IvyMailIvyMail
Docs/Core Concepts/Domain Setup & DNS

Domain Setup & DNS

How to add and verify a sending domain in IvyMail. Step-by-step DNS configuration for SPF, DKIM, and DMARC.

Before sending email through IvyMail, you need to verify ownership of your sending domain and configure DNS records for proper authentication.

Adding a domain

  1. Go to Dashboard → Domains → Add Domain.
  2. Enter your sending domain (e.g. notifications.yourapp.com).
  3. IvyMail generates the required DNS records.

Required DNS records

After adding a domain, IvyMail generates all the DNS records you need. Auto-connect is coming soon, but for now you'll add them manually at your DNS provider.

Domain verification (TXT)

Code
Type: TXT
Name: _ivymail.yourdomain.com
Value: ivymail-verify=xxxxxxxxxxxx

Proves you own the domain and ties it to your workspace.

SPF alignment (TXT)

Code
Type: TXT
Name: yourdomain.com
Value: v=spf1 include:amazonses.com ~all

If you already have an SPF record, add include:amazonses.com to your existing record rather than creating a new one. Multiple SPF records on a domain will cause validation failures.

DKIM signing (CNAME x3)

Code
Type: CNAME
Name: {token}._domainkey.yourdomain.com
Value: {token}.dkim.amazonses.com

IvyMail generates three DKIM CNAME records. All three must be added. DKIM cryptographically signs your emails so receiving servers can verify they haven't been tampered with.

DMARC policy (TXT)

Code
Type: TXT
Name: _dmarc.yourdomain.com
Value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

DMARC ties SPF and DKIM together and tells receiving servers what to do with unauthenticated email. Start with p=none while testing, then move to p=quarantine or p=reject once everything is working.

Custom return path / MAIL FROM (MX + TXT)

Code
Type: MX
Name: mail.yourdomain.com
Value: 10 feedback-smtp.{region}.amazonses.com
Code
Type: TXT
Name: mail.yourdomain.com
Value: v=spf1 include:amazonses.com ~all

The 10 in the MX value is the priority (lower numbers are checked first). These two records set up a custom return path for bounces, which improves deliverability and SPF alignment.

Verifying your domain

After adding DNS records:

  1. Go to Dashboard → Domains.
  2. Click Check Status next to your domain.
  3. IvyMail queries your DNS records and verifies each one.

DNS propagation is usually very quick but can take up to 24 hours depending on your DNS provider and TTL settings.

Subdomains

We recommend using a subdomain for transactional email (e.g. mail.yourapp.com or notifications.yourapp.com). This isolates your transactional email reputation from your marketing email and main domain.

Troubleshooting

IssueSolution
Verification stuck on pendingCheck that DNS records match exactly, including trailing dots if your DNS provider requires them
SPF validation failingEnsure you have only one SPF TXT record per domain
DKIM not passingVerify the CNAME record value matches what IvyMail provided
Already have SPF recordsMerge include:amazonses.com into your existing SPF record

For AI agents & LLMs

If you're an AI agent helping a user set up their domain, here's the flow:

1. Add the domain:

Bash
curl -X POST https://api.ivymail.io/v1/domains \
  -H "x-api-key: $IVYMAIL_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "domain": "mail.yourapp.com" }'

2. Tell the user to add all DNS records from the response at their DNS provider (ownership TXT, SPF TXT, 3 DKIM CNAMEs, DMARC TXT, MAIL FROM MX + TXT).

3. Verify the domain:

Bash
curl -X POST https://api.ivymail.io/v1/domains/{domain_id}/verify \
  -H "x-api-key: $IVYMAIL_API_KEY"

If verification returns "status": "pending", DNS hasn't propagated yet. Tell the user to wait a few minutes and try again.