Skip to main content
Proper domain configuration is the foundation of email deliverability. When you authenticate your domain, you prove to inbox providers that emails from your domain are legitimate. This improves inbox placement and protects your brand from spoofing.

Why Configure a Sending Domain?

Email providers like Gmail, Outlook, and Yahoo use authentication records to determine whether to trust your emails. Without proper configuration:
  • Emails may land in spam or be rejected entirely
  • Your domain becomes vulnerable to spoofing attacks
  • Inbox providers have no way to verify you’re a legitimate sender
Configuring your domain establishes your identity and builds trust with receiving servers.

Authentication Records

Lettermint uses three DNS records to authenticate your emails:

DKIM

Adds cryptographic signatures to verify email authenticity and detect tampering.

DMARC

Defines policy for handling authentication failures and enables reporting.

Return-Path

CNAME record used as the envelope sender, enabling SPF alignment.
SPF is handled automatically via the Return-Path CNAME. You don’t need to configure a separate SPF record.

Quick Setup Overview

Setting up your domain takes just a few minutes:
  1. Add your domain in the Lettermint dashboard
  2. Configure DNS records with your DNS provider (Return-Path, DKIM, DMARC)
  3. Verify in the dashboard. Lettermint checks your records automatically
Need step-by-step DNS instructions? See our DNS provider guides below.

Subdomain vs Root Domain

We recommend using a subdomain like mail.acme.com instead of your root domain acme.com for sending transactional email:
  • Isolation: Protects your main domain’s reputation if deliverability issues occur
  • Flexibility: Allows different sending configurations for different purposes
  • Best practice: Separates transactional email from marketing or corporate mail

Troubleshooting

Verification taking too long? DNS propagation typically happens within minutes but can take up to 48 hours. Check propagation with: 
dig CNAME lm-bounces.yourdomain.com
dig TXT lettermint._domainkey.yourdomain.com
dig TXT _dmarc.yourdomain.com
Common issues:
  • Duplicate domain in hostname: Some DNS providers auto-append your domain. If you see lm-bounces.acme.com.acme.com, add a trailing dot (.) after the hostname.
  • Cloudflare proxy enabled: Set CNAME proxy status to “DNS only” instead of “Proxied”.
  • Missing quotes: Ensure TXT record values are properly quoted.
  • Incorrect values: Double-check record values match exactly what’s shown in your dashboard.

DNS Provider Guides

Cloudflare

Add DNS records in Cloudflare

TransIP

Add DNS records in TransIP

Domain Chief

Add DNS records in Domain Chief

AWS Route 53

Add DNS records in AWS Route 53

Next Steps

Return-Path & SPF

Learn how the Return-Path record enables SPF alignment.

Domain Access Control

Restrict domain usage to specific projects.