Email Authentication

Email Authentication

Zoho CRM provides email authentication standards that allows the organizations to increase the trustworthiness of an email's origin when they choose to send emails from Zoho CRM using their domain. To authenticate your emails sent from Zoho CRM, you need to validate the following authentication standards:

  • Domain Verification
  • DKIM (Domain Keys Identified Mail)
Additionally, validating SPF (Sender Policy Framework) is also recommended.

Alert
Important: Authenticate your Zoho CRM account's email-sending domains to send emails from your own email addresses, and to improve deliverability. Email addresses connected to non-authenticated domains cannot be used and will be auto-replaced in all your outgoing emails with Zoho CRM's own authenticated domains. Know more.

Availability
Permission Required
Users with the Administrative profile can access email authentication.

Email Authentication

Authenticating the email source consists of the following steps:

Step 1. Add your company's domain or subdomain

Adding your company's domains or subdomains is the first step for email authentication. Domain verification helps to ensure that the domain from which the emails are sent is authentic and trustworthy. To facilitate this, you have to add your company's email address and the domains or subdomains in Zoho CRM.

Step 2. Verify the domain details

Once you add the domain, a verification code is generated and sent to the email address that should be entered to verify the domain details. The verification email is valid for 15 days, in case you do not receive an email or you have exhausted the validity period, you can use the Resend Mail link.

Step 3. Validate the records

Once the domain and subdomains details are verified, you need to add DKIM (Required) and SPF (Recommended) records in your DNS settings.

DKIM - DKIM is used to ensure that the message has not been altered in transmission. It uses public key encryption to authenticate the email messages. It is mandatory to add DKIM records in your domain's DNS settings to have better email deliverability. See Also DKIM Configuration

SPF - This authentication standard allows sending domains to define which IP addresses are allowed to deliver email messages on behalf of the domain. In addition to DKIM, we recommend that you add SPF records to your domain to provide further security against spoofing attacks and helps prevent emails from your domain being marked as spam. See Also SPF Configuration

Note
  1. Mass emails and emails sent from the organization email address are always sent from Zoho's server. 

Add Your Company's Domain

To add your company's domain

  1. Go to Setup > Channels > Email > Email Deliverability > Email Authentication.
  2. In the Email Authentication tab, click + Add Domain.

  3. In the Add Domain page, enter the Email Address.
  4. Click  Add Domain.

Verify the Domain Details

To verify the domain and subdomain details

  1. Go to the Domain and click Enter Code.
  2. In the Verify Domain popup, enter the Verification code sent to your email.

  3. Click  Verify.

Validate the Records

To validate the records

  1. Go to the Domain and click Validate Records.

  2. In the Authenticate Domain popup, copy the SPF or DKIM record code.
  3. Access your domain management portal, where you've acquired your domain, and log in.
  4. Paste the SPF and DKIM codes in the DNS settings. 
    To learn more about configuring settings in your domain managers, click here.
  5. Click Validate Record in Zoho CRM, once the codes are added to your DNS settings.
Then you will have successfully authenticated your domain.
Notes
Note:
Zoho CRM's SPF and DKIM records are uniform and compatible with those of other Zoho products; i.e., authenticating your domain once for any Zoho product secures email sending within Zoho CRM. If a domain is authenticated via another Zoho service, this will be indicated next to the domain's authentication status.

  1. Authenticated domains are identified automatically every 48 hours.
  2. Domains authenticated outside Zoho CRM within this period will update their status within 48 hours.
  3. This feature requires at least one domain to be authenticated in Zoho CRM via SPF or DKIM to initiate the automatic process.

DMARC

  1. Mass emails and emails sent from the organizational email address are always sent from Zoho's server.
  2. Another authentication standard that the sending domains use to block fraudulent emails is DMARC (Domain-Based Message Authentication, Reporting, and Conformance). It's built as a combination of the DKIM and SPF standards with additional features like reporting, policy definition, and the notion of identity alignment. DMARC requires either DKIM or SPF alignment. So if you complete DKIM authentication as required by Zoho CRM, your domain will meet the DMARC standard.
  3. The CRM will check the DMARC policy for each domain used within the system. If a DMARC policy is set, it will be indicated by showing a "DMARC set" tag alongside the domain name. If not, it will show "No DMARC." Learn more about DMARC.
  4. Hovering over the "DMARC set" label will display the policy value, which can be "p=reject," "quarantine," or "none." The minimum requirement from Google or Yahoo is that domains have at least "none" as the value. DMARC is another type of protocol similar to SPF DKIM.

If DMARC is not set, you'll be prompted to set up DMARC for that particular domain when sending mass emails.

Additionally, under Recommended actions in the Email Credibility Report, you'll find details on the number of email sending domains that are pending DMARC.

Idea

Troubleshooting Tips

Check out our troubleshooting tips on Email Authentication


SEE ALSO

    • Related Articles

    • BIMI for email authentication

      Welcome to our comprehensive guide on Brand Indicators for Message Identification (BIMI), designed for end users. Our goal is to educate you on the importance of BIMI in enhancing your email communication. This guide will walk you through the ...

    • Email Limits

      In Zoho CRM, you can either send bulk emails or individual emails. Following are the limits for sending emails based on your account's Edition. Please note that email limits will be set based on the organization's time zone. Mass emails and emails ...

    • Troubleshooting Email Relay

      1. Why am I getting an authentication failure error? Make sure that the password you entered is correct. To verify the password, log in to your webmail with the same password by typing in the password instead of using auto-fill. Check whether TFA is ...

    • FAQs on email bounces

      Sometimes, when you send emails through Zoho CRM, you may observe that the emails have bounced and, consequently, were not successfully delivered to the intended recipients. Below are some commonly asked questions regarding email bounces and how to ...

    • Email bounce management

      A bounce warning indicates that one or more of your emails have been rejected by the recipient's email server. This can be caused by a variety of factors, including an invalid email address, a full mailbox, or a blocked domain. It's important to ...