How do I show 'signed by' my domain when using Amazon SES or Mailchimp?
Summary
What email marketers say9Marketer opinions
Email marketer from EmailGeek Forum suggests verifying that the 'From' address in your emails matches the domain you're authenticating. If you're authenticating example.com, make sure the 'From' address is something like newsletter@example.com and not a generic address like @gmail.com. This helps with domain alignment.
Email marketer from Email on Acid explains that email authentication (SPF, DKIM, DMARC) is critical for ensuring your emails are 'signed by' your domain and not by the ESP (Amazon SES or Mailchimp). It improves deliverability by proving to ISPs that you are authorized to send emails on behalf of your domain.
Email marketer from SendGrid Blog says to check your DMARC policy. If your DMARC policy is set to 'reject' or 'quarantine' and your DKIM or SPF alignment is failing, your emails might not be properly 'signed by' and could be rejected by receiving mail servers. Ensure your DKIM and SPF are aligned with your DMARC policy.
Email marketer from Mailjet explains that DKIM alignment is critical. This means the domain used in the 'From' address of your email must match the domain used in the DKIM signature. Without proper alignment, some email clients might not display 'signed by' your domain, even if DKIM is technically valid.
Email marketer from Campaign Monitor shares that a good domain reputation is important. If your domain has a poor sending reputation (e.g., due to spam complaints), even properly authenticated emails might not always display 'signed by' due to filters designed to protect recipients from potentially harmful senders.
Email marketer from Stackoverflow responds that ensuring the Return-Path (the MAIL FROM address) is a subdomain of your sending domain can help. If you're sending from user@example.com, configure SES to use a Return-Path like bounces@mail.example.com. This increases the chances of your domain being properly displayed in the 'signed by' field.
Email marketer from Reddit shares that the 'signed-by' yourdomain.com' only appears when you've correctly setup DKIM records. Sometimes, DNS propagation delays can cause initial issues, but once the records are fully propagated, the 'signed by' should display correctly.
Marketer from Email Geeks asks if Sendgrid enables the user to sign with their own domain, mentioning having configured it in the past.
Email marketer from Litmus suggests using email testing tools to verify your DKIM and SPF records and check how your email is rendered in different email clients. These tools can help identify if the 'signed by' your domain is displayed correctly and highlight any configuration issues.
What the experts say4Expert opinions
Expert from Word to the Wise answers that for the 'signed by' to appear correctly, proper DKIM authentication is absolutely necessary and to look into the "Authenticated Identity" as a key factor. This is the identity that has been verified through DKIM, DMARC and SPF to be able to have emails signed by the domain. Ensure the `From:` header and other headers are using the same domain so this is aligned.
Expert from SpamResource explains that ensuring proper DKIM setup with third-party senders like Amazon SES or Mailchimp is crucial. They emphasize checking that the DKIM signature's 'd=' tag matches your sending domain. They also note that sometimes DNS propagation issues can prevent the 'signed-by' from appearing correctly immediately after setup.
Expert from Email Geeks explains that implementing DKIM for each domain/service provider, aligned with the mailing domain, will remove many of the 'Sent via [service]' options.
Expert from Email Geeks shares that segmenting mail streams by subdomains (marketing.domain.com, support.domain.com, etc.) allows each subdomain to have its own authentication and run independently on multiple services. Suggests setting up DMARC at p=none to identify all mail originating from your domains.
What the documentation says5Technical articles
Documentation from Amazon Web Services clarifies the difference between the envelope sender (MAIL FROM) and the header sender (From address). For 'signed by' to reflect your domain, ensure that the MAIL FROM domain is properly configured and aligned with your DKIM settings. If the MAIL FROM domain is not aligned, it may show 'via amazonses.com' instead.
Documentation from Amazon Web Services explains that to show 'signed by' your domain with Amazon SES, you need to configure DKIM (DomainKeys Identified Mail). This involves generating DKIM records, adding them to your DNS configuration, and then verifying the DKIM setup within the Amazon SES console. Proper DKIM configuration ensures that emails sent through SES are cryptographically signed, proving they originated from your domain.
Documentation from IETF explains that for the DKIM signature to be valid and for your domain to be properly recognized, the 'd=' tag in the DKIM signature header must match the domain you are claiming to send from. Ensure this is correctly configured in your DKIM settings.
Documentation from Mailchimp explains that to show 'signed by' your domain in Mailchimp, you must authenticate your domain. This involves adding CNAME records provided by Mailchimp to your domain's DNS settings. Domain authentication verifies that you own the domain and gives Mailchimp permission to send emails on your behalf, improving deliverability and displaying your domain in the 'signed by' field.
Documentation from Mailchimp notes that while DKIM is the primary method for authentication, ensuring your SPF record includes Mailchimp is still recommended for best deliverability. While SPF alone won't guarantee 'signed by' your domain, it contributes to overall authentication strength.
Related resources0Resources
No related resources found.