Domain verification and DKIM
In order to send emails from your own domain, you have to verify the domain first by setting up a few DNS records. This step is required to ensure you have the right to use the domain.
For each of your projects, we provide a pre-generated sending domain that looks like this:
project.via.sidemail.net. You can use the pre-generated sending domain for development and testing. However, it's not suited for production use.
Verify your custom domain in your project's settings. During the verifying process, Sidemail will give you 3 CNAME DNS records that you need to place in your domain's DNS provider. Typically, it takes just a few minutes for DNS changes to take effect. However, it can occasionally take longer - up to 72 hours.
Important: If your domain's DNS provider is Cloudflare, you need to disable Cloudflare proxy (the orange icon) for each CNAME record.
After successful verification
- You'll be able to send emails from the verified domain and all its subdomains, for example,
@subdomain.sidemail.io. The email address part before the @ can contain anything you want, for example,
- All emails sent from the verified domain will be signed with DKIM, there's no further configuration needed.
Why so many DNS records?
A short answer: redundancy and security.
The 3 CNAME records are used for signing your emails with DKIM. To sign an email with DKIM, you need a pair of public and secret keys - similarly, what you might be using for SSH authentication.
It's a best practice to rotate your RSA keys from time to time (preferably every 3 months), and that's exactly why we need more than 1 CNAME DNS record for. When we rotate the DKIM keys, the old pair of keys have to stay valid for a few days, then its finally removed. The rotation of the DKIM keys happens completely automatically. It has no downsides and you don't need to configure anything.