PlunkPlunk
Guides

Verifying domains

Ensure your emails reach the inbox by verifying your sending domains

Verifying your domain is a requirement to send emails through Plunk. Domain verification helps improve email deliverability and ensures that your emails are less likely to be marked as spam.

Verifying a domain

You can verify a domain by adding it in the domain tab of the project settings. Once added, Plunk will provide you with the necessary DNS records to add to your domain's DNS settings.

Once you have added the DNS records, it may take some time for the changes to propagate. You can check the verification status in the domain tab of the project settings.

DNS Records

Domain verification requires adding several DNS records to your domain. Each record serves a specific purpose in email authentication and delivery.

DKIM Records (3 CNAME records)

DomainKeys Identified Mail (DKIM) adds a digital signature to your emails, proving they haven't been tampered with during transit.

You'll need to add 3 CNAME records provided by Plunk. These records contain cryptographic keys that email receivers use to verify your emails are authentic.

Why it matters:

  • Prevents email spoofing and tampering
  • Improves deliverability and inbox placement
  • Required by most email providers (Gmail, Outlook, etc.)

SPF Record (1 TXT record)

Sender Policy Framework (SPF) specifies which mail servers are authorized to send emails on behalf of your domain.

You'll need to add 1 TXT record that lists the authorized sending servers.

Why it matters:

  • Prevents unauthorized servers from sending emails using your domain
  • Reduces the likelihood of your domain being used for spam
  • Works together with DKIM for complete authentication

Already have an SPF record?

A domain can only have one SPF TXT record. If you already use another email provider (Google Workspace, Microsoft 365, another sending platform), you must merge Plunk's SPF mechanism into your existing record — don't add a second SPF record. For example, if your existing record is v=spf1 include:_spf.google.com ~all, the merged version is v=spf1 include:_spf.google.com include:<Plunk's include from the dashboard> ~all. Two separate SPF records will cause both to fail.

Bounce Handling (1 MX record)

This MX record allows Plunk to receive bounce notifications and spam complaints from email providers.

Why it matters:

  • Automatically tracks which contacts have bounced or complained
  • Helps maintain your sender reputation
  • Prevents sending to invalid email addresses
  • Required for deliverability monitoring

Bounce MX vs inbound MX

This MX record handles delivery feedback (bounces, complaints) for emails Plunk sends out — it's separate from the inbound MX record used to receive emails sent to your domain. They serve different purposes; you can have either one or both.

Domain-based Message Authentication, Reporting and Conformance (DMARC) tells receiving mail servers what to do when an email fails SPF or DKIM checks, and where to send authentication reports.

Plunk doesn't require DMARC, but most major mailbox providers (Gmail, Yahoo, Microsoft) now expect it for bulk senders. Add a TXT record at _dmarc.yourdomain.com:

v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com

Start with p=none to monitor without affecting delivery. Once you've reviewed reports for a couple of weeks and confirmed all your legitimate senders are authenticated, tighten to p=quarantine and eventually p=reject.

MAIL FROM domain (optional)

You can configure a custom MAIL FROM domain (typically a subdomain like mail.yourdomain.com) so the bounce envelope address aligns with your sending domain. This improves DMARC alignment and is required by some inbox providers for full pass-through.

If you set this up, you'll need an additional MX record and TXT record on the subdomain — Plunk's dashboard will show you the exact values to add when you enable it on a verified domain.

Verification Status

After adding all DNS records, Plunk automatically checks verification status in the background. Verification typically completes within a few minutes, but can take up to 72 hours depending on DNS propagation.

You can check the status in the Domains section of your project settings. Each record type will show as verified once detected. If you've just added a record and don't want to wait, you can trigger a re-check from the dashboard.

Troubleshooting

List Hygiene

Understand and maintain a healthy email list

Receiving emails

Receive incoming email at your verified domain and turn it into events you can drive workflows from

On this page

Verifying a domainDNS RecordsDKIM Records (3 CNAME records)SPF Record (1 TXT record)Bounce Handling (1 MX record)DMARC (optional, recommended)MAIL FROM domain (optional)Verification StatusTroubleshooting