Skip to main content

Domain Verification

Setting up a custom domain ensures your emails reach inboxes and aren’t flagged as spam. Sequenzy requires just 3 DNS records to verify your domain.
You can start sending emails immediately using the built-in sequenzymail.com domain without any DNS setup. However, this shared domain has shared reputation across all users, so emails may land in spam. For best deliverability, set up a custom domain.

Why Domain Verification Matters

When you send an email, receiving mail servers (Gmail, Outlook, etc.) check if the email is legitimate. Without a verified custom domain, your emails may:
  • Land in spam folders
  • Be rejected entirely
  • Damage your sending reputation
Domain verification proves:
  1. You own the domain - Only someone with DNS access can add the required records
  2. You authorize Sequenzy to send on your behalf - The records explicitly list Amazon SES as an authorized sender

How Email Authentication Works

Email authentication uses multiple protocols working together. When a receiving server gets your email:
  1. SPF Check - “Is this server allowed to send for this domain?” → Looks up TXT record on bounce subdomain
  2. DKIM Check - “Was this email modified in transit?” → Verifies cryptographic signature using public key from TXT record
DMARC is an additional layer that tells receiving servers what to do when authentication fails. While recommended for domain protection, it’s not required for domain verification in Sequenzy.

Required DNS Records

Sequenzy requires 3 DNS records to verify your domain:

DKIM Record (1 TXT record)

DKIM adds a digital signature to every email. Sequenzy generates a unique key pair for your domain — outgoing emails are signed with the private key, and receiving servers verify using the public key published in this record.
TypeNameValue
TXTsequenzy._domainkey.yourdomain.comv=DKIM1; k=rsa; p={base64key}

SPF Record (1 TXT record)

SPF authorizes which servers can send email for your domain. We use a bounce subdomain as the envelope sender for better deliverability tracking.
TypeNameValue
TXTbounce.yourdomain.comv=spf1 include:amazonses.com ~all

MX Record (1 MX record)

Routes bounce notifications to AWS SES so failed deliveries are tracked and subscribers are marked as bounced.
TypeNameValuePriority
MXbounce.yourdomain.comfeedback-smtp.us-east-1.amazonses.com10

Optional: DMARC

DMARC is not required for domain verification, but we recommend setting it up for better deliverability and domain protection. DMARC tells receiving servers what to do when authentication fails and where to send reports.

Implementing DMARC

Learn how to set up DMARC for your domain with step-by-step instructions

Verification Methods

Option 1: Automatic Setup with Cloudflare

If your domain uses Cloudflare DNS, you can set up all records automatically with one click. Step 1: Create a Cloudflare API Token
  1. Go to Cloudflare Dashboard → My Profile → API Tokens
  2. Click Create Token
  3. Use the Edit zone DNS template or create a custom token with:
    • Zone - Zone - Read (to find your zone)
    • Zone - DNS - Edit (to create records)
  4. Set zone resources to All zones or select your specific domain
  5. Click Create Token and copy it immediately
Step 2: Connect in Sequenzy
  1. Go to Settings → Domains and click your domain
  2. Click Connect Cloudflare
  3. Paste your API token
  4. Click Verify & Create Records
Sequenzy will validate your token, find the zone for your domain (including subdomains), and create all required DNS records automatically.
For subdomains like mail.example.com, Sequenzy automatically finds the root zone example.com to create the records.

Option 2: Manual DNS Setup

  1. Go to Settings → Domains and click your domain
  2. Copy each DNS record from the verification table
  3. Add them in your DNS provider’s control panel
  4. Return to Sequenzy—verification happens automatically
Common DNS Providers:
ProviderWhere to Find DNS Settings
GoDaddyMy Products → Domains → DNS
NamecheapDomain List → Manage → Advanced DNS
Route 53Hosted zones → Select domain → Create record
DNS propagation can take up to 48 hours, though most records propagate within 15-30 minutes.

Verification Process

Once you’ve added the DNS records, Sequenzy automatically monitors their status:
  1. DNS Lookup - Checks if records exist and point to correct values
  2. AWS SES Verification - Once DNS is correct, AWS SES verifies the DKIM signatures
  3. Status Update - Domain status updates from “Pending” to “Verified”

Verification Statuses

StatusDescription
PendingRecords not yet detected or still propagating
VerifiedAll records verified, ready to send emails
FailedVerification failed after 72 hours—check your records

Troubleshooting

Records Not Detected

  • Wait for propagation - DNS changes can take up to 48 hours
  • Check for typos - Ensure record names and values match exactly
  • Check proxy settings - For Cloudflare, DKIM records must have proxy disabled (DNS only)

Verification Timeout

If verification fails after 72 hours:
  1. Delete the domain in Sequenzy
  2. Re-add it to get a fresh DKIM key
  3. Update your DNS records with the new values

Cloudflare Token Errors

ErrorSolution
”Invalid API token”Check the token wasn’t revoked or expired
”Could not access zone”Ensure token has Zone - Zone - Read permission
”Failed to create record”Ensure token has Zone - DNS - Edit permission

Using Subdomains

We strongly recommend sending from a subdomain (e.g., mail.example.com) rather than your root domain. This protects your domain reputation and isolates any deliverability issues.

Why Use Subdomains?

Learn about reputation isolation, risk prevention, and best practices for subdomain email sending

Best Practices

  1. Use a subdomain - Protect your root domain’s reputation with mail.yourdomain.com
  2. Consider setting up DMARC - While optional, DMARC protects against spoofing and helps monitor email authentication
  3. Keep tokens secure - Never share your Cloudflare API token publicly

Using Subdomains

Protect your domain reputation

Implementing DMARC

Set up DMARC for your domain

Quick Start

Get started sending emails

Transactional Emails

Send triggered emails via API