Constant Contact DKIM And DMARC Setup Guide

Key Takeaways

You must set up DKIM to achieve DMARC compliance for emails sent via Constant Contact.
Constant Contact handles the “Envelope From” address, meaning SPF alignment will fail. This is normal and does not affect deliverability if DKIM is set up correctly. Do not waste a DNS lookup by adding the Constant Contact SPF include.
Constant Contact offers authentication via CNAME records (recommended) or a TXT record.
Begin with a monitoring policy (p=none) and transition to quarantine/reject once you are confident in your setup.
Use PowerDMARC tools to instantly confirm that your DKIM and DMARC records are active and error-free.

Setting up DKIM and DMARC for Constant Contact is crucial for ensuring your marketing emails are authenticated, trusted by mail servers, and reach your customers’ inboxes reliably. Since Constant Contact handles the “Envelope From” address, DKIM alignment is the key to DMARC compliance.

This guide focuses on configuring DKIM for Constant Contact and the necessary steps to set up a DMARC record, ensuring you pass authentication checks.

Steps to Configure Constant Contact DKIM Records

Constant Contact gives two methods for self-authentication: using CNAME records or a TXT record. The first option is recommended, as it makes management easier.

Option A: Self-authenticate using DKIM CNAME Records

1. Go to your Constant Contact account.

2. Click your profile name in the upper-right corner and select My Account > Settings.

3. Click the Advanced settings tab.

4. Click Add self-authentication.

5. On the pop-up, choose “Self-authenticate using DKIM CNAME records,” and click Continue.

6. From the pop-up, choose the domain you wish to authenticate. If your domain isn’t listed, select “Select another domain” to add and verify it. Click Continue.

7. Constant Contact will provide two CNAME records. Copy both the Host/Name and the Value for each record.

8. Publish CNAME Records in DNS:

- Log in to your DNS provider’s management console.

- Add the two new CNAME records: paste the Host/Name and the Value exactly as provided by Constant Contact.

9. Click Ok and then Got it in Constant Contact. The setup may take 24-48 hours to propagate.

10. After 24-48 hours, return to the Advanced settings tab, click Check status, and then Activate to finalize the authentication process.

Option B: Self-authenticate using a DKIM TXT Record

This option is recommended if you have multiple Constant Contact accounts using the same domain.

1. Follow steps 1-4 from Option A.

2. Choose “Self-authenticate using a DKIM TXT record” and click Continue.

3. Choose the domain you want to authenticate and click Continue.

4. Click on Generate Key.

5. A DKIM public key (TXT record) will be generated. Copy the Host/Name and the full Value.

6. Publish TXT Record in DNS:

Add a new TXT Record
Set the Host/Name to the value provided by Constant Contact.
Paste the full Value (the public key string).

7. The propagation is usually fast. Return to the Advanced settings tab, click Check status, and then Activate to finalize the authentication process.

Steps to Configure Constant Contact SPF Records

As per official Constant Contact documentation, you do not need to create an SPF record for Constant Contact. Constant Contact’s server always manages the “Envelope From” domain, which is the domain checked during an SPF record lookup.

For DMARC alignment to succeed, the “Envelope From” domain must match your “From address” domain. Since Constant Contact’s domain will not match your own, the SPF alignment will always fail, a common outcome with most Email Service Providers (ESPs). Adding include:spf.constantcontact.com to your existing SPF record is ineffective for achieving alignment; it merely whitelists their IP addresses and wastes one of your valuable DNS lookups.

Steps to Enable DMARC Record

As DKIM is already properly configured, you are ready to implement DMARC.

Please note that Constant Contact provides a DMARC record, and it’s the same DMARC record for both methods.

However, this is a basic record and is not enough for comprehensive security. It does not provide monitoring, so you need to generate the DMARC record with an external tool.

1. Generate Your DMARC Record: Use PowerDMARC’s DMARC generator tool to create your record.

Go to Analysis Tools > DMARC Record Generator.

Policy: Select p=none (Monitoring).
Note: Start with “None” to monitor traffic. Once you are confident with your setup and deliverability, you should gradually move to “Quarantine” or “Reject” to block spoofers while continuing to monitor your reports.
Reporting: PowerDMARC automatically provides “RUA” and “RUF” email addresses so you can monitor parsed, human-readable DMARC reports directly from our dashboard.
Generate.

2. Add the DMARC TXT record to your DNS

- In your DNS provider, create a new TXT record.
- For the Host or Name of the record, enter _dmarc.
- For the Value, paste the full DMARC record you generated.

3. Save the TXT record.

Verify Your DNS Records with PowerDMARC

1. Go to your PowerDMARC Dashboard.

2. Navigate to Domain Health

3. Input your domain name to check all your DNS records at once with our domain health checker.

As you configure SPF, DKIM, and DMARC for Constant Contact, expect to see:

Better and stronger domain protection from various forms of cyberattacks.
An increase in your email deliverability rate.
More credibility in the eyes of your recipients.
More detailed insights into those sending emails on your domain’s behalf

Sign up on PowerDMARC to improve the quality of your email communications and ensure the highest level of security for you and your recipients.

About
Latest Posts

Yunes Tarada

Domain & Email Security Expert at PowerDMARC

Yunes is an Operations Team Lead at PowerDMARC with expert knowledge in email authentication and security. Yunes is a Microsoft-certified Azure Administrator Associate with certifications in CompTIA A+ and many more.

Constant Contact DKIM and DMARC Setup Guide