Overview
Domain authentication is critical to ensuring email deliverability. If you don't properly configure domain name system (DNS) records, your emails are at risk of being labeled as spam because providers recognize you as unauthenticated.
After you link your mailbox to Apollo, follow the instructions in this guide to set up DNS records for the mailbox domain to ensure your messages land in inboxes.
Want Apollo to do the heavy lifting? You can generate a domain and mailbox directly on Apollo, and Apollo handles the domain setup and authentication for you — no IT team required! Assign mailboxes and branded email addresses to your team in minutes. Get started.
Check out the following sections to verify and fix domain authentication issues.
Diagnose and Resolve Domain Authentication
First, let Apollo check your domain to determine if any of your DNS records are missing or invalid.
To diagnose domain authentication:
- Launch Apollo and navigate to Sequences > Diagnostics.
- Under Domain setup, Apollo shows the status of the domain's SPF, DKIM, and DMARC records:
- Good means the domain record is properly configured.
- Fix indicates a problem with the DNS record.
Don't see a domain diagnosis? Click ⟳ to restart diagnostics.
Think of a sender policy framework (SPF) record like a trusted mailman who is tasked with delivering your messages.
SPF records are specially formatted DNS records that declare to receiving mail servers which servers you've authorized to send mail on behalf of your domain. Receiving mail servers use the information in your SPF record to decide how to treat incoming mail. They also help prevent email spoofing and phishing attacks, where someone pretends to be from your organization.
Many mailbox providers (MBPs) reject or mark as spam any email messages from domains that don't publish SPF records. This means that if you don't have valid SPF records for your domains, there's a strong chance your emails won't land in your recipients' inboxes.
Think of domain-keys identified mail (DKIM) like an invisible thumbprint on your messages that only mailbox providers can check. If someone tries to forge a message from you, DKIM helps mailbox providers identify that it's a fake.
DKIM is an authentication method that uses cryptography to add an encrypted digital signature to your organization's outgoing emails. Your mail server uses a private key to encrypt the email data. Then receiving email servers retrieve the corresponding public key from your domain's DNS records to decrypt it. This verifies that your email is genuinely sent from your domain and hasn't been altered on its way to the recipient.
Many mailbox providers have either already implemented a “no auth, no entry” policy or indicated plans to do so in the future. This means if you don't have a valid DKIM, there's a strong chance your emails will never reach your recipients' inboxes.
Think of domain-based message authentication, reporting, and conformance (DMARC) like a rule enforcer who determines how inboxes should handle your messages when DKIM and SPF aren't conclusive.
DMARC records specify what email providers should do if DKIM or SPF checks fail. DMARC also allows you to report on emails to ensure they aren't being spoofed.
- Click Fix to resolve a DNS error.
- Based on your domain provider, Apollo offers the option to open and automatically correct the record directly on your domain provider, or suggests a manual fix that you can implement by copying the updated DNS record and entering it in your domain provider's DNS settings.
- For automatic fixes, click Authorize to allow Apollo to automatically update your DNS records.
- Alternatively, click Go to manual setup to manually correct DNS errors. Copy the relevant records, then add them to your domain provider's DNS settings.
If there's an error with your SPF, follow Apollo's guidance to correct it by manually copying the relevant records and adding them to your domain provider DNS settings.
If no SPF record is found, you need to add an SPF record to resolve the issue:
- Google Workspace:
- Before You Set Up SPF
- Identify all your email senders
- Determine your SPF record
- Add your SPF record to your domain
- Microsoft 365:
If you're using a provider other than Google or Microsoft, SPF setup instructions depend on your domain or email provider. Reach out to your provider, IT team, or domain administrator for help.
If you're the IT or domain administrator for your organization, verify that you have the correct list of IP addresses. Email servers could mark your emails as spam if you misconfigure your SPF record.
Did you know? DKIM can be verified using either of these elements:
- Your organization's domain name, like
apollo.io. A DKIM selector, which is the text added with the domain to create a unique DNS record used during DKIM. This allows different systems, date ranges, or third-party services to create different signatures.
Reach out to your IT department, domain administrator, or domain provider if you need help identifying these elements.
If your DKIM has errors, follow Apollo's guidance to correct it by manually copying the relevant records and adding them to your domain provider DNS settings.
If the DKIM isn't present, you need to add a DKIM record to resolve the issue:
- Google Workspace:
- Check if DKIM is already set up
- Generate a DKIM key pair
- Add the DKIM key to your domain
- Turn on and verify DKIM
- Microsoft 365:
If you use a provider other than Google or Microsoft, DKIM setup instructions depend on your domain or email provider. Reach out to your IT team, domain administrator, or provider for help.
If you're the domain administrator, be careful when you configure DKIM. Incorrect configurations can lead to your mail being undeliverable.
If you use Google Workspace for your domain, Google creates a DKIM key for you and adds it in your DNS records once you've created your site. Follow Google Support's instructions in Turn on DKIM for Your Domain to configure your domain for DKIM.
If your DMARC has errors, follow Apollo's guidance to correct it by manually copying the relevant records and adding them to your domain provider DNS settings.
If the DMARC isn't present, you need to add a DMARC record to resolve the issue:
- Google Workspace:
- Before you begin
- Set up a group or mailbox for reports
- Authenticate third-party email
- Determine your DMARC record
- Add your DMARC record to your domain
- Microsoft 365:
If you use a provider other than Google or Microsoft, DMARC setup instructions depend on your domain or email provider. Reach out to your IT team, domain administrator, or provider for help.
You have now diagnosed and resolved domain authentication issues.
Next Steps
With your domain authenticated, follow these next steps to set yourself up for success:
| Use Email Warmup | Use email warmup or inbox ramp up to help build a positive sender reputation and signal to mailbox providers that your emails are safe and trustworthy. Email warmup is best for brand new domains and mailboxes. Inbox ramp up is best for existing mailboxes and domains with prior sending history. |
|---|---|
| Configure Email Sending Limits | Typically, your mailbox provider has email sending limits. You can also set Apollo-specific sending limits. Apollo recommends starting with conservative sending limits—such as 50 emails per day and 6 per hour—to maintain a strong sender reputation. Exceeding these limits can negatively impact deliverability. |
| Configure an Unsubscribe Link | To stay compliant and respectful of your audience, every email in Apollo should include an unsubscribe link. Apollo makes it easy to add one in your signature or email templates, helping reduce spam complaints and keeping your domain reputation healthy. |
| Set Up a Custom Tracking Subdomain | Custom tracking subdomains help protect your primary domain and boost email deliverability. Follow these steps to set one up and align it with your authenticated domain for maximum effectiveness. |
| Avoid Spam Filters | Keep your emails out of spam by following Apollo's anti-spam best practices. Learn how to warm up inboxes, avoid spam-triggering content, and maintain sending consistency. |
| Email Deliverability 101 Webinar | Learn how to set up your domain, authenticate email, and avoid spam traps in Apollo's Email Deliverability 101 webinar. Ideal for teams focused on hitting inboxes consistently. |