Domain Verification in Salesforce Marketing Cloud

Domain Verification


The Authenticated Domain feature in Marketing Cloud enables you to verify email addresses and domains when sending emails from Salesforce Marketing Cloud.


Hello and welcome to mcChat — the video channel that puts the fun into Salesforce Marketing Cloud and helps you get the most out of the platform!

Now, the Authenticated Domain feature in Marketing Cloud enables you to verify email addresses and domains that you use as your ‘From address’ when sending emails from the platform.

And there are a couple of options when configuring this feature — you can either choose to authenticate an entire domain, or individual email addresses.

The most convenient method is to select the ‘Register Domain’ button in the ‘From Address Management’ section in Marketing Cloud Setup. When you do this, a token will be generated which your domain administrator can add as a TXT record in your domain DNS records. Marketing Cloud then scans for a DNS record that contains the matching token for the domain entered. And when the scan completes, the domain is registered.

Now, there’s a lot of ambiguity on what this feature actually does. Some assume that by completing this step, they can send an email from a verified email address or domain. And that’s true, but you’ll also experience deliverability issues. Let me explain.

You see, when you send an email, the inbound mail server validates that the outgoing server has permission to send the email on behalf of the domain. Simply put, it uses a set of security mechanisms to prevent “bad guys” from sending emails on your behalf. This includes checking your domains published DNS records for an SPF (or Sender Policy Framework) record to validate that the IP address of the server used to send the email has permission to do so. And additionally, most mail servers also check for the presence of a DKIM signature header in the email and compare this against the sender’s public DKIM key in the published DNS records, which is a method to sign your emails in a way that will allow the recipient’s server to check if the sender was really you or not.

Now, back to the Domain Verification feature. As I mentioned earlier, some Marketing Cloud users assume that by verifying a domain is all that's required to send an email, but it’s not. You see, as I explained, several additional DNS records are also required, which are created when a Sender Authentication Package or Private Domain is provisioned on your account. And without these records, you will see that this will directly affect email deliverability.

The Domain Verification feature is really only for compliance purposes — it ensures that you don’t send an email on behalf of a domain that you don’t own.

Well, thanks for watching and don’t forget to subscribe to this video channel to for more tips in working with Salesforce Marketing Cloud.

See you next time!


Schedule a Call

If you would like to discuss how you can get the most out of Salesforce Marketing Cloud, then Eliot would love to chat with you! Please click on the button to schedule a call.