Email marketing platform for small businesses and nonprofits. This guide covers the complete email authentication stack for Constant Contact: SPF, DKIM, and DMARC. Each section gives you the exact DNS records, step-by-step instructions, common pitfalls, and how to verify your setup.
Authorize Constant Contact to send marketing email on behalf of your domain by adding the correct SPF include.
TXT
@
v=spf1 include:spf.constantcontact.com ~all
Add include:spf.constantcontact.com to your existing SPF record.
Go to app.constantcontact.com and sign in.
Go to Account Settings > Self-Authentication. This is where you manage domain authentication.
Look up your current SPF record.
dig TXT yourdomain.com +short | grep spfAdd include:spf.constantcontact.com to your existing SPF record.
v=spf1 include:spf.constantcontact.com ~allReturn to Self-Authentication settings and verify the domain.
v=spf1 include:_spf.google.com ~allv=spf1 include:_spf.google.com include:spf.constantcontact.com ~allAdd include:spf.constantcontact.com to your SPF record.
Self-authentication is Constant Contact's domain verification process. It involves adding DNS records to prove you own the domain and authorize Constant Contact to send on its behalf.
Constant Contact recommends setting up both SPF and DKIM (via CNAME records) for complete authentication.
Enable DKIM for Constant Contact by publishing CNAME records that allow Constant Contact to sign your marketing email.
CNAME
ctct1._domainkey
ctct1.domainkey.constantcontact.com
Constant Contact provides two CNAME records (ctct1 and ctct2) during self-authentication.
Go to app.constantcontact.com and sign in.
Navigate to Account Settings > Self-Authentication.
Constant Contact displays the CNAME records needed for DKIM.
Create the CNAME records in your DNS provider.
ctct1._domainkey.yourdomain.com CNAME ctct1.domainkey.constantcontact.com
ctct2._domainkey.yourdomain.com CNAME ctct2.domainkey.constantcontact.comClick "Verify" in the self-authentication settings. Once DNS propagates, DKIM will activate.
Constant Contact uses ctct1 and ctct2 as DKIM selectors, published as CNAME records.
Yes. Since DKIM records are CNAMEs pointing to Constant Contact-managed DNS, they can rotate keys without requiring your DNS changes.
Strongly recommended. DKIM improves deliverability and is needed for DMARC alignment.
Publish a DMARC record to protect your domain when sending marketing email through Constant Contact.
TXT
_dmarc
v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1
Complete Constant Contact self-authentication before enforcing DMARC.
Finish the Constant Contact self-authentication process (SPF + DKIM).
Send a test campaign and verify SPF and DKIM pass in the email headers.
Add a TXT record at _dmarc.yourdomain.com.
v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1Review DMARC reports for 2-4 weeks.
Move from p=none to p=quarantine to p=reject.
Yes. With self-authentication complete, Constant Contact emails pass DKIM alignment for DMARC.
Only if self-authentication is not set up. With SPF and DKIM configured, emails pass DMARC.
DMARC is strongly recommended. Google and Yahoo require DMARC for bulk senders.
Once your SPF, DKIM, and DMARC records are in place, run a full domain scan to confirm everything is configured correctly. DNS changes typically propagate within minutes but can take up to 48 hours.