Overview #
Once you’ve added your DNS records, the final step is verification. This confirms that your domain is correctly configured to send email through our platform.
All verification is handled entirely by Amazon SES (Simple Email Service) – we do not perform any record checks ourselves. Our system simply submits your domain to SES and displays the status Amazon reports back.
How Domain Verification Works #
Here’s what happens after you add a domain:
- You enter your masked sender address in our CMS (e.g.
[email protected]) - We generate the required DNS records and display them to you
- Once you’ve added the records in your DNS provider, you click Check Validity
- Our system forwards your domain to Amazon SES, which:
- Looks for the records on your domain
- Verifies if everything matches the expected values
- Approves or rejects the domain for sending
We do not validate your DNS records ourselves. Amazon SES does all the checking. This means:
- If verification is delayed, it’s due to SES processing time or DNS propagation
- We have no ability to speed up or override the process
- Our CMS simply displays the current status provided by Amazon
How Long Does It Take? #
- Most domains verify within 1 to 12 hours
- In some cases it can take up to 72 hours, depending on your DNS provider and Amazon SES queue times
- You can return to the CMS at any time and click Check Validity to refresh the current status
How to Check Your DNS Records #
Before resubmitting your domain for verification, you can manually confirm whether your DNS records are publicly visible. This helps ensure everything is set up correctly before AWS attempts another check.
Recommended tools: #
| Tool | Use it to check… | Link |
|---|---|---|
| 🔍 MXToolbox | Any TXT, MX, or CNAME record | http://mxtoolbox.com |
| 🔍 Google Admin Toolbox | Deep DNS checks from Google’s perspective | http://toolbox.googleapps.com |
| 🔍 DNSChecker | Global DNS propagation across multiple locations | http://dnschecker.org |
To check:
- Paste your full record name (e.g.
mail.yourdomain.comorsomekey._domainkey.yourdomain.com) - Select the correct record type (CNAME, TXT, or MX)
- Verify that the value shown matches exactly what we provided
If a record doesn’t show up, it means either:
- It was added incorrectly (wrong name or value)
- It hasn’t propagated yet (try again later)
Why a Domain Might Fail Verification #
Even small issues in your DNS setup can prevent Amazon SES from verifying your domain. Common reasons include:
| Issue | Explanation |
|---|---|
| ❌ Missing record | One or more required records wasn’t added, or was added in the wrong place |
| ❌ Incorrect values | A record’s value doesn’t match exactly what SES expects |
| ⚠️ Cloudflare proxying | CNAME records must be set to DNS only, not proxied through the orange cloud |
| ⌛ DNS propagation delay | Some providers take longer to make your changes visible to Amazon SES |
| 🕒 Stale or repeated failures | Domains that fail several times or sit idle unverified may be deprioritised by Amazon’s internal systems |
What to Do If Verification Fails #
If verification doesn’t go through, follow these steps:
- Double-check your DNS entries – Use the tools above to confirm everything is visible and correct
- Fix any mistakes – Remove incorrect records and re-add them if needed
- In the CMS, click Check Validity to pull the latest verification status
- If SES has marked the domain as failed, a Resubmit for Verification button will appear – click this to reinitiate the process
You can retry as often as needed, but avoid doing so until your records are fully correct to prevent unnecessary delays.
Why SES May Delay Rechecking #
Amazon automatically deprioritises domains that:
- Have failed multiple verification attempts
- Have been left unverified for an extended time
- Are using invalid or inconsistent DNS settings
This doesn’t mean your domain won’t be verified – it just means SES may take longer to check it again. That’s why we recommend getting your records exactly right before submitting for the first time.
Summary #
| Step | What to Know |
|---|---|
| ✅ We submit domains to SES | We don’t do any DNS validation ourselves |
| 🔍 SES performs the check | All approval or failure decisions come directly from Amazon |
| ⏳ Timing is out of our control | Some verifications are instant, others take up to 72 hours |
| 🔧 Use external tools | Confirm records are publicly visible before resubmitting |
| 🔁 Fix before retrying | Don’t resubmit until you’re confident all records are correct |
Once SES verifies your domain, masked emails will begin sending automatically using your domain name. You’ll see the verified status reflected in your CMS and sending will activate immediately.
