Do you want to send your emails to your customers with your own sender email address? You can configure it easily with Raklet!
What is domain verification and why does it matter?
When you send emails through Raklet using your own address (like [email protected]), email providers like Gmail, Outlook, and Yahoo need a way to confirm that we have your permission to send on your behalf. Without that confirmation, your emails are much more likely to land in spam — or get blocked entirely.
Think of it like putting your name on a mailbox: we need to prove your domain belongs to you, and that Raklet (through Amazon SES) is authorized to send mail from it.
You'll set up two layers of verification:
Email address verification — confirms you own the specific email address (e.g., [email protected]). This is the one-click verification email from Amazon.
Domain verification (DKIM + SPF + custom MAIL FROM) — adds DNS records that prove your whole domain is authorized. This is what dramatically improves deliverability.
Both are strongly recommended. Skipping the DNS setup is the #1 reason customers see emails landing in spam.
Step 1: Save Your Sender Email Address
Go to the Messages > Settings page and open the sender profile edit page. If you don't have a sender profile yet, create a new one.
On the sender profile edit page, type your custom sender email address into the From Address field and click the Save button.
Step 2: Verify Your Sender's Email Address
After saving the sender's email address, you need to verify it. Raklet uses Amazon SES (Simple Email Service) as the email service provider. When you save a sender email address, Amazon will automatically send you a verification email with a subject like "Amazon Web Services – Email Address Verification Request in region US West (Oregon)". Open the verification email from [email protected] and click the verification link. Learn more
Once your email address is verified, you'll see a green Verified badge on the sender profile page. You can now send emails from this address — but we strongly recommend completing Step 3 below to improve deliverability.
Step 3: Verify Your Domain (Strongly Recommended)
This step adds DNS records that authenticate your whole domain. It's what stops your emails from being marked as spam by Gmail, Outlook, and other providers.
In your Raklet account, go to Messages > Settings > Domain Verification tab, then click Add Domain and enter your sending domain (e.g., yourdomain.com).
Once added, Raklet will show you the DNS records to add to your DNS provider:
3 CNAME records — for DKIM (digital signature that proves emails are authentic)
1 MX record — for the custom MAIL FROM domain (handles bounces)
1 TXT record — for SPF (lists who's authorized to send on your behalf)
After adding the records to your DNS provider, come back to this page and click Check — the status will change from Pending to Verified. DNS changes typically propagate within a few minutes, but can take up to 24–72 hours depending on your DNS provider.
Setting it up yourself
If you're familiar with creating DNS records, this should be straightforward. Each domain name provider's control panel is unique, so refer to your provider's documentation if needed:
Setting up with your domain name provider's assistance
If you'd prefer to ask your domain name provider to do it for you, contact them directly.
Don't know who your domain name provider is? Click here, enter your domain name, and click Search. Look for the name of your provider in the Registrar field.
Use the following email template — just copy, paste, and replace the placeholders with the values shown on your Domain Verification page in Raklet:
Please assist me with my domain name setup <MYDOMAIN.COM>
by adding the following DNS records to it:
--- DKIM (3x CNAME) ---
- CNAME-1
Name: <Name-1>
Value: <Value-1>
- CNAME-2
Name: <Name-2>
Value: <Value-2>
- CNAME-3
Name: <Name-3>
Value: <Value-3>
--- Custom MAIL FROM ---
- MX
Name: email.<MYDOMAIN.COM>
Value: feedback-smtp.us-west-2.amazonses.com
Priority: 10
- TXT (SPF)
Name: email.<MYDOMAIN.COM>
Value: "v=spf1 include:amazonses.com ~all"
With some domain registrars, the Name field is filled in automatically — see the Tips & Common Questions section below for details.
Example records
Here's what the MAIL FROM records look like for our own domain, [email protected]:
Name: email.raklet.com
Type : MX
Value: feedback-smtp.us-west-2.amazonses.com
Priority: 10
Name: email.raklet.com
Type : TXT
Value : "v=spf1 include:amazonses.com ~all"
🔍 Breakdown:
🔹 Name: email.raklet.com
This means the SPF policy applies to the subdomain email.raklet.com (not the root domain raklet.com unless explicitly referenced).
🔹 Type: TXT
SPF records are stored in DNS as TXT records.
🔹 Value: "v=spf1 include:amazonses.com ~all"
This is the SPF policy string, explained below:
Explanation of SPF Value:
✅ v=spf1
SPF version declaration.
✅ include:amazonses.com
Tells receiving email servers:
→ “Emails from servers that are authorized by amazonses.com are permitted to send emails on behalf of email.raklet.com.”
✅ It’s a shortcut that includes Amazon SES’s own list of valid IP addresses for sending emails.
✅ ~all
Means: “Soft fail any other senders.”
If an email comes from a server not listed in amazonses.com’s SPF records, the receiving server should accept it but mark it as suspicious (e.g., more likely to go to spam).
🚨 What This Doesn’t Do:
It does NOT allow all AWS customers to send emails on your behalf.
It only allows SES accounts using Amazon’s official SES sending infrastructure which is separately tied to verified identities.
That means only verified senders within your SES setup can send using email.raklet.com.
🔐 Security Consideration:
If you want to make it stricter, you can use -all instead of ~all:
-all = hard fail. Reject all emails not coming from amazonses.com IPs.
But this can sometimes result in valid emails being blocked if you haven’t configured all sources properly (e.g., transactional vs marketing emails).
✅ In Summary:
This record is:
Essential for telling other email servers that Amazon SES is a trusted sender for your subdomain.
Safe when paired with verified identities and DKIM.
Not giving away access to other AWS users.
If you want to learn more, you can read Using a custom MAIL FROM domain with AWS SES.
Tips & Common Questions
How long does verification take?
DNS changes typically propagate within a few minutes, but can take up to 24–72 hours depending on your DNS provider. If the status still shows "Pending" after 24 hours, double-check that all records were saved correctly.
My DNS provider keeps adding my domain to the end of the Name field.
This is normal. Many DNS providers (GoDaddy, Namecheap, Cloudflare, etc.) automatically append your root domain. If yours does, enter only the part before your root domain.
For example, instead of entering:
abc123._domainkey.email.yourdomain.com
You'd enter:
abc123._domainkey.email
If you're unsure, try it without the root domain first — most providers will show you the final result before saving.
What's the difference between DKIM, SPF, and MAIL FROM?
DKIM (the 3 CNAME records) — a digital signature that proves the email wasn't tampered with in transit.
SPF (the TXT record) — a public list of who's allowed to send email for your domain.
MAIL FROM (the MX record) — handles bounces and replies properly so your domain stays in good standing.
All three work together. Skipping any one weakens your deliverability score.
I added all the records but it still says Pending.
Make sure you didn't accidentally add quotes around the CNAME values (only the TXT/SPF value needs quotes).
Check that you didn't duplicate the root domain in the Name field.
Wait at least 30 minutes and click "Check" again.
If it's still pending after 24 hours, contact our support team with a screenshot of your DNS records.
I don't know who manages my DNS.
Use whois.domaintools.com to look up your domain — the Registrar field will tell you who you bought the domain from. They usually manage DNS unless you've moved it to a separate provider like Cloudflare.