It has been a long time since my last blog post so I figured I’d tackle one of the biggest problems I’ve seen customers face in the past few weeks. I’ve seen a ton of confusion in the various Facebook groups about how to get the DKIM settings configured and validated with Infusionsoft.  I’ve helped a couple of people get it figured out and decided I should write a blog post on how to do it.

Side note – I’m working with our team to get the documentation on the Help Center updated to make it easier to manage.

Ok – so let’s start with the basics.

What is DKIM?

Basically it’s a way for a recipient’s email server to verify that you are who you say you are.  It involves a public and private encrypted key that needs to match up in order to validate the sender’s identity.  Most major ISP’s (Gmail, Yahoo, MSN, etc.) use DKIM as a way to filter out the massive amount of spam they get on a daily basis.  So, it’s a good idea for you to get it setup so you don’t get lumped in with the spammers.

How does it work?

There are a couple of ways that you can setup a DKIM record – but I’m going to focus on how it works with Infusionsoft.  Infusionsoft has set it up so you don’t need to worry about creating the Private and Public RSA Keys that are used in the authentication process.  What IS does require though is that you add a CNAME record to your DNS.  (Cool – more acronyms.  Thanks Jordan)  This is good though – because adding a CNAME record is waaaaay easier than doing the whole RSA key thing.

If you’re not familiar with a DNS record, think of it like a traffic cop.  It’s job is to tell all of the internet traffic (web, email, etc.) what servers are handling that type of traffic for your domain name.  It’s the thing that tells your customer’s browsers where to send the request when they pull up your website.  It also tells everyone that sends you an email which email server to direct it to.

A DNS record has many types of values.  The one we’re going to talk about is called a CNAME record.  A CNAME record is used primarily to forward traffic to another domain.

A CNAME record has 3 parts:

1) The Host Name: everything before your domain name (in the case above it’s www)

2) The Points To: the domain name of where you want your traffic for that host forwarded to.

3) The TTL: how often the other DNS servers should refresh their stored version of that record

The image above is an example from GoDaddy. In this example if the Points To field had the value of in it, all the traffic for would be forwarded to  If the Host had the value of “shop” and the points to said – then all of the traffic for would be forwarded to  Make sense?

What we are going to do to get this working is setup a CNAME record to point at

Setting up your DKIM

So now that we know what’s going on here – let’s get this setup. The first thing you need to do is go into Infusionsoft and get it set up.  Here are the instructions – once you see the screen below (Step 2 should have a value in it) – come back. Don’t worry I’ll wait for you…

Start Here When You’ve Got Your CNAME Record Text

Great you’re back – that wasn’t too difficult was it?  You should now have your CNAME record ready.  It should look something like this:
The next thing we need to do is log in to whatever service you’re using for your DNS settings.  If you’re not sure who that is, go to MXtoolbox  and type in your domain.  That will tell you who is hosting your DNS.  Pro tip: & = GoDaddy
Here are the links to the help articles for the major DNS services:
  1. GoDaddy
  2. BlueHost
  3. Host Gator
  4. 1&1
  5. DreamHost
  6. Liquid Web
  7. In-Motion

Now, follow those instructions until you get to the part where you’re actually putting in the values.

Remember our lesson before about the 3 parts to the CNAME record? This is where it becomes important.  The first part of the record is the Host.  This is the value that Infusionsoft gave you in Step 2 – except – they gave you the full value.  Most of the services I’ve seen don’t want you to include your domain in the host field.  So that means your Host name shouldn’t be:

It should actually be:


(same thing – just without your domain name at the end of it)

Go ahead and take your domain name off the end of what Infusionsoft gave you and paste it into the host field.

The second part of the record is the target/points to/whatever your service calls it.  Go ahead and type in:

The last part is the TTL (or Time to leave) this tells all the other DNS servers out there how often they should refresh their data.  You can leave this value at whatever your service recommends,  TBH it doesnt really matter what you put there all that much.  but I’d recommend you set your TTL to 1 day or 86400. (HT to David Carriger for the feedback)

Once you’re done with that save your work and make sure that it all goes thru.  (I think GoDaddy makes you save stuff twice to make it go live).

5000 Extra Bonus Points: While you’re in updating your DNS records, you should probably add an SPF record as well. This will also help with your email deliverability. Here’s the IS article on how to do that. 

Now, you’ll want to wait a few minutes for everything to go thru, then go back into Infusionsoft and click on the validate button.

That’s it.  You’ve got it all setup.  You are now a DNS master.  Well, not really, but you can pretend to be…

Got questions? Ask them below.