Domain Verification

Email authentication is crucial for ensuring your notifications reach your users’ inboxes and don’t end up in spam folders. This guide explains the essential DNS records you need to configure for optimal email deliverability and security.

Overview

When you send emails through NotificationAPI, email providers like Gmail, Outlook, and Yahoo need to verify that you’re authorized to send emails from your domain. This verification process involves setting up several DNS records that prove your identity and establish trust with email providers.

The four key records we’ll cover are:

  • DKIM - Proves your emails are really from you and haven’t been changed
  • SPF - Tells email providers which servers can send emails for your domain
  • DMARC - Sets rules for what to do with suspicious emails claiming to be from you
  • MX - Tells email systems where to send bounce messages and delivery issues

DKIM (DomainKeys Identified Mail)

What is DKIM?

DKIM is like a digital signature for your emails. It adds an encrypted signature to each email that verifies:

  • The email actually came from your domain
  • The email content hasn’t been altered during transit
  • The email is authentic and trustworthy

How DKIM Works

When you send an email, DKIM creates a unique cryptographic signature based on your email’s content and your private key. Email providers then use your public key (published in DNS) to verify this signature. If the signature matches, the email passes authentication.

DKIM Record Format

Your DKIM record will look something like this:

  • Type: TXT
  • Name: notificationapi._domainkey
  • Value: p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQ...

Breaking down the components:

  • notificationapi - Your DKIM selector (a unique identifier)
  • _domainkey - Standard DKIM subdomain
  • p=... - Your public key (a long string of characters)

SPF (Sender Policy Framework)

What is SPF?

SPF is like a guest list for your domain. It specifies which mail servers are authorized to send emails on behalf of your domain. This prevents spammers from sending fake emails that appear to come from your domain.

How SPF Works

When an email arrives, the receiving server checks your SPF record to see if the sending server is authorized. If it’s not on the list, the email may be marked as spam or rejected entirely.

SPF Record Format

Your SPF record will look like this:

  • Type: TXT
  • Name: notificationapi
  • Value: v=spf1 include:amazonses.com ~all

Breaking down the components:

  • v=spf1 - SPF version 1
  • include:amazonses.com - Allow Amazon SES to send emails
  • ~all - Soft fail for all other sources

Handling Multiple SPF Records

You can only have one SPF record per domain. If you already have SPF records for other services, you must merge them into a single record.

v=spf1 include:amazonses.com include:_spf.google.com include:mailgun.org ~all

DMARC (Domain-based Message Authentication)

What is DMARC?

DMARC builds on DKIM and SPF to provide an additional layer of protection. It tells receiving email servers how to handle emails that fail authentication checks and provides reporting on email authentication results.

How DMARC Works

DMARC checks both DKIM and SPF authentication. If either fails, DMARC policies determine what happens to the email. It also sends reports about authentication failures to help you monitor for potential abuse.

DMARC Record Format

Your DMARC record will look like this:

  • Type: TXT
  • Name: _dmarc
  • Value: v=DMARC1; p=none;

Breaking down the components:

  • v=DMARC1 - DMARC version
  • p=none - Take no action (monitoring mode)

MX (Mail Exchange) Records

What are MX Records?

MX records tell email servers where to deliver emails sent to your domain. For notification services, these primarily handle bounce messages (when emails can’t be delivered) and complaint notifications (when users mark emails as spam).

MX Record Format

Your MX record will look like this:

  • Type: MX
  • Name: notificationapi
  • Value: 10 feedback-smtp.us-east-1.amazonses.com

Breaking down the components:

  • 10 - Priority (lower numbers have higher priority)
  • feedback-smtp.us-east-1.amazonses.com - Amazon SES feedback endpoint for bounce handling

Implementation Guide

Step 1: Access Your DNS Provider

Log into your domain registrar or DNS provider (like Cloudflare, Route53, GoDaddy, etc.)

Step 2: Add Records to your domain settings

Add the records in your NotificationAPI dashboard to your domain settings.

  1. SPF Record - v=spf1 include:amazonses.com ~all
  2. DKIM Record - Add your DKIM signature
  3. DMARC Record - v=DMARC1; p=none;
  4. MX Record - 10 feedback-smtp.us-east-1.amazonses.com

Common Questions

Why is my domain verification status showing as PENDING?

DNS Propagation Delay

  • Issue: DNS changes can take 5-30 minutes to propagate globally
  • Solution: Wait 30-60 minutes and check again

Records Added Incorrectly

  • Issue: Incorrect record due to typo, formatting or incorrect value
  • Solution: Double check that the records match the records in your NotificationAPI dashboard

Wrong Record Type

  • Issue: Adding CNAME, or another record type, instead of TXT records
  • Solution: Ensure all records are added as TXT records (except MX)

Missing Records

  • Issue: Not all required records added
  • Solution: Verify all 4 record types (SPF, DKIM, DMARC, MX) are present

Why is my domain verification status showing as SPF PENDING?

This indicates that there is an issue with your MX and/or SPF record.

Incorrect MX Record

  • Issue: MX record value doesn’t match your NotificationAPI dashboard
  • Solution: Double check that your MX record exactly matches: 10 feedback-smtp.us-east-1.amazonses.com

Incorrect SPF Record

  • Issue: SPF record format or value doesn’t match your NotificationAPI dashboard
  • Solution: Verify your SPF record exactly matches: v=spf1 include:amazonses.com ~all

Multiple SPF Records

  • Issue: Having multiple SPF records causes conflicts
  • Solution: Merge into a single SPF record. See Handling Multiple SPF Records in the SPF Record Format section above.

What should I do if I already have an SPF record?

You can merge your SPF records into a single record by adding include:amazonses.com to your existing SPF record. See Handling Multiple SPF Records in the SPF Record Format section above.

Need assistance setting up your domain? Connect with our support team by clicking the chat icon in the bottom right corner of this page for personalized troubleshooting assistance.