Domain Verification
Setting up a custom domain ensures your emails reach inboxes and aren’t flagged as spam. New custom domains include 4 DNS records for sending authentication, bounce tracking, and branded reply routing.You can start sending emails immediately using the built-in
sequenzymail.com
domain without any DNS setup. However, this shared domain has shared
reputation across all users, so emails may land in spam. For best
deliverability, set up a custom domain.Why Domain Verification Matters
When you send an email, receiving mail servers (Gmail, Outlook, etc.) check if the email is legitimate. Without a verified custom domain, your emails may:- Land in spam folders
- Be rejected entirely
- Damage your sending reputation
- You own the domain - Only someone with DNS access can add the required records
- You authorize Sequenzy to send on your behalf - The records explicitly list Amazon SES as an authorized sender
How Email Authentication Works
Email authentication uses multiple protocols working together. When a receiving server gets your email:- SPF Check - “Is this server allowed to send for this domain?” → Looks up TXT record on bounce subdomain
- DKIM Check - “Was this email modified in transit?” → Verifies cryptographic signature using public key from TXT record
DMARC is an additional layer that tells receiving servers what to do when
authentication fails. While recommended for domain protection, it’s not
required for domain verification in Sequenzy.
Required DNS Records
Sequenzy shows the required DNS records for your domain during setup:DKIM Record (1 TXT record)
DKIM adds a digital signature to every email. Sequenzy generates a unique key pair for your domain — outgoing emails are signed with the private key, and receiving servers verify using the public key published in this record.| Type | Name | Value |
|---|---|---|
| TXT | sequenzy._domainkey.yourdomain.com | v=DKIM1; k=rsa; p={base64key} |
SPF Record (1 TXT record)
SPF authorizes which servers can send email for your domain. We use a bounce subdomain as the envelope sender for better deliverability tracking.| Type | Name | Value |
|---|---|---|
| TXT | send.yourdomain.com | v=spf1 include:amazonses.com ~all |
MX Record (1 MX record)
Routes bounce notifications to AWS SES so failed deliveries are tracked and subscribers are marked as bounced.| Type | Name | Value | Priority |
|---|---|---|---|
| MX | send.yourdomain.com | feedback-smtp.us-east-1.amazonses.com | 10 |
Inbound Reply MX Record (1 MX record)
Routes replies to Sequenzy when reply tracking uses your own domain. This enables branded reply addresses such asreply+{emailId}@inbound.yourdomain.com.
| Type | Name | Value | Priority |
|---|---|---|---|
| MX | inbound.yourdomain.com | inbound-smtp.us-east-1.amazonaws.com | 10 |
If you send from a subdomain like
news.example.com, the inbound reply MX
record uses the root domain: inbound.example.com.Optional: DMARC
DMARC is not required for domain verification, but we recommend setting it up for better deliverability and domain protection. DMARC tells receiving servers what to do when authentication fails and where to send reports.Implementing DMARC
Learn how to set up DMARC for your domain with step-by-step instructions
Verification Methods
Option 1: Automatic Setup with Cloudflare
If your domain uses Cloudflare DNS, you can set up all records automatically with one click. Step 1: Create a Cloudflare API Token- Go to Cloudflare Dashboard → My Profile → API Tokens
- Click Create Token
- Use the Edit zone DNS template or create a custom token with:
- Zone - Zone - Read (to find your zone)
- Zone - DNS - Edit (to create records)
- Set zone resources to All zones or select your specific domain
- Click Create Token and copy it immediately
- Go to Settings → Domains and click your domain
- Click Connect Cloudflare
- Paste your API token
- Click Verify & Create Records
For subdomains like
mail.example.com, Sequenzy automatically finds the root
zone example.com to create the records.Option 2: Manual DNS Setup
- Go to Settings → Domains and click your domain
- Copy each DNS record from the verification table
- Add them in your DNS provider’s control panel
- Return to Sequenzy and click I’ve added the records
| Provider | Where to Find DNS Settings |
|---|---|
| GoDaddy | My Products → Domains → DNS |
| Namecheap | Domain List → Manage → Advanced DNS |
| Route 53 | Hosted zones → Select domain → Create record |
Verification Process
Once you’ve confirmed the DNS records were added, Sequenzy monitors their status:- DNS Lookup - Checks if records exist and point to correct values
- AWS SES Verification - Once DNS is correct, AWS SES verifies the DKIM signatures
- Inbound Routing - Once the inbound MX record is verified, Sequenzy connects the receipt rule for branded reply tracking
- Status Update - Domain status updates from “Pending” to “Verified”
Verification Statuses
| Status | Description |
|---|---|
| Not started | Records are shown, but setup has not been confirmed yet |
| Pending | Records not yet detected or still propagating |
| Misconfigured | Records were found but one or more values are incorrect |
| Temporary failure | A previously verified domain failed a later recheck |
| Verified | All records verified, ready to send emails |
| Failed | AWS SES reported a terminal verification failure |
Troubleshooting
Records Not Detected
- Wait for propagation - DNS changes can take up to 48 hours
- Check for typos - Ensure record names and values match exactly
- Check proxy settings - For Cloudflare, DKIM records must have proxy disabled (DNS only)
Verification Is Stuck
If verification stays pending or misconfigured:- Delete the domain in Sequenzy
- Re-add it to get a fresh DKIM key
- Update your DNS records with the new values
Branded Replies Not Active
Ifreply+{emailId}@inbound.yourdomain.com is not active yet:
- Confirm the inbound MX record points to the region-specific
inbound-smtpendpoint shown in Sequenzy - Return to Settings -> Email Tracking and refresh the Reply-to Domain status
- Leave the Reply-to Domain setting on Sequenzy until inbound routing shows as active if you want to avoid fallback behavior
Cloudflare Token Errors
| Error | Solution |
|---|---|
| ”Invalid API token” | Check the token wasn’t revoked or expired |
| ”Could not access zone” | Ensure token has Zone - Zone - Read permission |
| ”Failed to create record” | Ensure token has Zone - DNS - Edit permission |
Using Subdomains
We strongly recommend sending from a subdomain (e.g.,mail.example.com) rather than your root domain. This protects your domain reputation and isolates any deliverability issues.
Why Use Subdomains?
Learn about reputation isolation, risk prevention, and best practices for
subdomain email sending
Best Practices
- Use a subdomain - Protect your root domain’s reputation with
mail.yourdomain.com - Consider setting up DMARC - While optional, DMARC protects against spoofing and helps monitor email authentication
- Keep tokens secure - Never share your Cloudflare API token publicly
- Verify inbound replies before switching - Keep the Reply-to Domain setting on Sequenzy until the inbound MX record and routing status are active
Related
Using Subdomains
Protect your domain reputation
Implementing DMARC
Set up DMARC for your domain
Quick Start
Get started sending emails
Transactional Emails
Send triggered emails via API