Can I use my website domain for sending emails if my company emails are on a different domain?

Yes, it is common to use your main website domain (e.g., yourbrand.com) as your email sending domain, even if your internal company emails use a different domain (e.g., yourcompanymail.com). The key is to ensure all email authentication records (SPF, DKIM, DMARC) and mail-receiving capabilities are set up for the website domain you intend to send from. Mailbox providers verify the domain in the 'From:' address.

Do I need a mailbox on my website domain to complete email authentication?

Domain verification typically requires proving ownership of the domain by receiving and clicking a link in an email sent to an address on that domain. If your sending domain (your website domain) does not have an active mailbox, you will need to set one up, even if it's just for verification purposes or configured for mail forwarding. This allows your ESP to confirm you control the domain.

What specific DNS records are required for domain authentication?

Your email service provider will give you specific DNS records (typically CNAME records for DKIM, and sometimes TXT records for SPF and DMARC). You need to add these records to your domain's DNS settings at your domain registrar or DNS hosting provider. These records tell receiving mail servers that your ESP is authorized to send emails on behalf of your domain.

What's the main difference when authenticating with separate email and website domains?

The major difference lies in which domain's DNS settings you're modifying. When your email and website domains are different, you must ensure that the DNS changes for email authentication are applied to the domain you are using in the 'From:' address of your emails. The website's domain, even if different, needs to be able to receive mail for verification purposes if it's the chosen sending domain.

How do I setup domain authentication with different email and website domains? - Technical - Email deliverability - Knowledge base

It is a common scenario for businesses to have a primary website domain (e.g., yourbrand.com) but use a different domain for internal email communication (e.g., yourcompanymail.com). When it comes to setting up email authentication for marketing or transactional emails, this distinction can lead to confusion. The key often lies in understanding which domain needs to be authenticated and how to achieve it, especially when your email service provider (ESP) requires specific verification steps.

Your website domain is what your customers see and associate with your brand. Naturally, you would want your emails to come from that same recognizable domain for consistency and trust. However, email authentication (SPF, DKIM, DMARC) primarily concerns the domain found in the email's From: address, known as the RFC 5322.From domain. This means that if you intend to send emails from marketing@yourbrand.com, the yourbrand.com domain is what needs to be correctly authenticated, regardless of where your company's daily email accounts are hosted.

Suped DMARC monitoring

Free forever, no credit card required

Learn more

Trusted by teams securing millions of inboxes

Understanding email authentication

Email authentication refers to a set of technical standards designed to verify that an email is legitimate and comes from the domain it claims to be from. The primary authentication protocols are Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC).

When your email service provider asks you to set up domain authentication, they are typically referring to publishing specific DNS records, like TXT or CNAME records, in your domain's DNS zone file. These records allow receiving mail servers to verify the authenticity of your emails. For example, Mailchimp's custom authentication process involves CNAME records for DKIM.

It is important to understand that your ESP may also require domain verification in addition to authentication. Verification usually involves sending an email to an address on the domain you want to verify, and you must click a link in that email to prove ownership. This means the domain you want to send from (your RFC 5322.From domain) must be able to receive mail, even if it is not your primary internal email domain. For a deeper dive, read more about setting up and troubleshooting SPF, DKIM, and DMARC.

The critical role of the 'From' domain

The single most important factor for email deliverability and authentication is the domain used in the From: header of your email. This is the domain that email clients display to recipients and that mailbox providers check for authentication against your SPF, DKIM, and DMARC records.

If you send an email with a From: address that belongs to your website domain (e.g., noshsimple.com), then all the authentication records (SPF, DKIM, DMARC) must be set up for noshsimple.com. It does not matter that your internal corporate emails use noshpass.com. The rules for email delivery, particularly with major providers like SendGrid, are very strict about this alignment. Failing to authenticate the domain in the From: address can lead to your emails being rejected, sent to spam, or placed on a blacklist (or blocklist).

The importance of the RFC 5322.From domain is clearly articulated in email standards. For more details on this, refer to our article on what RFC 5322 says versus what actually works. If your domain ends up on an email blocklist (or blacklist) due to authentication issues, it can severely impact your ability to reach recipients, so it's a critical step in your email strategy.

Setting up DNS records for your sending domain

To correctly set up authentication, you must first determine the specific domain you want to appear in the From: address of your marketing or transactional emails. This will typically be your main brand or website domain, even if it is not currently used for day-to-day internal email. Once identified, you need to access your domain's DNS provider settings, which is where you manage your domain's records.

Your ESP will provide you with a set of DNS records, often CNAME records for DKIM, and possibly TXT records for SPF and DMARC. These records must be added to the DNS settings of your chosen sending domain. For example, a DKIM CNAME record might look like this:

Example DKIM CNAME recorddns

Host/Name: k1._domainkey.yourbrand.com
Type: CNAME
Value: custom.dkim.domain.esp.com

A crucial step often overlooked is ensuring that your chosen sending domain is capable of receiving email. Many ESPs require sending a verification email to an address on that specific domain. For instance, if you want to send from info@yourbrand.com, you must either have an active mailbox at that address or set up mail forwarding to an existing email account. Without this, you cannot complete the verification process, which is a prerequisite for authenticating your domain.

Consider using subdomains for different types of email sending. For example, marketing.yourbrand.com for marketing emails and transactional.yourbrand.com for alerts. This strategy helps isolate your sending reputation. If one subdomain faces deliverability issues or gets on a blacklist (or blocklist), it is less likely to affect the other. Learn more about setting up email subdomains and their required DNS records.

Aligning website and email domains for branding

While your business's day-to-day email might be hosted on a separate domain, using your website domain for marketing and transactional emails is highly recommended for brand consistency and recipient trust. When recipients see emails from the same domain they visit for your website, it builds confidence and reduces the likelihood of emails being marked as spam or phishing attempts.

To achieve this, you will need to configure your website domain to handle email, even if only minimally for verification and DMARC reporting purposes. This involves adding MX (Mail Exchange) records to point to a mail server that can receive mail for your website domain. You don't necessarily need to move all your corporate email to this domain, but it must be able to receive mail for the specific addresses your ESP uses for verification and for DMARC reports.

Implementing a DMARC policy with proper reporting is crucial, as it allows you to monitor how your emails are performing across different mailbox providers and ensures that both your SPF and DKIM records are correctly aligned with your From: domain. Our guide on setting up DMARC records and reporting provides comprehensive steps.

Properly setting up DKIM, particularly ensuring the 'd=' tag in your DKIM signature matches the domain in your From: header, is a cornerstone of modern email deliverability requirements. This alignment is critical for passing DMARC checks, which increasingly dictate inbox placement. For more information, explore how to use DKIM to sign emails.

Brand reputation

Consistent branding: Sending from your primary website domain reinforces your brand identity and builds trust with recipients.
Reduced phishing risk: Using an unauthenticated or mismatched domain can make your emails appear suspicious, increasing the chance of being flagged as phishing attempts.

Views from the trenches

Best practices

Always align your email authentication records (SPF, DKIM, DMARC) with the domain used in your 'From:' address, not necessarily your website's main domain.

Set up a functional mailbox (or at least mail forwarding) on your sending domain to complete ESP verification steps and receive DMARC reports.

Utilize subdomains for different types of email sending (e.g., marketing.yourdomain.com, transactional.yourdomain.com) to compartmentalize sending reputation.

Common pitfalls

Attempting to authenticate your website domain without ensuring it can receive mail for verification purposes.

Confusing the website domain with the email sending domain when configuring DNS records for SPF and DKIM.

Ignoring DMARC reporting, which provides crucial insights into authentication status and potential abuse.

Expert tips

It is crucial to differentiate between domain verification and DKIM authentication when setting up new email sending services.

For Google and Yahoo's new requirements, the DKIM 'd=' tag must match the 'From:' address domain to ensure deliverability.

Setting up a functional mailbox on your sending domain is vital for handling replies and general inbound mail traffic, which directly impacts deliverability and trust.

Marketer view

A marketer from Email Geeks says: My usual setup involves matching email and website domains, so this situation where they differ for authentication has been a new challenge.

2023-10-16 - Email Geeks

Expert view

An expert from Email Geeks says: It's crucial to distinguish between domain verification and DKIM authentication when setting up new email sending services.

2023-10-16 - Email Geeks

Summary and final thoughts

Setting up domain authentication with different email and website domains is straightforward once you understand the core principle: email authentication always revolves around the domain you use in your email's From: address. This means your website domain can absolutely be your email sending domain, but it must be properly configured to receive mail and host the necessary authentication records (SPF, DKIM, DMARC).

By correctly implementing these authentication protocols, you ensure your emails are recognized as legitimate, leading to better inbox placement, enhanced brand reputation, and reduced risk of being placed on a blacklist (or blocklist). Prioritizing this setup is a fundamental step toward achieving strong email deliverability.