Custom Domains¶
By default, MailJawn sends emails from its own domain. Setting up a custom sending domain means emails come from your domain — which improves inbox placement, builds brand trust, and gives you control over your sender reputation.
What You're Setting Up¶
MailJawn uses two subdomains under your root domain:
| Subdomain | Purpose | Example |
|---|---|---|
| Sending | MAIL FROM domain for outgoing emails (DKIM + SPF) | mail.example.com |
| Tracking | Open/click tracking pixel and link redirects | track.example.com |
Both share the same root domain (e.g., example.com). You choose the subdomain prefixes during setup.
Tip
Using subdomains (like mail.example.com) instead of your bare domain protects your root domain's reputation. If something goes wrong with email, it doesn't affect your website or other services.
Step 1: Configure Your Domain in MailJawn¶
- Go to Dashboard → Project Settings → Sending Domain
- Enter your root domain (e.g.,
example.com) - Choose a sending subdomain (e.g.,
mail) - Choose a tracking subdomain (e.g.,
track) - Click Save
MailJawn registers your sending domain with Amazon SES and generates the DNS records you need to add.
Step 2: Add DNS Records¶
After saving, MailJawn shows you the exact DNS records to add at your domain registrar (Cloudflare, Namecheap, Route 53, etc.).
DKIM Records (3 CNAME records)¶
DKIM cryptographically signs your emails so receiving servers can verify they came from your domain and weren't tampered with.
Add all three CNAME records:
| Type | Host | Value |
|---|---|---|
CNAME |
{token1}._domainkey.mail.example.com |
{token1}.dkim.amazonses.com |
CNAME |
{token2}._domainkey.mail.example.com |
{token2}.dkim.amazonses.com |
CNAME |
{token3}._domainkey.mail.example.com |
{token3}.dkim.amazonses.com |
The actual token values are shown in your dashboard after Step 1. MailJawn uses 2048-bit RSA keys for DKIM signing.
SPF Record (1 TXT record)¶
SPF tells receiving servers that Amazon SES is authorized to send email on behalf of your domain.
| Type | Host | Value |
|---|---|---|
TXT |
mail.example.com |
v=spf1 include:amazonses.com ~all |
Note
If you already have an SPF record on mail.example.com, add include:amazonses.com to it rather than creating a second TXT record. DNS only allows one SPF record per domain.
DMARC Record (1 TXT record)¶
DMARC tells receiving servers what to do with emails that fail DKIM or SPF checks. Any valid policy works — MailJawn checks for the presence of a DMARC record but doesn't require a specific policy.
| Type | Host | Value |
|---|---|---|
TXT |
_dmarc.mail.example.com |
v=DMARC1; p=none |
The three policy options:
| Policy | What It Does |
|---|---|
p=none |
Monitor only — no enforcement (good for getting started) |
p=quarantine |
Suspicious emails go to spam |
p=reject |
Suspicious emails are blocked entirely |
Tip
Start with p=none while you're setting up. Once you've confirmed everything works, consider moving to p=quarantine or p=reject for stronger protection.
Tracking Domain (1 CNAME record)¶
The tracking domain routes open/click tracking through your own subdomain instead of MailJawn's.
| Type | Host | Value |
|---|---|---|
CNAME |
track.example.com |
track.mailjawn.com |
Step 3: Verify Your Records¶
After adding all DNS records, return to your project settings and click Verify Domain. MailJawn performs live DNS lookups to confirm each record is in place.
The verification dashboard shows the status of each component:
| Component | What's Checked |
|---|---|
| SES Verified | Amazon SES has confirmed domain ownership |
| DKIM | All 3 CNAME records resolve correctly |
| SPF | TXT record contains amazonses.com |
| DMARC | TXT record at _dmarc. contains a valid DMARC policy |
| Tracking CNAME | CNAME resolves to track.mailjawn.com |
Note
DNS changes can take anywhere from a few minutes to 48 hours to propagate. If verification fails, wait a bit and try again. DKIM in particular can take longer because SES needs to confirm the records independently.
What's Required vs. Recommended¶
Your sending domain is considered verified when DKIM, SPF, and SES verification all pass. Once verified, MailJawn uses your domain for sending.
| Component | Required? | Impact |
|---|---|---|
| DKIM | Yes | Emails are signed with your domain's key |
| SPF | Yes | Receiving servers trust SES to send for you |
| SES Verified | Yes | Amazon SES confirms domain ownership |
| DMARC | Recommended | Protects against spoofing; Gmail and Yahoo increasingly require it |
| Tracking CNAME | Recommended | Tracking links show your domain instead of MailJawn's |
What Happens Without a Custom Domain¶
If you don't set up a custom domain, MailJawn sends from its default domain (mailjawn.com). Your project's from_email is set as the Reply-To header so subscribers can reply to you directly.
This works fine for getting started, but a custom domain improves:
- Inbox placement — Receiving servers trust emails from domains with a history
- Brand recognition — Subscribers see your domain, not MailJawn's
- Reputation isolation — Your sending reputation is yours alone, not shared
Troubleshooting¶
DKIM shows "Pending" — SES is still processing. This can take up to 72 hours in rare cases. Verify your CNAME records are correct and wait.
SPF fails — Make sure the TXT record is on the sending subdomain (mail.example.com), not the root domain. Also check for conflicting SPF records.
DMARC fails — The TXT record must be at _dmarc.mail.example.com (under your sending subdomain), not _dmarc.example.com.
Tracking CNAME fails — The value must be exactly track.mailjawn.com (no trailing dot issues vary by registrar). Some registrars require a trailing dot; others add it automatically.