Events
Mar 31, 11 PM - Apr 2, 11 PM
The ultimate Microsoft Fabric, Power BI, SQL, and AI community-led event. March 31 to April 2, 2025.
Register todayThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Domain authentication is important for many reasons:
The primary purpose of email-domain authentication is to protect both the sender and the recipient from any potentially fraudulent activities using email like spam, phishing, or scams by enabling SPF and DKIM.
DomainKeys Identified Mail (DKIM) is a method that helps to protect email content and headers. It's based on public/private key encryption and signatures verified using published DNS records for sender domain. This type of encryption provides valuable feedback to the recipient, that the email is sent from a verified sender. And its content hasn't been modified during the transfer phase.
SPF is another type of protection and authentication that ensures that an email was sent from a trusted source (IP address) set up by a sender domain owner.
When you error check or go live with a marketing email message, the verification system requires that the message uses a from-address from an authenticated domain registered and confirmed for your organization. You get an error if you try to send a message that has a from-address from an unregistered domain.
To learn more about email marketing and deliverability, see Best practices for email marketing. To learn more about embedded forms and prefilling, see Integrate with landing pages on external websites.
By default, all new Dynamics 365 Customer Insights - Journeys installations come with a preauthenticated sending domain ending in dyn365mktg.com. The preauthenticated domain is there to help you start sending authenticated emails right away. This domain is designed only for initial feature testing or demo purposes as it doesn’t have an email reputation and isn't connected to your organization. It's required that you authenticate your own actual sending domains right away so your authenticated messages will show a from address that recipients recognize as coming from your organization. Authenticating your own domain allows you to manage your sending reputation and will improve brand recognition and deliverability results.
When a user creates a new email, the From address is automatically set to the email address registered for that user's Dynamics 365 Customer Insights - Journeys user account. However, if that email address uses a domain that isn't yet authenticated using DKIM, then the initial From address will be modified to use an authenticated domain (email addresses use the form account-name*@*domain-name). The resulting From address will still show the account-name of the user creating the message, but will now show a DKIM-authenticated domain-name that's registered for your Customer Insights - Journeys instance (for example, MyName@contoso.s01.dyn365mktg.com), which will provide the deliverability benefit, but probably isn't a valid return address.
Set up as many authenticated domains as you need to cover all the from-addresses you use in your marketing emails, plus all domains and subdomains where you want to support embedded forms with prefill enabled.
Important
To use form pre-filling, the page hosting the form must be served over HTTPS (not HTTP).
Form pre-filling is only supported in outbound marketing forms.
Note
All new instances and trials automatically authenticate their instance domain with DKIM and SPF and set that domain as the default sending domain for your instance. Therefore, you'll usually see at least one authenticated domain already set up for all new instances. It should not be used for production email sending purposes, as it is designed only for initial testing purposes. Make sure to authenticate your own domain before you go live.
To benefit from domain authentication, the from-address for each message you send must show a domain that you've previously authenticated. Microsoft is dedicated to helping our customers achieve maximum email deliverability, so we've added a few features to help make sure you don't overlook or inadvertently work around your domain setup:
To set up an authenticated domain in Dynamics 365 Customer Insights - Journeys you'll need to access your domain’s DNS control panel to be able to add new records as you go through the domain authentication process.
To authenticate a domain:
Here’s an example of an error message that states that TXT Ownership key wasn't found published in the DNS, which means either the record wasn't yet published, or it has some mistake/typo.
After everything is finished, you'll see green checkmarks next to each DNS record and Confirmed status on your dashboard, which means that your domain authentication is ready.
Note
You can authenticate more than one domain or subdomain of your choice.
www.yourdomain.com and yourdomain.com are 2 different domains and should be added separately.
Technically it is possible to add www.yourdomain.com to use it for sending emails, but we do not recommend doing that as the From email address would look like markreting@www.yourdomain.com instead of marketing@yourdomain.com.
There are known issues when it is not possible to add a TXT record to a domain or subdomain due to DNS limitations, as it already has existing working CNAME record published.
In such cases you may use an alternative method for domain ownership confirmation. Instead of adding TXT record to the root of domain/subdomain you need to create a TXT record for a subdomain dynmktown.yourdomain.com.
This will validate your ownership for domain yourdomain.com.
The same scenario will work for a subdomain. For example, to validate domain mail.yourdomain.com you will need to add a TXT record to dynmktown.mail.yourdomain.com.
The domain authentication wizard described above provides all the configuration needed according the RFC standards. However, there are a few email providers that don't follow the RFCs and validate received emails by verifying the From address with the SPF record. To prevent email bounces from these email providers, you can update the SPF record in your domain to include the Customer Insights - Journeys domain. To do this, update the existing SPF record by adding include: <dynamicssendingdomain>
, where <dynamicssendingdomain>
is the value as obtained in the registration for the Envelope-From (ind.pb-dynmktga.com in the screenshot shown above).
When modernized business units are turned on, and business unit scoping is enabled, the domain authentication wizard gives users the ability to select on what business unit they want their domain to be authenticated.
When a business unit is selected for a domain, this domain is accessible only for this business unit unless you select to make it shareable across your organization.
To authenticate a domain for a business unit:
Events
Mar 31, 11 PM - Apr 2, 11 PM
The ultimate Microsoft Fabric, Power BI, SQL, and AI community-led event. March 31 to April 2, 2025.
Register todayTraining
Module
This module discusses the importance of domain authentication, email best practices, and how Dynamics 365 Customer Insights - Journeys can help organizations work in compliance with GDPR.
Certification
Microsoft Certified: Dynamics 365 Fundamentals (CRM) - Certifications
Demonstrate fundamental knowledge about the customer engagement capabilities of Microsoft Dynamics 365.