In this article, we will explain how to authenticate your domain to improve the deliverability of your emails using a standard email signature protocol: DKIM.
This protocol meets various safety issues and should be implemented to ensure the best possible deliverability, both on shared and dedicated IPs.
Before you start
- If you're unfamiliar with domain authentication, check out our dedicated article About domain authentication (DKIM).
- To help you authenticate your domain more easily, we created dedicated articles for some of the most popular domain hosts:
- You can verify and authenticate your domain simultaneously with DNS records. Verify your domain using DNS records, a hosted file, or an email verification code. To learn more, check our dedicated article Verify your domain to approve new senders automatically.
- The DKIM key generated when adding your domain is a standard 1024-bit DKIM key. If you want to use a 2048-bit DKIM key to enhance your email security, ask our support team to activate it for your account. Your 2048-bit DKIM key will appear in your generated DNS records for email authentication with a Hostname starting with sib2k:
👆Step 1: Access the Domains page
To access the Domains page:
- In Brevo, click on your name at the top-right side of the screen.
- Select Senders & IP.
- Click Domains.
⚙️ Step 2: Generate the DNS records
To generate the DNS records that you will use to authenticate your domain:
- Click Add a domain.
- Enter the domain name you wish to use to sign your emails and click Save. In our example, we are using the domain domain.com.
The DNS records (Brevo code and DKIM) that need to be added to your domain host display.
Under the domain name that you want to use, you will either need to click:
- Authenticate, if you already verified your domain, or
- Verify, if you haven't verified your domain yet.
The DNS record (DKIM) that needs to be added to your domain host display.
🚀 Step 3: Add the DNS record to your domain host
- Open a new tab in your navigator and access your domain hosting platform.
- If you haven't verified your domain before, follow Step 2 from our dedicated article Verify your domain. We highly recommend using DNS records to verify your domain as it allows you to verify and authenticate it simultaneously.
- Create a DNS entry of TXT type for your DKIM record.
From Brevo, copy the Hostname field generated for the DKIM record and paste it into the corresponding field of your domain host.
❗️ ImportantMost domain hosts automatically populate the hostname section with your domain name. When copying the Hostname field from Brevo, only copy the selector (circled in yellow) before your domain name and paste it into the Value field:
If only the domain name is required, enter @ or leave the field blank.
- From Brevo, copy the Value field generated for the DKIM record and paste it into the corresponding field of your domain host.
Click Verify & Authenticate or Authenticate.
❗️ ImportantIt may take up to 24-48 hours for DNS changes to propagate fully.
- Once the configuration is complete, a green check appears next to the Value field for the DKIM record.
Your domain has been authenticated, and your emails will now be signed with your own domain name in your recipients' mailbox! 🚀⬇️
🧐 How to verify if my emails have been signed?
You can easily verify if your emails have been signed. Webmails allow you to see if your email has been signed through the DKIM protocol by reviewing the email header and looking for the reference "dkim=pass".
To learn how to find email headers, check out our dedicated article How do I find email headers?.
In the above example from a Gmail email header, the reference "dkim=pass" certifies that the email is signed with the domain "newsletter-monsite.com". Signing your emails with your own domain name helps you manage your own reputation, either on our shared IP or your dedicated IP.
🤔 Have a question?
If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.