Customer.io is a customer engagement platform that helps businesses build personalized journeys across channels like SMS, email, in-app messaging, and push notifications. To ensure smooth email delivery, domain authentication is recommended, and it’s easy with the right tools. Here’s how to quickly set up SPF, DKIM, and DMARC for Customer.io.
You can refer to Customer.io’s authentication document for more information.
Key Takeaways
- To enable SPF, DKIM, and DMARC on Customer.io, add your sending domain.
- Start the domain verification process to access DNS records.
- Add the Customer.io SPF, DKIM, and DMARC records to your DNS.
- Head back to the Customer.io portal to verify your authentication setup.
- Sign up with PowerDMARC to enable reporting and monitoring for your Customer.io emails.
Key Notes on Domain Authentication in Customer.io
- Customer.io does not require changes to your root domain. All authentication is handled via a subdomain.
- Add Customer.io’s SPF, DKIM, and tracking records to a subdomain (like email.yourdomain.com). This keeps settings isolated and prevents conflicts with existing DNS configurations.
- When adding Customer.io’s DNS records, avoid deleting any existing records in your DNS. Doing so could hurt email performance.
- Your DMARC record should be placed on the root domain, not on subdomains.
Example: _dmarc.yourdomain.com
Not: _dmarc.subdomain.yourdomain.com
Adding a Sending Domain in Customer.io
To add a new sending domain in Customer.io, follow these steps:
1. Log in to the Customer.io portal and go to Settings > Workspace settings
2. On your Workplace settings page, click on “Email” under Journey Settings > Messaging.
3. Click “Add Sending Domain”.
4. Be sure to input the Domain, Display Name, and Email Address that you will use to send messages. Then click “Add Domain.”
Configuring Customer.io DNS Records
When you are done adding a sending domain and including the From address, you should click Verify domain. This will help you locate the DNS records that Customer.io suggests you configure.
According to their authentication document, you are required to add four DNS records to your DNS hosting provider for each domain from which you will be sending emails.
1. Customer.io MX Records
You need to set up a single MX (Mail Exchange) record that includes two hostnames to enable email delivery from your domain. This setup is essential for receiving bounce notifications and spam feedback.
2. Customer.io SPF Record
SPF is an email authentication protocol that helps authorize your senders.
The SPF record for Customer.io is a single TXT record that authorizes Customer.io to send emails on your domain’s behalf. SPF (Sender Policy Framework) records help specify which IP addresses are permitted to send emails on behalf of your domain.
3. Customer.io DKIM Record
DKIM is an email authentication protocol that enables sending servers to append a digital signature to outgoing emails, preventing the chances of message alterations in transit.
By adding the DKIM TXT record to your domain, you allow Customer.io to attach an encrypted DKIM signature to your outgoing emails. This signature helps email providers confirm that the message was sent by you and hasn’t been tampered with along the way.
4. Customer.io DMARC Record
- Customer.io checks if your DMARC policy meets Google, Yahoo, and Microsoft’s email sending requirements.
- The DMARC record enables you to determine how you want to deal with emails that do not pass SPF and DKIM checks. Here is the minimum requirement: v=DMARC1; p=none.
- If you already have a different DMARC policy in place with your hosting provider, Customer.io will reflect that record instead.
- Customer.io advises to only add _dmarc as a subdomain on your root domain. Never add it to your subdomains. It should look like this: _dmarc.root-domain.com.
Notes:
- If you’re using Customer.io’s built-in delivery servers, ensure your DMARC policy includes aspf=r and adkim=r. This allows some domain flexibility and helps emails pass DMARC checks even if SPF/DKIM domains don’t match exactly.
- If your DMARC policy doesn’t mention aspf or adkim, you’re all set—DMARC defaults them to relaxed alignment by default.
Adding Customer.io DNS Records to Your Hosting Provider
Once you gain access to your DNS records, you need to publish them in your DNS management console. Note that this is a crucial step to set up domain authentication and complete the configuration process for Customer.io.
The steps for publishing your DNS records depend on your hosting provider. Here, I’ve taken the example of GoDaddy.
- Log in to your GoDaddy account.
- Select your domain name and go to the Domain Portfolio page.
- Select the “DNS” tab and click on “DNS Records”.
Add the DNS records provided by Customer.io in their domain authentication setup. Note that each record needs to be added separately for the same domain.
If you have existing DMARC and SPF records for your domain, do not delete them. Instead, merge SPF records, and let your DMARC record stay the same.
| DNS record | Type | Host | TTL | Value |
|---|---|---|---|---|
| MX | MX | Copy-paste the Hostname from the Customer.io portal. | Auto | Copy-paste the MX record value from the Customer.io portal and save changes. |
| SPF | TXT | Copy-paste the Hostname from the Customer.io portal. | Auto | - If there is no existing record: Copy-paste the SPF record value from the Customer.io portal and save changes. - If there is an existing SPF record: merge your SPF records to include Customer.io’s sending domain. |
| DKIM | TXT | Copy-paste the Hostname from the Customer.io portal. | Auto | Copy-paste the DKIM record value from the Customer.io portal and save changes. |
| DMARC | TXT | Copy-paste the DKIM record value from the Customer.io portal. | Auto | - If there is no existing record: Copy-paste the DMARC record value from the Customer.io portal and save changes. - If there is an existing DMARC record: Don’t make any changes. |
Domain Verification
Ensure you’ve added the required DNS records and allowed time for them to propagate. Then, return to your domain’s Authentication tab and click “Verify domain”.
If all three records display green checkmarks, your domain is successfully verified. It means the domain is ready to send emails.
Enabling Reporting and Monitoring for Customer.io Emails
Domain authentication isn’t just about compliance, it’s about visibility and control. Once your SPF, DKIM, and DMARC records are set up, it’s crucial to monitor them to ensure everything is working as expected. PowerDMARC helps do just that!
Step 1: Sign up for a free trial with PowerDMARC to get started.
Step 2: Add Your Domain
Step 3: Add PowerDMARC’s rua and ruf addresses to your existing DMARC record to enable reporting.
Step 4: Gain visibility in 72 hours
Step 5: Use our PowerAnalyzer tool to monitor your records
With PowerDMARC, you enjoy safer email communications, enhanced email deliverability, and benefit from a positive brand reputation. Contact us today to speak to an expert!
- How to Set Up SPF, DKIM, and DMARC for Customer.io - April 22, 2025
- What is QR Phishing? How to Detect and Prevent QR Code Scams - April 15, 2025
- How to Check SPF Records Using nslookup, dig or PowerShell? - April 3, 2025