Domain authentication is the process that allows you to tell email service providers that Method is a trusted sender from your domains. Domain authentication is about security and deliverability, as it helps you protect your brand's reputation and ensures your emails successfully reach recipients’ inboxes.
Authenticating your domain involves publishing DNS records to establish your domain reputation.
NOTE: There are two types of DNS records you can add:
CNAME records.
MX, SPF, DKIM, and DMARC records. If you choose to add these records, configuring your DMARC is required. Emails sent without proper DKIM/DMARC configuration will be marked as spam, and negatively affect your domain reputation.
The first option, CNAME records, is selected by default and recommended.
Add your custom domain in Method
The domain authentication section is on your Account Settings page, under Communications. To verify and authenticate a custom domain, follow these steps:
Click your Profile icon in the upper-right and then click Account Settings.
Select Communication.
By default, you will be in the Email Settings tab. Within the Domains section, click the Add Domain Button (only visible when sending via Method Servers).
You will be prompted for a domain name. Type the domain of the email addresses you’ll use to send your emails.
e.g If you send emails from sales@best4youservices.com, enterbest4youservices.com.
Keep
Use automatic security (recommended) selected to add CNAME records. If you would prefer to add MX and TXT records, please jump to the section Using SPF, DKIM and DMARC Authentication.Click the Add button and your custom domain will be added to Method. Beside the Pending status, note the carat [ ∨ ] symbol. Click it to expand some records you need for the next section.
It's now time to log into your DNS provider.
Update your DNS provider to Verify your Domain.
Log in to your DNS provider in a new window. If you do not know your DNS provider, you can use this tool.
From step 6 of the previous section, copy the records from Method:
Paste each record you copied from Method into the relevant fields in your DNS provider. This process differs slightly depending on your DNS provider. For convenience, we've listed some widely used DNS providers below:
When your DNS records are successfully propagated, back in Method, you should see the Verification status “Verified” with a green indicator. You are now ready to start sending messages with your authenticated custom domain.
NOTE: Typically, the DNS record propagates in 5 to 10 minutes, but in rare cases, it can take up to 24 hours, especially if you recently purchased this domain. To check the status of your DNS record, return to the Method's Account Settings page and click “Refresh Status”:
How to remove an authenticated email domain
Click your Profile icon in the upper-right and then click Account Settings.
Select Communication.
By default, you will be in the Email Settings tab. Within the Domains section, expand the carat [ ∨ ] symbol to view an authenticated domain.
Click Delete.
Confirm in confirmation modal.
Using SPF DKIM and DMARC Authentication
Within Method, you can manually set up MX, SPF, DKIM, and DMARC records when adding a custom domain.
This is done by unchecking 
Use automatic security (recommended) when adding a domain.
It’s important to note that you will not be required to modify your current records. Instead, we are asking our customers to add new records to their DNS, which will allow Method to send emails on your behalf without affecting your current setup.
To do this we provide unique sub-domains for our email sending services, ensuring that there’s no interference with your main domain's email flow, or existing DNS settings.
Here’s how you can proceed with adding the 3 provided records:
MX Record:
This should be added as a separate record and has a unique sub-domain (like em1234) which means it will not conflict with existing DNS settings. This record enables the “return-path”.
The return-path is an email header, and it defines an address that is separate from your original sending address. The return-path address tells email servers where to send feedback such as delayed bounces and unsubscribes.
TXT (SPF) Record:
This should be added as a separate record and has a unique sub-domain (like em1234) which means it will not conflict with existing DNS settings. This is scoped to the unique sub-domain and will have no conflict with existing SPF records.
The SPF record is a TXT record that lists the IP addresses approved by the domain owner. It imposes restrictions on which email servers are authorized to send emails from your domain. SPF records, stored as TXT records on your domain, specify the servers permitted to send emails using your domain name.
TXT (DKIM) Record:
This should be added as a separate record and has a unique selector specific to Method. This new record will have no conflict with existing DKIM records.
Priority for this DKIM record can be left as 0 for all records.
DomainKeys Identified Mail (DKIM) is an authentication protocol used to verify the legitimacy of an email sender. It utilizes public key encryption to confirm the sender's identity, ensuring that the domain aligns with the encrypted domain. We are using a 1024-bit DKIM key.
On DMARC Policies
Domain-based Message Authentication, Reporting, and Conformance (DMARC) comprises a set of policies determining actions when DKIM and SPF configurations are incorrect. It also links the sender's domain with the information in the From: header, providing enhanced reporting from mail recipients.
DMARC is a TXT record you need to add to your DNS records. Configuring your DMARC is required to send emails via Method from an authenticated domain. If you do not have a DMARC policy enabled, your emails may not be delivered to recipients' inboxes.
DMARC supports three main policy configurations:
"None" - Indicates that emails should be treated normally if DMARC fails. It is equivalent to not having a DMARC record, although you can still use DMARC's reporting features.
"Quarantine" - Indicates that emails should be delivered to the spam folder if the DMARC check fails.
"Reject" - Indicates that emails should be bounced (not delivered to the recipient) if the DMARC check fails.
Implementing a DMARC policy of "Quarantine" or "Reject" will require a proper DKIM record setup for your sending domain, or else your mail from Method will fail the DMARC test. Ensure you set up DKIM for all your sending domains before setting up a strict DMARC record.
Optional: Add a DMARC RUA Tag
The DMARC RUA tag allows you to receive DMARC Aggregate Reports at an email address or addresses. These reports can provide valuable insight into domain spoofing or phishing attacks impersonating your domain, which may impact your business and reputation.
Be advised when setting the email address to receive reports you will want to select one that will be solely dedicated to receiving these reports, as there can be hundreds to thousands per day depending on your mail volume. It is also recommended to use a DMARC report processing service so that you will be able to make sense/take action on these reports without being inundated.
FAQ
What is a DNS provider? How can I look mine up if I don’t know it?
DNS providers—also called “registrars,” “web hosting,” or “domain hosting” companies—are the entities that allow you to add DNS records.
Typically, your domain is hosted by the company that you bought the domain from. Popular domain vendors include GoDaddy, CloudFlare, and Siteground. If you’re not sure of your DNS provider, you can use this tool.
Will the domain authentication process overwrite my existing DNS records?
It’s important to note that you will not be required to modify your current MX, SPF, DKIM, or DMARC records. Instead, we are asking our customers to add new records to their DNS, which will allow us to send emails on your behalf without affecting your current setup.
To do this we provide unique sub-domains for our email sending services, ensuring that there’s no interference with your main domain's email flow, or existing DNS settings.
Here’s how you can proceed with adding the 3 provided records:
MX Record:
This should be added as a separate record and has a unique sub-domain (like em1234) which means it will not conflict with existing DNS settings. This record enables the “return-path”.
The return-path is an email header, and it defines an address that is separate from your original sending address. The return-path address tells email servers where to send feedback such as delayed bounces and unsubscribes.
TXT (SPF) Record:
This should be added as a separate record and has a unique sub-domain (like em1234) which means it will not conflict with existing DNS settings. This is scoped to the unique sub-domain and will have no conflict with existing SPF records.
The SPF record is a TXT record that lists the IP addresses approved by the domain owner. The receiving server can compare the email sender’s actual IP address to the list in the SPF record.
TXT (DKIM) Record:
This should be added as a separate record and has a unique selector specific to Method. This new record will have no conflict with existing DKIM records.
Priority for this DKIM record can be left as 0 for all records.
DomainKeys Identified Mail (DKIM) is an authentication method that uses asymmetric encryption to sign and verify your email. We are using a 1024-bit DKIM key. With DKIM implemented, the sending email server adds a cryptographic signature to your emails' headers. The DKIM record is a TXT record that stores the DKIM public key.
How do users send email from an authenticated domain?
Once an administrator has authenticated a domain on an account, all users will be able to modify their notification address to send from that domain. Users will need to navigate to Profile - Email Settings, and select the checkbox “Send from authenticated domains.” The domain name will then populate and they can input their email prefix.
What if I am using Method: Classic?
We’ve got your back. When on the Customize Tab, go to My Account, Default Email Preferences, and click on the hyperlink in the first paragraph to navigate to Method: New, where you can authenticate a domain. This won’t migrate you over to Method: New, it just allows you to make use of the new domain authentication functionality while continuing to use Classic. Win-win scenario!
