Skip to content

Custom Domains

By default, MailJawn sends emails from its own domain. Setting up a custom sending domain means emails come from your domain — which improves inbox placement, builds brand trust, and gives you control over your sender reputation.

What You're Setting Up

MailJawn uses two subdomains under your root domain:

Subdomain Purpose Example
Sending MAIL FROM domain for outgoing emails (DKIM + SPF) mail.example.com
Tracking Open/click tracking pixel and link redirects track.example.com

Both share the same root domain (e.g., example.com). You choose the subdomain prefixes during setup.

Tip

Using subdomains (like mail.example.com) instead of your bare domain protects your root domain's reputation. If something goes wrong with email, it doesn't affect your website or other services.

Step 1: Configure Your Domain in MailJawn

  1. Go to Dashboard → Project Settings → Sending Domain
  2. Enter your root domain (e.g., example.com)
  3. Choose a sending subdomain (e.g., mail)
  4. Choose a tracking subdomain (e.g., track)
  5. Click Save

MailJawn registers your sending domain with Amazon SES and generates the DNS records you need to add.

Step 2: Add DNS Records

After saving, MailJawn shows you the exact DNS records to add at your domain registrar (Cloudflare, Namecheap, Route 53, etc.).

DKIM Records (3 CNAME records)

DKIM cryptographically signs your emails so receiving servers can verify they came from your domain and weren't tampered with.

Add all three CNAME records:

Type Host Value
CNAME {token1}._domainkey.mail.example.com {token1}.dkim.amazonses.com
CNAME {token2}._domainkey.mail.example.com {token2}.dkim.amazonses.com
CNAME {token3}._domainkey.mail.example.com {token3}.dkim.amazonses.com

The actual token values are shown in your dashboard after Step 1. MailJawn uses 2048-bit RSA keys for DKIM signing.

SPF Record (1 TXT record)

SPF tells receiving servers that Amazon SES is authorized to send email on behalf of your domain.

Type Host Value
TXT mail.example.com v=spf1 include:amazonses.com ~all

Note

If you already have an SPF record on mail.example.com, add include:amazonses.com to it rather than creating a second TXT record. DNS only allows one SPF record per domain.

DMARC Record (1 TXT record)

DMARC tells receiving servers what to do with emails that fail DKIM or SPF checks. Any valid policy works — MailJawn checks for the presence of a DMARC record but doesn't require a specific policy.

Type Host Value
TXT _dmarc.mail.example.com v=DMARC1; p=none

The three policy options:

Policy What It Does
p=none Monitor only — no enforcement (good for getting started)
p=quarantine Suspicious emails go to spam
p=reject Suspicious emails are blocked entirely

Tip

Start with p=none while you're setting up. Once you've confirmed everything works, consider moving to p=quarantine or p=reject for stronger protection.

Tracking Domain (1 CNAME record)

The tracking domain routes open/click tracking through your own subdomain instead of MailJawn's.

Type Host Value
CNAME track.example.com track.mailjawn.com

Step 3: Verify Your Records

After adding all DNS records, return to your project settings and click Verify Domain. MailJawn performs live DNS lookups to confirm each record is in place.

The verification dashboard shows the status of each component:

Component What's Checked
SES Verified Amazon SES has confirmed domain ownership
DKIM All 3 CNAME records resolve correctly
SPF TXT record contains amazonses.com
DMARC TXT record at _dmarc. contains a valid DMARC policy
Tracking CNAME CNAME resolves to track.mailjawn.com

Note

DNS changes can take anywhere from a few minutes to 48 hours to propagate. If verification fails, wait a bit and try again. DKIM in particular can take longer because SES needs to confirm the records independently.

Your sending domain is considered verified when DKIM, SPF, and SES verification all pass. Once verified, MailJawn uses your domain for sending.

Component Required? Impact
DKIM Yes Emails are signed with your domain's key
SPF Yes Receiving servers trust SES to send for you
SES Verified Yes Amazon SES confirms domain ownership
DMARC Recommended Protects against spoofing; Gmail and Yahoo increasingly require it
Tracking CNAME Recommended Tracking links show your domain instead of MailJawn's

What Happens Without a Custom Domain

If you don't set up a custom domain, MailJawn sends from its default domain (mailjawn.com). Your project's from_email is set as the Reply-To header so subscribers can reply to you directly.

This works fine for getting started, but a custom domain improves:

  • Inbox placement — Receiving servers trust emails from domains with a history
  • Brand recognition — Subscribers see your domain, not MailJawn's
  • Reputation isolation — Your sending reputation is yours alone, not shared

Troubleshooting

DKIM shows "Pending" — SES is still processing. This can take up to 72 hours in rare cases. Verify your CNAME records are correct and wait.

SPF fails — Make sure the TXT record is on the sending subdomain (mail.example.com), not the root domain. Also check for conflicting SPF records.

DMARC fails — The TXT record must be at _dmarc.mail.example.com (under your sending subdomain), not _dmarc.example.com.

Tracking CNAME fails — The value must be exactly track.mailjawn.com (no trailing dot issues vary by registrar). Some registrars require a trailing dot; others add it automatically.