At Boxcar Marketing, we use Campaign Monitor to send out the Underwire Newsletter and other client newsletters. Last week I kept getting my test emails flagged in gmail as spam or spoofed addresses. Well, it required a bit of troubleshooting, like 2 days back and forth because DNS settings can take hours to update. Finally I'm in the clear, the domains are authenticated and email is going to the inbox. Hooray.
My future self will thank me for saving these links:
- Manage Your Own Domain Authentication in Campaign Monitor
- Email Authentication Troubleshooting for DKIM
Here are my DKIM troubleshooting tips for domain authentication:
I use the agency account type in Campaign Monitor because I send email for Boxcar Marketing and other clients. My first challenge turned out to be that I had to grab the private keys from the original accounts I set up authentication for. I did not realize that I had multiple clients using the same authenticated domain. Here is how to get those keys: https://help.createsend.com/admin/multiple-clients-same-authenticated-domain
That should work for you. But if it doesn't you might need to take a closer look at your account’s authenticated domain and pasted the DKIM record into Email Stuff. My super customer support person at Campaign Monitor found that the current DKIM record was using an older, 768 bit key. Blerg. That means that some email clients make it harder for campaigns to land in the inbox because they don't believe it's secure enough. Thankfully, there's a fix to this! She created a new 1024 bit DKIM record. Getting this into operation was a multi-step operation:
1. First you will need to create the new TXT record in your DNS provider's settings.
2. Once that's done, and your DNS provider has updated that record on their end and the new domain shows as valid in your Campaign Monitor Authentication Settings, then you can go into the Authentication Settings and delete the old key.
3. Now you can start using that newly updated domain for your sending. Note, however, that once the new record comes through as valid in the account's Authentication settings and you've deleted the old record from the account's authentication settings, all brand new drafts created in the account will be able to select that authenticated domain in the sender details for the FROM email address. However, for current drafts in the account, you'll have to update their sender details to use the new domain. You should be able to do that by clicking on the draft, selecting the 'edit' button up by the sender details header, and then selecting your domain from the drop down menu in the From field. You'll then see a gold key, which means the campaign draft will be sent using your authenticated domain. BUT that did not work for me. So I created a new campaign, based on the draft of the current campaign–which I renamed to avoid confusion–and then I was able to send successfully authenticated email campaigns that landed in the inbox. Hooray
4. Last step, in a week or so, once all outstanding mail has been delivered, I will go into the DNS provider's settings and delete the *old* TXT record in the control panel.
Thanks Sofia!