What is DNS Authentication?

Learn why DNS authentication is paramount when it comes to deliverability and security.

As part of setting up a Custom Sender Domain, you will have to authenticate that you own the domain through your DNS provider.

Email authentication provides verifiable information about the origin of your emails. In order for internet service providers (ISPs) to deliver your email immediately, proper authentication is crucial. Your outreach is considered fraudulent if it lacks authentication.

DNS authentication methods

Sender Policy Framework (SPF)

By using this method, you can verify that the IP address associated with your OneSignal email-sending account is authorized to send mail on your behalf. In the DNS settings, you publish SPF text records that serve as your basic authentication. DNS records will be checked by the receiving server for authenticity. This method is used to validate the sender of an email.

Your SPF record will be set up once OneSignal configures your IPs and domains. No further action is required beyond adding the DNS records we provide to you.

Domain Keys Identified Mail (DKIM)

The DKIM record confirms that your OneSignal email-sending domain is authorized to send mail on your behalf. This is designed to validate the sender’s authenticity and ensure the integrity of the message is preserved.

The DKIM uses an encrypted signature to inform the ISPs that the mail its delivering is the same as the mail that was sent by you. The ISPs will verify the signature against your public key, which is stored in your custom DNS record.

Mail Exchange Records (MX)

These are your receiving records. MX records are recommended for all domains, even if you are only sending messages. Unless you already have MX records for your domain pointing to another email server (e.g. Gmail), you should update the following records for optimal deliverability.

Without these MX records in place, you may see an increase in "Sender Domain Verification" errors, which are errors that the recipient server returns whenever your domain lacks MX records. By configuring your domain with MX records the "Sender Domain Verification" error gets a solution and is prevented from occurring in future cases.

Canonical Name (CNAME)

A Canonical Name or CNAME record is a type of DNS record that maps an alias name to a true or canonical domain name. CNAME records are typically used to map a subdomain such as www or mail to the domain hosting that subdomain's content.

The CNAME record is necessary for tracking opens, clicks, and unsubscribes.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC authentication protocols add an additional layer of security to your domain.
This allows you to dictate how the ISPs should handle mail that has failed your DNS authentication checks.

Failures could suggest that others are trying to forge your domain or your emails. You can tell the ISPs to reject or quarantine the mail as well as inform you of this by sending you information about the false mail.

Learn more about DMARC & Sender Email Address.