Suped

How do I sign DKIM on a sender domain that isn't the primary domain while using Hubspot?

Summary

To sign DKIM on a sender domain that isn't the primary domain while using HubSpot, you need to own the domain or have permission from the owner. First, set up the non-primary domain as an email sending domain within HubSpot by navigating to Settings > Domains & URLs > Connect a domain > Email Sending. HubSpot will then provide DKIM and SPF records. These records need to be added as TXT records to the DNS settings of the subdomain or sending domain at your domain host. This process verifies your ownership and authorizes HubSpot to send emails on behalf of that domain. For subdomains, you might need to delegate signing authority by creating a DKIM record on the subdomain itself. DKIM works by generating a public/private key pair; the private key is used to sign outgoing messages, while the public key is published in the DNS records. Receiving servers use the public key to verify the signature, confirming the email's authenticity, improving deliverability rates, and proving to ISPs that messages are legitimate.

Key findings

  • Domain Ownership/Permission: You must own the sender domain or have explicit permission to use it for DKIM signing.
  • HubSpot Configuration: Set up the non-primary domain as an email sending domain in HubSpot’s settings.
  • DNS Record Addition: Add DKIM and SPF records (provided by HubSpot) as TXT records to the DNS settings of the sender domain or subdomain.
  • Subdomain Delegation: For subdomains, delegation of signing authority may be required via a DKIM record.
  • DKIM Key Pair: DKIM utilizes a public/private key pair to sign outgoing emails and verify their authenticity.
  • Enhanced Deliverability: Proper DKIM setup enhances email deliverability and sender reputation.

Key considerations

  • DNS Access: Ensure you have access to modify DNS records for the sender domain.
  • HubSpot Specific Instructions: Follow HubSpot's specific instructions and guidelines for connecting email sending domains.
  • Record Propagation Time: DNS record changes may take some time to propagate, so allow sufficient time for verification.
  • Key Management: Securely manage the private DKIM key, as it's crucial for signing outgoing messages.
  • Accurate Record Entry: Ensure accurate entry of DKIM and SPF records to avoid authentication issues.

What email marketers say

8 marketer opinions

To sign DKIM on a sender domain that isn't the primary domain while using HubSpot, the general process involves setting up the non-primary domain as an email sending domain within HubSpot. This requires accessing HubSpot's settings, connecting the domain, and selecting 'Email Sending'. HubSpot then provides DKIM and SPF records, which must be added as TXT records to the DNS settings of the subdomain at your domain host. This process verifies ownership and authorizes HubSpot to send emails on behalf of the non-primary domain. Correct DKIM configuration is crucial for improving email deliverability by authenticating emails and proving to ISPs that the messages are legitimate.

Key opinions

  • HubSpot Setup: Set up the sender domain (non-primary) as an email sending domain within HubSpot.
  • DNS Records: Add the DKIM and SPF records provided by HubSpot as TXT records to the DNS settings of the sender domain.
  • Authentication: This process authenticates emails sent from the sender domain via HubSpot.
  • Domain Verification: Adding DNS records also verifies ownership of the sending domain.
  • Domain Authentication: Authenticating your emails with DKIM assists in better deliverability rates.

Key considerations

  • Access to DNS: You need access to the DNS settings of your domain to add the required records.
  • Record Propagation: DNS record changes can take up to 24-48 hours to propagate, so verification might not be immediate.
  • HubSpot Instructions: Always follow HubSpot's specific instructions for setting up email sending domains to ensure correct configuration.
  • TXT Records: When connecting a subdomain, append *_domainkey to the subdomain.

Marketer view

Email marketer from SendGrid shares the steps to configure DKIM. This generally involves generating a DKIM record in SendGrid, then adding that record as a TXT record to your DNS settings. They also provide instructions on how to verify DKIM is set up correctly.

26 Oct 2023 - SendGrid

Marketer view

Email marketer from EmailOctopus explains that configuring DKIM involves adding a TXT record to your DNS settings with the specific DKIM information provided by EmailOctopus. Once added, you can usually verify the DKIM setup in the EmailOctopus platform. The record confirms your authorization for EmailOctopus to send on your behalf.

14 Apr 2022 - EmailOctopus

What the experts say

3 expert opinions

To sign DKIM on a sender domain that isn't the primary domain, you must own the domain or have the domain owner's permission. For subdomains, you need to delegate signing authority by creating a DKIM record on the subdomain, pointing to the signing domain. This involves generating a DKIM key pair; the private key signs outgoing messages, and the public key is published as a TXT record in the DNS of your sending domain or subdomain, allowing mail servers to verify the signature.

Key opinions

  • Ownership/Permission: You must own the sender domain or have permission from the owner to DKIM sign.
  • Subdomain Delegation: For subdomains, delegate signing authority by creating a DKIM record on the subdomain.
  • Key Pair Generation: DKIM involves generating a public/private key pair.
  • DNS Publication: Publish the public key as a TXT record in the DNS settings of the sender domain or subdomain.
  • Signature Verification: Mail servers use the public key in the DNS to verify the signature of outgoing emails.

Key considerations

  • Domain Control: Ensure you have control over the DNS settings of the sender domain or subdomain.
  • Key Security: Keep the private key secure as it's used to sign outgoing messages.
  • Record Accuracy: Ensure the DKIM record is accurately entered in the DNS settings to avoid verification failures.

Expert view

Expert from Spam Resource, Laura Atkins, explains that for subdomains, you'll need to delegate signing authority by creating a DKIM record on the subdomain itself, pointing to the signing domain. This allows the subdomain to use DKIM even though it's not the primary domain.

1 Jul 2022 - Spam Resource

Expert view

Expert from Email Geeks explains that you can only DKIM sign with domains you own or with the permission of the domain owner.

6 Mar 2023 - Email Geeks

What the documentation says

3 technical articles

To sign DKIM on a non-primary sender domain using HubSpot, follow HubSpot's domain connection process: navigate to Settings > Domains & URLs > Connect a domain > Email Sending. You'll need to update DNS records with values HubSpot provides. DKIM involves generating a private/public key pair. The private key signs the email, while the public key is published in the domain's DNS records as a TXT record. Receiving servers use the public key to verify the signature, confirming the email's authenticity and domain authorization.

Key findings

  • HubSpot Connection: Use HubSpot's domain connection feature to add the non-primary sender domain.
  • DNS Update: Update DNS records with the specific values provided by HubSpot.
  • Key Pair: DKIM relies on a private/public key pair for signing and verification.
  • Public Key in DNS: Publish the public key as a TXT record in the domain's DNS settings.
  • Verification Process: Receiving servers use the public key to verify the DKIM signature.

Key considerations

  • HubSpot Specific Steps: Carefully follow HubSpot's instructions for connecting domains to ensure correct setup.
  • Accurate DNS Records: Ensure DNS records are accurately added to avoid verification failures.
  • Key Management: Properly manage and secure the private key.

Technical article

Documentation from EasyDMARC highlights that DKIM signing involves generating a private/public key pair. The private key is used to sign the email, and the public key is published in the domain's DNS records. The receiving server uses this public key to verify the signature, confirming the email's authenticity.

5 Oct 2023 - EasyDMARC

Technical article

Documentation from HubSpot explains how to connect your email sending domain in HubSpot. It involves navigating to Settings > Domains & URLs, selecting 'Connect a domain,' and choosing 'Email Sending.' The documentation details the steps for verifying the domain by updating DNS records with the values provided by HubSpot.

29 Jun 2023 - HubSpot

Start improving your email deliverability today

Sign up