| title | Domain Setup |
|---|---|
| sidebarTitle | Domains |
| description | Set up and verify your sending domains for optimal email deliverability with AhaSend |
| icon | globe |
Setting up your domain correctly is essential for email deliverability. This guide walks you through adding and verifying your domain with AhaSend to ensure your emails reach the inbox, not the spam folder.
**Domain verification is required** before you can send any emails through AhaSend. Unverified domains cannot send emails and will result in API errors.Email receivers use multiple authentication methods to verify that emails are legitimate. When you properly configure your domain with AhaSend, you're telling receiving servers that:
- You own the domain and have the rights to send emails from it
- You've authorized AhaSend to send emails on behalf of your domain
- Your emails are authentic and not spoofed or malicious
Without proper domain setup, your emails will either be rejected outright or land in spam folders, significantly impacting your delivery rates.
**Subdomain recommendation:** Use a subdomain like `email.yourcompany.com` instead of your main domain for transactional emails. This isolates your transactional email reputation from marketing campaigns.Before setting up your domain, make sure you have:
- Access to your DNS provider (usually your hosting provider or domain registrar)
- An AhaSend account with verified email address
- The domain or subdomain you want to use for sending emails
1. **Log in to your [AhaSend Dashboard](https://dash.ahasend.com)**
2. **Navigate to Domains** in the sidebar
3. **Click "Add Domain"**
4. **Enter your domain name** (e.g., `email.yourcompany.com`)
5. **Click "Create Domain"**
You'll be redirected to the domain details page where you can see all required DNS records.
<Info>
**API Alternative:** You can also add domains programmatically using our [Domains API](/api-reference/domains/create-domain).
</Info>
<Info>
**Required for sending:** SPF, DKIM, and DMARC must be valid before the domain can send mail.
**Optional or feature-specific:** Return-path, tracking, subscription management, media, and MX records improve deliverability or enable product features, but they are not all required for basic sending.
</Info>
<Tip>
**Custom subdomains:** AhaSend can use custom subdomains for return-path, tracking, subscription management, and media. Always copy the exact hostnames from your domain page instead of assuming the defaults.
</Tip>
<AccordionGroup>
<Accordion title="SPF Record (Required)" icon="shield-check">
**Sender Policy Framework (SPF)** authorizes AhaSend to send emails on your domain's behalf.
**Record Type:** `TXT`
**Purpose:** Prevents email spoofing by specifying authorized sending servers
```
Name: @ (or your subdomain)
Type: TXT
Value: v=spf1 include:spf.ahasend.com ~all
```
<Warning>
If you already have an SPF record, **do not create a duplicate**. Instead, add `include:spf.ahasend.com` to your existing SPF record before the final mechanism (`~all` or `-all`).
</Warning>
<Note>
AhaSend can validate SPF through the return-path setup in some cases, but you should still publish the SPF record shown in your dashboard. It is the most portable and least surprising setup.
</Note>
</Accordion>
<Accordion title="DKIM Records (Required)" icon="signature">
**DomainKeys Identified Mail (DKIM)** cryptographically signs your emails to verify authenticity.
**Record Type:** Usually `CNAME` for managed DNS, sometimes `TXT` for manual DNS
**Purpose:** Prevents email tampering, confirms sender identity, and enables safe DKIM rotation on managed domains
**Managed DNS (DNS v3):**
```
Name: managed._domainkey.(your domain or subdomain)
Type: CNAME
Value: [AhaSend alias shown in dashboard]
Name: managed2._domainkey.(your domain or subdomain)
Type: CNAME
Value: [AhaSend alias shown in dashboard]
```
<Note>
Managed DNS domains show two DKIM selectors: one active selector used for signing now, and one standby selector used for future rotation. Your domain can verify with the active selector alone, but publishing **both** DKIM CNAMEs up front is recommended so future DKIM rotation does not require another DNS change.
</Note>
**Manual DNS:**
```
Name: [selector]._domainkey.(your domain or subdomain)
Type: TXT
Value: [unique DKIM public key]
```
<Note>
If you are working with a legacy or explicitly manual domain, your dashboard will show a single DKIM TXT record instead of the managed CNAME-based setup.
</Note>
</Accordion>
<Accordion title="DMARC Record (Required)" icon="shield-halved">
**Domain-based Message Authentication, Reporting and Conformance (DMARC)** provides policy guidance for email authentication failures.
**Record Type:** `TXT`
**Purpose:** Protects your domain from email spoofing and phishing attacks
```
Name: _dmarc
Type: TXT
Value: v=DMARC1; p=quarantine; sp=none; adkim=r; aspf=r;
```
<Info>
This DMARC policy tells receiving servers to quarantine emails that fail authentication and send reports to AhaSend for monitoring.
</Info>
</Accordion>
<Accordion title="Return-Path Record (Highly Recommended)" icon="reply">
**Return-Path** specifies where bounce messages and delivery notifications should be sent.
**Record Type:** `CNAME`
**Purpose:** Improves deliverability by providing a communication channel for bounce handling and SPF alignment
```
Name: [return-path subdomain].(your domain or subdomain)
Type: CNAME
Value: [value shown in dashboard]
```
<Tip>
While not strictly required for every setup, the return-path record is strongly recommended. It improves bounce handling and is part of the managed DNS flow for many domains.
</Tip>
</Accordion>
<Accordion title="Email Tracking Record (Optional)" icon="chart-line">
**Tracking Domain** ensures tracking URLs in your emails come from your domain instead of AhaSend's.
**Record Type:** `CNAME`
**Purpose:** Improves deliverability and maintains brand consistency for tracked links
```
Name: [tracking subdomain].(your domain or subdomain)
Type: CNAME
Value: [value shown in dashboard]
```
<Note>
Email tracking is **disabled by default** and must be explicitly enabled in your account settings, even if you configure the tracking domain.
</Note>
</Accordion>
<Accordion title="Subscription Management Record (Optional)" icon="mailbox">
**Subscription management domain** hosts unsubscribe and subscription management links on your own domain.
**Record Type:** `CNAME`
**Purpose:** Keeps subscription management links branded on your domain
```
Name: [subscription subdomain].(your domain or subdomain)
Type: CNAME
Value: [value shown in dashboard]
```
<Note>
This record is optional, but recommended if you want subscription management URLs to use your own domain instead of an AhaSend hostname.
</Note>
</Accordion>
<Accordion title="Media Record (Optional)" icon="image">
**Media domain** serves hosted media assets from your own domain.
**Record Type:** `CNAME`
**Purpose:** Keeps hosted assets and media URLs branded on your domain
```
Name: [media subdomain].(your domain or subdomain)
Type: CNAME
Value: [value shown in dashboard]
```
<Note>
This record is optional and mainly useful if you use AhaSend-hosted assets or want a consistent branded media hostname.
</Note>
</Accordion>
<Accordion title="MX Record (Recommended)" icon="envelope">
**Mail Exchanger (MX)** specifies the mail server responsible for receiving emails for your domain.
**Record Type:** `MX`
**Purpose:** Required for receiving emails, recommended for better sending reputation
```
Name: @ (or your subdomain)
Type: MX
Priority: 10
Value: [value shown in dashboard]
```
<Info>
While not required for sending emails, some receiving servers penalize domains without MX records. Adding this record improves overall deliverability.
</Info>
</Accordion>
</AccordionGroup>
- **Typical time:** 5-30 minutes
- **Maximum time:** Up to 48 hours
- **Check status:** Use online DNS checkers to verify your records are live
<Tip>
**Pro tip:** Use tools like [DNS Checker](https://dnschecker.org/) or [What's My DNS](https://www.whatsmydns.net/) to verify your records have propagated globally.
</Tip>
1. **Return to your domain details page** in the dashboard
2. **Click "Check DNS"** to run verification
3. **Wait for confirmation** - this usually takes just a few seconds
4. **Look for the green checkmarks** next to each record type
<Check>
**Success!** When SPF, DKIM, and DMARC show as valid, your domain is ready to send emails.
</Check>
<Info>
On managed DNS domains, you may see a second DKIM selector that is marked as standby or not currently required. That is expected. Publishing it anyway is recommended so DKIM rotation can happen without a future DNS update.
</Info>
<Warning>
If verification fails, double-check that:
- All DNS records are added exactly as shown
- DNS changes have had time to propagate
- You don't have conflicting DNS records
- You didn't create a second SPF TXT record
- You published the DKIM record type shown by AhaSend (`CNAME` for managed DNS, `TXT` for manual DNS)
</Warning>
Need help adding DNS records? Here are guides for popular providers:
Manage DNS records in Cloudflare dashboard Add TXT and CNAME records in GoDaddy Configure email authentication records AWS Route 53 record management Add DNS records in Google Domains Contact support for help with your DNS providerFor programmatic domain management, use our comprehensive Domains API:
Add new domains programmatically Retrieve all your configured domains Check domain verification status Remove domains from your account API v2 also supports updating domain DNS settings such as tracking, return-path, subscription, media, and DKIM rotation interval, as well as requesting a DNS check for an existing domain. **Common causes and solutions:**- **Wait longer:** DNS propagation can take up to 48 hours
- **Check record values:** Ensure exact copy-paste from dashboard (no extra spaces)
- **Verify record type:** SPF and DMARC use TXT; DKIM can be `CNAME` or `TXT` depending on your domain mode
- **Remove duplicates:** Don't create multiple SPF records
- **Check with DNS tools:** Use online DNS checkers to verify records are live
1. **Don't create a duplicate** - domains can only have one SPF record
2. **Modify your existing record** by adding `include:spf.ahasend.com`
3. **Place it before the final mechanism** (`~all` or `-all`)
Example:
```
OLD: v=spf1 include:_spf.google.com ~all
NEW: v=spf1 include:_spf.google.com include:spf.ahasend.com ~all
```
- **Active selector:** Used for signing mail right now and required for verification
- **Standby selector:** Reserved for the next DKIM rotation
Publishing both DKIM CNAMEs from the start is recommended. It lets AhaSend rotate keys later without requiring another DNS change on your side.
- **Root domain:** `yourcompany.com` (affects all subdomains)
- **Subdomain:** `email.yourcompany.com` (isolated setup)
**For subdomains:** Add all DNS records to the specific subdomain, not the root domain.
Records like return-path, tracking, subscription management, and media are usually additional subdomains under the domain you add to AhaSend.
- **Check our status page** for any ongoing DNS issues
- **Contact support** at [[email protected]](mailto:[email protected])
- **Include your domain name** and specific error messages
- **Attach screenshots** of your DNS configuration if helpful
Our engineering team typically responds within a few hours!
Once your domain is verified, you're ready to start sending emails:
Follow our quickstart guide to send emails via API or SMTP Generate credentials for your applications Track email delivery and engagement events Monitor opens and clicks on your emails **Domain setup complete?** Your domain is now ready to send emails through AhaSend. Test it out with our [quickstart guide](/quickstart) to send your first email!