Home » Email Deliverability » Verify Domain

How to Verify Your Sending Domain

Verifying your sending domain proves to your email service provider that you own the domain you want to send from. The process involves adding DNS records (usually TXT or CNAME) that your provider checks to confirm ownership. Domain verification is required before you can send authenticated email through services like SendGrid, Mailgun, Amazon SES, or any professional SMTP provider.

Why Domain Verification Is Required

Email providers require domain verification for two reasons. First, it prevents abuse: without verification, anyone could configure a service to send email from any domain, including yours. Second, it enables proper authentication: once verified, the provider can set up DKIM signing and SPF alignment for your domain, so your emails pass authentication checks at receiving servers.

Most email providers will not let you send from a custom domain until verification is complete. Until then, your emails go out from the provider's default domain (like something@sendgrid.net), which has no connection to your brand and no benefit from your domain's reputation.

How Domain Verification Works

Step 1: Log into your email provider and navigate to domain settings.
The exact location varies by provider. In SendGrid, it is under Settings > Sender Authentication > Domain Authentication. In Mailgun, it is Sending > Domains > Add New Domain. In Amazon SES, it is Identity Management > Domains. Look for terms like "domain authentication," "sender verification," or "domain setup."

Step 2: Enter your domain name.
Type in the domain you want to send from (e.g. yourdomain.com). Some providers ask if you want to use a subdomain for sending (like mail.yourdomain.com). Using a subdomain is a good practice because it separates your marketing email reputation from your main domain.

Step 3: Add the DNS records your provider gives you.
The provider will generate several DNS records for you to add to your domain. These typically include DKIM CNAME records (for message signing), an SPF include or TXT record (for sender authorization), and sometimes a verification TXT record (to prove ownership). Copy each record exactly as shown.

Step 4: Add the records to your DNS.
Go to your domain registrar or DNS host (GoDaddy, Cloudflare, Namecheap, Route 53, etc.) and add each record. Pay attention to the record type (TXT, CNAME, MX) and the exact name and value. Some providers show the full record name including your domain, while others show only the subdomain portion. Make sure you do not accidentally double your domain name (e.g. selector._domainkey.yourdomain.com.yourdomain.com).

Step 5: Click Verify in your email provider.
Go back to the provider's dashboard and click the verification button. The provider queries DNS for the records you added. DNS propagation can take anywhere from 5 minutes to 48 hours, though most records show up within 30 minutes. If verification fails, wait an hour and try again.

Common DNS Hosts and How to Add Records

The process is slightly different for each DNS host, but the steps are the same: find the DNS management page, add a new record, choose the correct type, and paste the name and value.

Cloudflare: DNS > Records > Add Record. Make sure the proxy status is set to "DNS only" (gray cloud) for email-related records. Cloudflare's proxy does not work with email.
GoDaddy: DNS Management > Add Record. GoDaddy automatically appends your domain name to the record name, so if the provider says to add "s1._domainkey.yourdomain.com," you only enter "s1._domainkey" in GoDaddy's name field.
Namecheap: Advanced DNS > Add New Record. Similar to GoDaddy, the domain is appended automatically.
AWS Route 53: Hosted Zones > your domain > Create Record. Route 53 requires you to enter the full record name with a trailing dot.

Verifying With Multiple Providers

If you use multiple email services (e.g. one for marketing and one for transactional email), you need to verify your domain with each one separately. Each provider generates its own set of DNS records. DKIM records use different selectors so they do not conflict. For SPF, you add all providers' include values to a single SPF record. See the complete authentication guide for details on combining multiple providers.

Troubleshooting Verification Failures

DNS not propagated yet. Wait 1-2 hours and try again. Use a tool like dnschecker.org to see if the records are visible globally.
Record name is wrong. Make sure you did not accidentally include the domain twice. The record name should resolve to something like s1._domainkey.yourdomain.com, not s1._domainkey.yourdomain.com.yourdomain.com.
Record type is wrong. If the provider asks for a CNAME and you created a TXT (or vice versa), verification will fail. Double-check the record type.
Cloudflare proxy is on. Email DNS records must have Cloudflare proxy disabled (gray cloud, not orange). The proxy only works for HTTP traffic.

Set up your sending domain and start sending authenticated email. Built-in domain management and deliverability tools make it easy.

Get Started Free

View the Email Broadcast App