Authenticate your domain

If you authenticated your domain before May 2021, you may have 1028-bit DKIM keys. To ensure you have the best possible protection in place, please upgrade to 2048-bit keys, which is recommended by the National Institute of Standards and Technology (NIST). How to upgrade.

When sending emails from Totango to your customers (campaigns, external touchpoints) and to your internal team via Totango notifications, messages will have a default from address as campaigns@totango.co (not .com).

As a best practice, we recommend you update the default configuration (external and internal) to ensure emails are delivered from your own domain, where available. This practice is commonly referred to as "white labeling." Doing so ensures a higher open rate and that the receiver's mail system does not mark the email as SPAM.

To make these changes on your DNS, you must have administrative privileges to your DNS configuration. If you do not, reach out to your networking team or contact the person who owns the contract for your domain address within your organization. 

Additional details for internal custom domains

Emails that are sent via noreply@totango.com (e.g., task notifications, new user invitations, etc.) will still send from that email address for some users; please make sure you white-list this email address.

For some other internal emails (e.g., digest emails sent from Zoe share), the email domain of the Totango user sharing must match the domain you use for white-labeled internal communications.

Scenario 1: If jerry@companydomain.com uses Zoe to share information, then companydomain.com should ideally be what you authenticate as your internal domain. If your internal and external domains are the same in this case, please also ensure you "use custom DKIM" option when configuring authentication (see below).

Scenario 2: If your Totango users' email address domains are not the same as the domain you authenticate as your internal domain (e.g., jerry@companydomain.com but internal domain is alternativedomain.com) we recommend adding a dedicated Totango user with the internal domain as the email address so you can use Zoe share through this user (e.g., user@alternativedomain.com).

To authenticate a custom domain

  1. From with Settings, click Customer Engagement > Domain Authentication.
  2. Choose the tab for which you want to configure domain settings.
    • External: Emails sent from Totango to your customers (e.g., campaigns, touchpoints)
    • Internal: Email sent from Totango to your Totango team members (e.g., task notifications, daily digests)

      White-labeling your domain for internal communications is optional. Internal and external domains may be the same, in which case it’s required to use custom DKIM. See below.

  3. Enter your domain name.
  4. Configure advanced settings:
    • Use custom dkim: By default, SendGrid uses the prefix is s1. However, if your organization already uses SendGrid and the 's1' prefix is already taken or you've used it previously, check the box and provide a different prefix.
    • Use custom sub-domain: If you want to use a custom subdomain, use this option so the system can provide the right DNS records based on subdomain that is entered. For example, if your domain is awesomecompany.com and your custom domain is mail, the "mailed-by" is mail.awesomecompany.com. 

      Despite the tooltip at the verification, it is not necessary to use customer-success-campaigns subdomain when authenticating the internal domain.


    • Use manual security: If your DNS provider does not accept underscores in CNAME records, use this option to have Totango generate 1MX and 2 TXT records to be added to the domain hosting settings. Learn more from SendGrid.

      This option does not support 2048-bit DKIM keys (see FAQs below).

  5. Click Save changes.
  6. Totango provides updated information that you can use to update your CNAME record with your domain registrar. (Your domain registrar is the service provider or host of your company's domain/website.)
  7. After you've updated your record with your domain registrar, click Validate.
  8. Once all updates are validated the white labeling is on. Totango will check your DNS records for relevant values. 

Depending on your DNS provider, changes you make may take up to 24h to propagate through the Internet. Some AdBlock Plus browser add-on filter subscriptions might block some areas of the campaign settings. Known filters are Fanboy's Social Blocking List.

FAQs

Question: What email delivery service (EDS) do you use?

Answer: We use SendGrid.


Question: What if we already use SendGrid?

Answer: Use a custom DKIM to use Sendgrid with multiple solutions.


Question: What key length does SendGrid use?

Answer: Whenever you authenticate your domain in Totango, SendGrid creates new 2048-bit DKIM keys. If you authenticated your domain after May 2021, you have 2048-bit DKIM keys.


Question: How can I verify which key length I have (1024-bit or 2048-bit)?

Answer: You can use this online tool to easily check key length. The tool asks for the selector and domain. If the your DKIM key was at s1._domainkey.awesomecompany.com, then you would enter “s1” in the selector field and “awesomecompany.com” in the domain field.


Question: I have 1024-bit DKIM key. How can I upgrade to 2048-bit?

Answer: You will need to complete the domain authentication steps in Totango again. 

  1. Select the Use custom dkim check box. Enter a prefix that is different from the current prefix (s1 is used by default).
  2. Ensure the Use manual security option is not checked.
  3. Click Update.
  4. Use the new information to update your CNAME record with your DNS provider. When finished, click to Validate. (After validation, the 1024-bit key is no longer in use. As far as the system is concerned, you may remove it.)

Question: Is Totango DMARC Compliant?

Answer: DMARC is configured on the customer side. You can find more information at: https://docs.sendgrid.com/ui/sending-email/how-to-implement-dmarc

CommScope enables the DMARC stage-"enforcement" for our domains. This DMARC stage instructs receiving email servers to send any unauthorized (DMARC non-compliant) emails from a CommScope domain into the recipients’ spam folders or quarantine the emails. As a result, if external email services do not collaborate with our CommScope NSO team to establish compliance, the emails sent by this service will be quarantined by other companies receiving email servers and handled as “Spam or Junk.”

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request