Quick access guide for the IT team to assist in whitelisting domains and IP addresses so that Hubspot emails get delivered internally
Estimated reading time - 7 minutes 15 seconds
When Hubspot emails bounce internally there are 4 things you should do to ensure emails get delivered:
- Ensure the email sending domain is setup (DNS provider)
- Setup an SPF record (DNS provider)
- Whitelist hubspot domains and email addresses (IT Team)
- Whitelist IP addresses (IT Team)
Ensure the email sending domain is setup (DNS provider)
In HubSpot, you can connect an email sending domain for DKIM (Domain Keys Identified Mail) email authentication, which is used to verify a sender's identity. When you send an email, your recipients’ email filters may review your DNS records to verify the from address. To prevent your email from getting caught in spam filters, you can give HubSpot permission to send emails on your behalf by connecting an email sending domain. This removes the via HubSpot text the appears in the sender information at the top of your marketing emails.
Please note: you can connect a subdomain, like info.domain.com, as your email sending domain. The subdomain you connect should match the domain in the From email address you're using to send marketing emails in HubSpot.
- Connect an email sending domain
- Troubleshoot the Record invalid error
- Verify your email sending domain
How to connect an email sending domain
- In your HubSpot account, click the settings icon settings in the main navigation bar.
- In the left sidebar menu, navigate to Domains & URLs.
- Click Connect a domain.
- In the dialog box, select Email Sending, then click Connect.
- Enter the email address you use to send marketing emails from this domain, then click Next.
- On the next screen, verify that the email sending domain is correct, then click Next.
- You're ready to set up your hosting with your DNS provider.
- If you're hosting with GoDaddy, click Authorize with GoDaddy to allow HubSpot to automatically make changes to your records and finish setting up your hosting.
- If you are not using GoDaddy, or would prefer to make these changes manually, click No, I'll set it up manually, then follow the instructions below:
- In a separate tab, log in to your DNS provider. Then select the I'm logged in checkbox in HubSpot.
- In the main navigation menu of your DNS provider, go to DNS > DNS settings. If you're not sure where to locate your DNS settings, reference the steps below for general instructions, or reach out directly to your DNS provider. If you are uncomfortable making these changes yourself, send this page to your IT team. When you're in your DNS settings, select the I'm there checkbox in HubSpot.
- In the Update your DNS records section in HubSpot, click Copy next to the value in the Host (Name) column and paste it into the corresponding field in your DNS provider account. Then click Copy next to the value in the Value column and paste it into the corresponding field.
Please note: if you're using Network Solutions or NameCheap for hosting, or adding your records to GoDaddy manually, these providers add your brand domain and top level domain to the end of these DNS record automatically. This means that if you enter hs1._domainkey.yourdomain.com, it will turn that value to hs1._domainkey.theirdomain.com.theirdomain.com, which will result in a DNS error. Instead, enter hs1._domainkey into the DNS record. - When you're done updating the values in your DNS provider, select the Done checkbox in HubSpot.
- If your DNS records are set up correctly, you'll see a Verified message letting you know your email sending domain is verified. Note that it can take up to 24 hours for DNS changes to take effect everywhere in the world. Once you see the Verified message, click Done.
- If your DNS records still need to be set up or are still processing, you'll see a Record invalid error displayed to the right of one or all of your records. Click check them again in a few minutes to see if the changes have propagated.
- If you still see the Record invalid error, you'll need to make changes in your DNS settings.
- If you see Connected (Missing records) next to your email sending domain, you'll need to take additional steps to finish connecting this domain.
Troubleshoot the Record invalid error
- If your DNS settings are invalid, keep the domain manager tool open in your browser.
- In a new tab or window, log into your DNS provider and navigate to your DNS Zone File (sometimes appears as Domain Files, Manage DNS).
Please note: each DNS provider has a unique layout and interface. These instructions give a general overview of the steps to take within your own DNS provider, but the navigation and steps may be slightly different. If you need to set up your email sending domain with 1&1 hosting service, contact their support and ask for the Transfer Department. They should be able to set up the TXT record on your behalf.
- Find the record type that you'll need to update or create. In the example below, all DNS record types are displayed together. Your DNS provider may show each record type (A, CNAME, TXT, etc.) in a separate section. If this is the case, find the section for your invalid record. Add a new record by clicking Add (Add Record, Create new record, etc). HubSpot does not host email accounts so changes to your MX records will not affect your HubSpot content.
In your DNS provider account, set the record Type to match what appears in the Type column in the domain manager.
- In the domain manager, click Copy next to the value in the Host (Name) column and paste it into the corresponding field in your DNS provider account.
Please note: with certain DNS providers, you only need to include hs1._domainkey and hs2._domainkeyin the hostname field. You do not need to append your domain name because the domain is already implied. If you manually added your domain, the value would be hs1.domainkey.mydomain.com.mydomain.com, which is not a valid hostname.
- Click Copy next to the value in the Value column and paste it into the corresponding field in your DNS provider account.
- Complete these steps for both CNAME records and the TXT record in your HubSpot domain manager, then Save your changes in your DNS provider account.
Once you've made all the necessary changes to your DNS records, you can close the domain manager. Check back in around 14 hours to confirm your email sending domain has been successfully connected. It can take up to 24 hours for changes made with your DNS provider to be reflected in HubSpot.
Verify your email sending domainAfter you've connected your email sending domain, you can look up the CNAME records associated with your domain to confirm they're set up correctly.
- Navigate to dig web interface.
- In the Hostnames or IP addresses field, replace yourdomainname with your email sending domain. The record Type will already be set to CNAME.
- Click Dig. The format of the CNAME records should be:
- yourdomain-com.hs01a.dkim.hubspotemail.net.
- yourdomain-com.hs01b.dkim.hubspotemail.net.
Add Hubspot to your SPF record (DNS provider)
A Sender Policy Framework (SPF) is used by recipients' email servers to verify the identity of the sender. As an Email Service Provider, HubSpot already has an SPF policy that covers marketing emails sent through our shared servers.
You don't need to add HubSpot to your SPF record unless you're using a DMARC policy to customize your domain authentication, or if you already have an existing SPF record. While you don't need to update your SPF record, it's always recommended to connect your email sending domain.
Please note: always check with your IT department before making changes to your DNS records.
- In your HubSpot account, click the settings icon settings in the main navigation bar.
- In the left sidebar menu, click Domains & URLs.
- Scroll down to the bottom of the page and click Advanced Options.
- Click Copy SPF record to copy the record to your clipboard. You can now add this value to your DNS.
For instructions on adding the new value to your DNS, refer to documentation from your provider (i.e., GoDaddy).
Whitelist hubspot domains and email addresses
Work with your IT team to make changes to your whitelist or "safe sender" list. If you're using a free email provider such as Gmail, you can find whitelisting instructions in their help documentation. The following is a complete list of email addresses HubSpot uses for internal email notifications:
noreply@hubspot.comsuccess@hubspot.comhubspotreports@hubspot.com notifications@hubspot.comnotifications@email.leadin.com
Whitelist IP addresses
Add your sending IP addresses and/or shared.hubspot.com and hubspotemail.net to your network-level whitelist to ensure that all of HubSpot's in-app communications get delivered by your company's server.
To get a full list of IP addresses in your Hubspot account. Login to Hubspot and go to Marketing>>Email>>Click “More tools”>>Click “Manage Whitelisting”
Copy all the IP addresses required in your portal and send these to IT.
- Marketing Hub tools: 192.254.127.96/27, 50.31.44.111, 52.24.221.210, 52.27.255.218, 54.174.52.39, 54.174.52.5, 54.174.59.200, 54.174.60.186, 167.89.32.12
- Sales Hub tools: 52.55.208.120, 52.200.89.15, 192.254.127.96 - 192.254.127.127
- Service Hub tools: 54.174.59.92/30, 54.174.59.96/30, 18.208.124.253, 18.208.124.254