← All API sections

Domain Verification

Step-by-step DNS setup for SPF, DKIM, and DMARC

Overview

Before you can send email through EuroMail, you need to verify ownership of your sending domain by adding three DNS records: SPF, DKIM, and DMARC. These records authenticate your emails and tell receiving mail servers that EuroMail is authorized to send on your behalf.

Step 1: Add Your Domain

Add your domain through the dashboard or API. EuroMail will generate the required DNS records for you:

curl -X POST https://api.euromail.dev/v1/domains \
  -H "X-EuroMail-Api-Key: em_live_..." \
  -H "Content-Type: application/json" \
  -d '{"domain": "yourdomain.com"}'

The response includes all three DNS records you need to configure.

Step 2: Configure SPF

SPF (Sender Policy Framework) tells receiving mail servers which IP addresses are authorized to send email for your domain. Add or update your SPF TXT record:

yourdomain.com.  TXT  "v=spf1 include:spf.euromail.dev -all"

If you already have an SPF record for other services, add include:spf.euromail.dev before the -all mechanism:

yourdomain.com.  TXT  "v=spf1 include:_spf.google.com include:spf.euromail.dev -all"

Important: You can only have one SPF record per domain. Multiple SPF records will cause validation failures.

Step 3: Configure DKIM

DKIM (DomainKeys Identified Mail) allows receiving servers to verify that emails were not modified in transit. Add the DKIM public key as a TXT record on the subdomain provided by EuroMail:

euromail._domainkey.yourdomain.com.  TXT  "v=DKIM1; k=rsa; p=MIIBIj..."

The full public key value is provided in the dashboard and API response when you add your domain. Copy the entire value exactly as shown — it is a base64-encoded 2048-bit RSA public key.

Step 4: Configure DMARC

DMARC (Domain-based Message Authentication, Reporting, and Conformance) tells receiving servers what to do with emails that fail SPF or DKIM checks. Add a DMARC TXT record:

_dmarc.yourdomain.com.  TXT  "v=DMARC1; p=reject; rua=mailto:[email protected]"

The p=reject policy instructs receiving servers to reject unauthenticated emails. If you are setting up DMARC for the first time, consider starting with p=none to monitor reports before enforcing:

_dmarc.yourdomain.com.  TXT  "v=DMARC1; p=none; rua=mailto:[email protected]"

Step 5: Vanity Tracking Domain (Optional)

By default, tracking links and unsubscribe pages in your emails use api.euromail.dev. You can brand these with your own subdomain for a professional, white-label experience.

Add a CNAME record pointing your chosen subdomain to EuroMail's tracking server:

em.yourdomain.com.  CNAME  tracking.euromail.dev.

Then configure it via the dashboard or API:

curl -X PUT https://api.euromail.dev/v1/domains/{domain_id}/tracking-domain \
  -H "X-EuroMail-Api-Key: em_live_..." \
  -H "Content-Type: application/json" \
  -d '{"tracking_domain": "em.yourdomain.com"}'

After adding the DNS record, verify the CNAME:

curl -X POST https://api.euromail.dev/v1/domains/{domain_id}/verify-tracking \
  -H "X-EuroMail-Api-Key: em_live_..."

Once verified, all tracking pixels, click tracking links, and unsubscribe pages will use https://em.yourdomain.com. TLS certificates are provisioned automatically.

Automated Verification

After you configure your DNS records, EuroMail automatically checks for them every 5 minutes. You can also trigger an immediate verification check from the dashboard or API:

curl -X POST https://api.euromail.dev/v1/domains/{domain_id}/verify \
  -H "X-EuroMail-Api-Key: em_live_..."

Dashboard Verification Status

The dashboard shows the verification status of each DNS record individually. Each record displays one of three states:

  • Verified — Record found and correctly configured
  • Pending — Record not yet detected (DNS propagation may still be in progress)
  • Error — Record found but misconfigured (details shown inline)

Troubleshooting

DNS Propagation Delays

DNS changes can take up to 48 hours to propagate, though most providers update within 15 minutes. If your records are not detected after an hour, verify them with a DNS lookup tool.

Conflicting SPF Records

Having multiple TXT records that start with v=spf1 on the same domain will cause SPF validation to fail. Merge all SPF includes into a single record.

DKIM Key Too Long

Some DNS providers split long TXT records into multiple strings. Ensure your provider supports TXT records of at least 512 characters, or use the split-string format if required.