Domain Setup
Configure DNS records for DKIM, SPF, and DMARC with Postkit
Before sending production emails, configure your domain's DNS records so receiving servers can verify your messages are legitimate. This guide walks you through adding a domain, configuring DNS, and verifying everything in the dashboard.
For a deeper understanding of email authentication, see DKIM, SPF & DMARC.
Add your domain
Register your domain
curl -X POST https://api.postkit.eu/v1/domains \
-H "Authorization: Bearer pk_live_abc123..." \
-H "Content-Type: application/json" \
-d '{ "name": "yourdomain.com" }'const response = await fetch('https://api.postkit.eu/v1/domains', {
method: 'POST',
headers: {
'Authorization': 'Bearer pk_live_abc123...',
'Content-Type': 'application/json',
},
body: JSON.stringify({ name: 'yourdomain.com' }),
});
const domain = await response.json();import requests
response = requests.post(
'https://api.postkit.eu/v1/domains',
headers={'Authorization': 'Bearer pk_live_abc123...'},
json={'name': 'yourdomain.com'},
)
domain = response.json()The response includes a dns_records array with all the records you need to add.
Review the DNS records
{
"dns_records": [
{
"type": "TXT",
"name": "postkit._domainkey.yourdomain.com",
"value": "v=DKIM1; k=rsa; p=MIIBIjAN...",
"purpose": "dkim",
"status": "pending"
},
{
"type": "TXT",
"name": "yourdomain.com",
"value": "v=spf1 include:spf.postkit.eu ~all",
"purpose": "spf",
"status": "pending"
},
{
"type": "TXT",
"name": "_dmarc.yourdomain.com",
"value": "v=DMARC1; p=none; rua=mailto:dmarc@postkit.eu",
"purpose": "dmarc",
"status": "pending"
},
{
"type": "CNAME",
"name": "tracking.yourdomain.com",
"value": "track.postkit.eu",
"purpose": "tracking",
"status": "pending"
}
]
}Configure DNS records
Add the following records to your domain's DNS settings. These instructions work with any DNS provider.
DKIM (DomainKeys Identified Mail)
DKIM cryptographically signs your emails so receivers can verify they haven't been tampered with.
| Field | Value |
|---|---|
| Type | TXT |
| Name / Host | postkit._domainkey |
| Value | The v=DKIM1; k=rsa; p=... value from the API response |
Some DNS providers automatically append your domain to the record name. If so, enter just postkit._domainkey without the domain suffix.
SPF (Sender Policy Framework)
SPF tells receiving servers which mail servers are authorized to send email for your domain.
| Field | Value |
|---|---|
| Type | TXT |
| Name / Host | @ (root domain) |
| Value | v=spf1 include:spf.postkit.eu ~all |
If you already have an SPF record, don't create a second one. Instead, add include:spf.postkit.eu to your existing record before the ~all or -all mechanism.
DMARC (Domain-based Message Authentication)
DMARC sets the policy for how receivers handle emails that fail DKIM or SPF checks.
| Field | Value |
|---|---|
| Type | TXT |
| Name / Host | _dmarc |
| Value | v=DMARC1; p=none; rua=mailto:dmarc@postkit.eu |
Starting with p=none lets you monitor authentication results without affecting delivery. Once you're confident everything is configured correctly, consider upgrading to p=quarantine or p=reject.
Tracking CNAME (optional)
The tracking CNAME enables open and click tracking under your own domain instead of track.postkit.eu.
| Field | Value |
|---|---|
| Type | CNAME |
| Name / Host | tracking |
| Value | track.postkit.eu |
Verify your domain
Wait for DNS propagation
After adding DNS records, wait for propagation. This typically takes a few minutes but can take up to 48 hours depending on your DNS provider.
Trigger verification
Trigger verification via the API or dashboard.
curl -X POST https://api.postkit.eu/v1/domains/dom_abc123.../verify \
-H "Authorization: Bearer pk_live_abc123..."const response = await fetch(
'https://api.postkit.eu/v1/domains/dom_abc123.../verify',
{
method: 'POST',
headers: { 'Authorization': 'Bearer pk_live_abc123...' },
}
);
const result = await response.json();response = requests.post(
'https://api.postkit.eu/v1/domains/dom_abc123.../verify',
headers={'Authorization': 'Bearer pk_live_abc123...'},
)
result = response.json()Check the verification result
The response tells you the status of each DNS record:
- verified -- All DNS records match. Your domain is ready to send.
- pending -- Some records haven't propagated yet. Wait and try again.
- failed -- One or more records are incorrect. Double-check the values and re-verify.
What's next?
- Send your first email -- if you haven't already
- Webhooks -- receive delivery events in real time
- DKIM, SPF & DMARC -- learn how email authentication works in detail