You can use DMARC (Domain-based Message Authentication, Reporting and Conformance) with HubSpot.
Set up DMARC with HubSpot
DMARC is an email authentication protocol, designed to help you protect your email domain against unauthorized use. For DMARC to pass, you need one of two domain authentication protocols, DKIM or SPF, to be set up correctly. If you don't have a dedicated IP, you should use the DKIM security protocol to ensure DMARC will pass. If needed, you can also set up SPF as another security safeguard.
You may see this error if HubSpot is having trouble authenticating your email sending domain.
DMARC authentication has failed for [email sending domain]. The error is: [error description]. Learn more.
This error means that the domain of the email address which you used as your “from address” has aDMARC policy configured outside of HubSpot, but that policy is not compatible with your HubSpot email sending domain configuration.
This error is not critical, but may result in a higher rate of email messages failing to deliver or being routed to the spam folder.
Refer to the chart below for the solution to the error description indicated:
A DKIM record was found for your “from address” domain, but it was not correctly configured. To fix this issue, finish configuring your email sending domain. The domain is correctly configured whenSetup completeis displayed.
Your domain's DMARC policy should have both the adkim and aspf tags set to "relaxed" or "r" alignment, which should be the default setting for DMARC for DNS services. You can use a third-party DNS tool like dmarcian to verify the values the adkim and aspf tags are set correctly.
Please note: when using some third-party DNS tools, you may notice a failure for the SPF protocol, which can occur when the from domain matches your domain but you're sending over a shared IP. You can safely ignore this failure if you've correctly set up DKIM and it aligns with your sending domain.