXT type. 
    2. From Brevo, copy the value from the Hostname field and paste it into the Host name field of Google Domains.
    3. From Brevo, copy the Data field and paste it into the Data field of Google Domains.
      google_domains_dkim.png
    4. Leave the TTL field as is.
    5. Click Save.
  10. Go back to Brevo and click Authenticate this email domain. 
  11. Once the configuration is complete, a green checkmark will appear next to the Brevo code and DKIM record.
    ❗️ Important
    It can take up to 48 hours for DNS changes to propagate fully.

Your domain has been authenticated, and your emails will now be signed with your domain name in the recipients' mailbox! 🚀

❗️ Important

To ensure that your emails are correctly sent, keep these two DNS records in your domain host as long as you continue to send emails with Brevo. Failing to do so could result in email delivery issues or even cause your emails to be marked as spam.

🧐 How to verify if my emails have been signed?

Verifying if your emails have been signed is easy. Webmails allow you to check if your email has been signed using the DKIM protocol by reviewing the email header and looking for the reference dkim=pass. To learn how to find email headers, check our dedicated article How do I find email headers?.

email_header.jpg

In the above example from a Gmail email header, the reference "dkim=pass" certifies that the email is signed with the domain thegreenyoga.com. Signing your emails with your own domain name can help manage your reputation, whether on our shared IP or your dedicated IP.

🤔 Have a question?

If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.

💬 Was this article helpful?

75 out of 107 found this helpful