Domain Verification
Setting up a custom domain ensures your emails reach inboxes and aren’t flagged as spam. Sequenzy requires just 3 DNS records to verify your domain.You can start sending emails immediately using the built-in
sequenzymail.com domain without any DNS setup. However, this shared domain has shared reputation across all users, so emails may land in spam. For best deliverability, set up a custom domain.Why Domain Verification Matters
When you send an email, receiving mail servers (Gmail, Outlook, etc.) check if the email is legitimate. Without a verified custom domain, your emails may:- Land in spam folders
- Be rejected entirely
- Damage your sending reputation
- You own the domain - Only someone with DNS access can add the required records
- You authorize Sequenzy to send on your behalf - The records explicitly list Amazon SES as an authorized sender
How Email Authentication Works
Email authentication uses multiple protocols working together. When a receiving server gets your email:- SPF Check - “Is this server allowed to send for this domain?” → Looks up TXT record on bounce subdomain
- DKIM Check - “Was this email modified in transit?” → Verifies cryptographic signature using public key from TXT record
DMARC is an additional layer that tells receiving servers what to do when authentication fails. While recommended for domain protection, it’s not required for domain verification in Sequenzy.
Required DNS Records
Sequenzy requires 3 DNS records to verify your domain:DKIM Record (1 TXT record)
DKIM adds a digital signature to every email. Sequenzy generates a unique key pair for your domain — outgoing emails are signed with the private key, and receiving servers verify using the public key published in this record.| Type | Name | Value |
|---|---|---|
| TXT | sequenzy._domainkey.yourdomain.com | v=DKIM1; k=rsa; p={base64key} |
SPF Record (1 TXT record)
SPF authorizes which servers can send email for your domain. We use a bounce subdomain as the envelope sender for better deliverability tracking.| Type | Name | Value |
|---|---|---|
| TXT | bounce.yourdomain.com | v=spf1 include:amazonses.com ~all |
MX Record (1 MX record)
Routes bounce notifications to AWS SES so failed deliveries are tracked and subscribers are marked as bounced.| Type | Name | Value | Priority |
|---|---|---|---|
| MX | bounce.yourdomain.com | feedback-smtp.us-east-1.amazonses.com | 10 |
Optional: DMARC
DMARC is not required for domain verification, but we recommend setting it up for better deliverability and domain protection. DMARC tells receiving servers what to do when authentication fails and where to send reports.Implementing DMARC
Learn how to set up DMARC for your domain with step-by-step instructions
Verification Methods
Option 1: Automatic Setup with Cloudflare
If your domain uses Cloudflare DNS, you can set up all records automatically with one click. Step 1: Create a Cloudflare API Token- Go to Cloudflare Dashboard → My Profile → API Tokens
- Click Create Token
- Use the Edit zone DNS template or create a custom token with:
- Zone - Zone - Read (to find your zone)
- Zone - DNS - Edit (to create records)
- Set zone resources to All zones or select your specific domain
- Click Create Token and copy it immediately
- Go to Settings → Domains and click your domain
- Click Connect Cloudflare
- Paste your API token
- Click Verify & Create Records
For subdomains like
mail.example.com, Sequenzy automatically finds the root
zone example.com to create the records.Option 2: Manual DNS Setup
- Go to Settings → Domains and click your domain
- Copy each DNS record from the verification table
- Add them in your DNS provider’s control panel
- Return to Sequenzy—verification happens automatically
| Provider | Where to Find DNS Settings |
|---|---|
| GoDaddy | My Products → Domains → DNS |
| Namecheap | Domain List → Manage → Advanced DNS |
| Route 53 | Hosted zones → Select domain → Create record |
Verification Process
Once you’ve added the DNS records, Sequenzy automatically monitors their status:- DNS Lookup - Checks if records exist and point to correct values
- AWS SES Verification - Once DNS is correct, AWS SES verifies the DKIM signatures
- Status Update - Domain status updates from “Pending” to “Verified”
Verification Statuses
| Status | Description |
|---|---|
| Pending | Records not yet detected or still propagating |
| Verified | All records verified, ready to send emails |
| Failed | Verification failed after 72 hours—check your records |
Troubleshooting
Records Not Detected
- Wait for propagation - DNS changes can take up to 48 hours
- Check for typos - Ensure record names and values match exactly
- Check proxy settings - For Cloudflare, DKIM records must have proxy disabled (DNS only)
Verification Timeout
If verification fails after 72 hours:- Delete the domain in Sequenzy
- Re-add it to get a fresh DKIM key
- Update your DNS records with the new values
Cloudflare Token Errors
| Error | Solution |
|---|---|
| ”Invalid API token” | Check the token wasn’t revoked or expired |
| ”Could not access zone” | Ensure token has Zone - Zone - Read permission |
| ”Failed to create record” | Ensure token has Zone - DNS - Edit permission |
Using Subdomains
We strongly recommend sending from a subdomain (e.g.,mail.example.com) rather than your root domain. This protects your domain reputation and isolates any deliverability issues.
Why Use Subdomains?
Learn about reputation isolation, risk prevention, and best practices for
subdomain email sending
Best Practices
- Use a subdomain - Protect your root domain’s reputation with
mail.yourdomain.com - Consider setting up DMARC - While optional, DMARC protects against spoofing and helps monitor email authentication
- Keep tokens secure - Never share your Cloudflare API token publicly
Related
Using Subdomains
Protect your domain reputation
Implementing DMARC
Set up DMARC for your domain
Quick Start
Get started sending emails
Transactional Emails
Send triggered emails via API