What is a domain?
A domain is the part of an email address that comes after the@ symbol. For example, in hello@acme.com, the domain is acme.com.
When you send emails through SendKit, you need to prove that you own the domain you’re sending from. This process is called domain verification. It prevents anyone from sending emails pretending to be you.
Why do you need to verify a domain?
Email providers like Gmail, Outlook, and Yahoo don’t trust emails by default. They check whether the sender is authorized to use the domain in the “From” address. Without verification, your emails are likely to end up in spam — or be rejected entirely. When you verify a domain in SendKit, you add DNS records that tell the world:- “SendKit is allowed to send emails for this domain” — this is what SPF does
- “These emails really came from us and haven’t been tampered with” — this is what DKIM does
- “Here’s what to do with emails that fail these checks” — this is what DMARC does
DNS records explained
DNS (Domain Name System) is like a phonebook for the internet. It translates domain names into instructions that computers can understand. When you verify a domain, you’re adding entries to this phonebook that vouch for SendKit as a legitimate sender. SendKit generates 4 DNS records for each domain:SPF (Sender Policy Framework)
SPF is a TXT record that lists which mail servers are authorized to send emails for your domain. When a recipient’s mail server receives an email from your domain, it checks the SPF record to see if the sending server is on the list. Without SPF, anyone could send emails claiming to be from your domain.| Field | Value |
|---|---|
| Type | TXT |
| Name | send.yourdomain.com |
| Value | Provided on your domain detail page |
| TTL | 3600 |
DKIM (DomainKeys Identified Mail)
DKIM adds a digital signature to every email you send. The recipient’s mail server uses a public key (published in your DNS) to verify that the email content hasn’t been changed in transit. Think of it like a wax seal on a letter — it proves the message is authentic and hasn’t been opened.| Field | Value |
|---|---|
| Type | TXT |
| Name | sendkit._domainkey.yourdomain.com |
| Value | v=DKIM1; k=rsa; p=<your-public-key> |
| TTL | 3600 |
The DKIM public key is unique to your domain and generated automatically by SendKit. Copy the full value from the domain detail page.
MX (Mail Exchange)
The MX record on thesend subdomain tells mail servers where to deliver bounce notifications and complaint feedback. This is how SendKit knows when an email bounces or when a recipient marks your email as spam.
| Field | Value |
|---|---|
| Type | MX |
| Name | send.yourdomain.com |
| Value | Provided on your domain detail page |
| Priority | 10 |
| TTL | 3600 |
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
DMARC ties SPF and DKIM together and tells receiving servers what to do when an email fails authentication. It’s optional for verification, but strongly recommended. Learn more in the DMARC guide.| Field | Value |
|---|---|
| Type | TXT |
| Name | _dmarc.yourdomain.com |
| Value | v=DMARC1; p=none; |
| TTL | 3600 |
Domain verification in SendKit
Add your domain
Go to Domains in the sidebar and click Add Domain. Enter your domain name (e.g.,
acme.com) and select a region.Add DNS records
SendKit generates 4 DNS records. Add them at your DNS provider (Cloudflare, Route 53, GoDaddy, etc.). See the DNS provider guides for step-by-step instructions.
Verification statuses
| Status | Meaning |
|---|---|
| Not started | Domain was just added, no verification attempted yet |
| Pending | DNS records detected but still propagating |
| Verified | All required records confirmed — you can send emails |
| Partially verified | Some records verified, but not all required ones |
| Failed | Required records not found or incorrect |
| Temporary failure | A transient issue occurred — will be retried automatically |
- First 2 hours — every 10 minutes
- 2–12 hours — every 30 minutes
- 12–72 hours — every 60 minutes
Subdomains
You can verify a subdomain instead of your root domain. For example,mail.acme.com or notifications.acme.com. This is useful if:
- You want to separate transactional emails from marketing emails
- You already have SPF/DKIM configured on your root domain for another service
- You want to isolate sender reputation between different types of email