Domain verification and DKIM

In order to send emails from your own domain, you have to verify the domain first by setting up a few DNS records. This step is required to ensure you have the right to use the domain.

For each of your projects, we provide a pre-generated sending domain that looks like this: project.via.sidemail.net. You can use the pre-generated sending domain for development and testing. However, it's not suited for production use.

Verify your custom domain in your project's settings. During the verifying process, Sidemail will give you 3 CNAME DNS records that you need to place in your domain's DNS provider. Typically, it takes just a few minutes for DNS changes to take effect. However, it can occasionally take longer - up to 72 hours.

Domain verification

Important: If your domain's DNS provider is Cloudflare, you need to disable Cloudflare proxy (the orange icon) for each CNAME record.

After successful verification

  • You'll be able to send emails from the verified domain and all its subdomains, for example, @sidemail.io and @subdomain.sidemail.io. The email address part before the @ can contain anything you want, for example, anything@sidemail.io is valid.
  • All emails sent from the verified domain will be signed with DKIM, there's no further configuration needed.

Why so many DNS records?

A short answer: redundancy and security.

The 3 CNAME records are used for signing your emails with DKIM. To sign an email with DKIM, you need a pair of public and secret keys - similarly, what you might be using for SSH authentication.

It's a best practice to rotate your RSA keys from time to time (preferably every 3 months), and that's exactly why we need more than 1 CNAME DNS record for. When we rotate the DKIM keys, the old pair of keys have to stay valid for a few days, then its finally removed. The rotation of the DKIM keys happens completely automatically. It has no downsides and you don't need to configure anything.