Overview

Authenticating your email domain ensures your emails reach users’ inboxes rather than getting flagged as spam. In Userpilot, you can send emails using your domain by following a few simple steps. This guide walks you through the full domain setup and authentication process.

Why domain authentication matters

Before sending emails from your domain using Userpilot, your domain needs to be verified. Domain authentication improves email deliverability, builds sender trust, and ensures compliance with security protocols like SPF, DKIM, and DMARC.

Get started

Step 1: Add your domain

If no domain has been added yet, you’ll see an empty state with a clear “Add Domain” button under the Email → Domains tab in your settings.
  1. Go to Settings → Email → Domains
  2. Click Add Domain
  3. Enter the domain you want to use (e.g., yourcompany.com)
  4. Click Create
DomainThis is your main company domain (e.g., example.com). Adding and authenticating your domain ensures emails sent through Userpilot are recognized as coming from your business rather than generic servers. It improves deliverability and reduces the chance of emails going to spam.SubdomainThis is a dedicated subdomain you set up for sending emails (e.g., mail.example.com). Using a subdomain separates your marketing or product emails from your main domain traffic.Benefits of a subdomain
  • Protects your main domain reputation in case of deliverability issues.
  • Keeps email activity (like SPF, DKIM, DMARC records) isolated and easier to manage.
  • Improves inbox placement and reduces the risk of emails landing in spam.
  • Provides clearer tracking for engagement and analytics.
Screenshot 2025-08-17 at 17.13.26.png Once added, your domain will appear in a list with a default status of “Unauthenticated”.

Step 2: DNS records are generated automatically

After adding your domain, Userpilot’s backend (powered by AWS SES) will generate the required DNS records to authenticate your domain. You’ll see six DNS records appear under the domain you added:
  • 3 DKIM (CNAME) - for email signing and integrity verification.
  • 2 DMARC/SPF (TXT) - for domain validation and anti-spoofing policies.
  • 1 SPF (MX) - For mail routing validation
Each record includes:
  • Record Type (CNAME or TXT or MX)
  • Name
  • Value
  • Status (Authenticated / Unauthenticated)
Useful terms to know
  • DomainKeys Identified Mail (DKIM) DKIM helps prove that an email really came from your domain. It does this by attaching a digital signature to the message, which can be checked by the recipient’s email service to verify it hasn’t been altered and was sent from an authorized source.
  • Sender Policy Framework (SPF) SPF is a way to tell the internet which mail servers are allowed to send emails on your behalf. It uses a special DNS record to list approved IP addresses, helping prevent spoofing and keeping spam filters happy.
  • Domain-based Message Authentication, Reporting & Conformance (DMARC) DMARC builds on both SPF and DKIM. It tells receiving mail servers how to handle messages that fail authentication and provides reports back to you so you can keep tabs on your domain’s email activity and block fraudulent attempts.

Step 3: Add DNS records to your email provider

To complete domain verification, you or your developer must copy and paste these records into your domain’s DNS settings (usually via your domain host like GoDaddy, Cloudflare, or Namecheap).
ImportantDNS propagation can take up to 48 hours. However, most changes reflect within a few hours.

Once authenticated

When all six records are marked as Authenticated:
  • You’ll be able to send emails directly from your domain.
  • Your emails will be less likely to land in spam folders.
  • You’ll comply with major email provider authentication standards.
screencapture-nxtg-dev-userpilot-io-settings-email-settings-domains-2025-08-17-17_11_04.png
  • You can manage multiple domains, each with its own authentication status.
  • You can only edit or delete a domain before it is authenticated.
  • The domain you authenticate can be reused for different types of emails (e.g., onboarding, product updates).

Best Practices

  • Use a subdomain (e.g., mail.yourcompany.com) dedicated to email sending.
  • Avoid using personal domains like gmail.com or yahoo.com as they can’t be authenticated.
  • After DNS records are added, monitor the status regularly to ensure continued authentication (in case of DNS changes or expiry).