Sending Domains
Manage your sending domains to ensure email authentication and deliverability. Add, verify, and monitor domains used for sending emails, ensuring they meet necessary authentication standards such as SPF, DKIM, and DMARC for improved inbox placement and trust.
Overview
Sending domains provide authentication and tracking for your emails:
+------------------+ +------------------+ +------------------+
| EMAIL SENT | ---> | DNS RECORDS | ---> | RECIPIENT |
| from domain | | SPF + DKIM | | SERVER |
+------------------+ +------------------+ +------------------+
|
v
+------------------+
| VERIFICATION |
| - SPF: Pass |
| - DKIM: Pass |
| - Domain: Valid |
+------------------+
Why Domain Authentication Matters
Deliverability
- SPF tells receiving servers which IPs can send for your domain
- DKIM proves emails weren't modified in transit
- Authenticated emails are less likely to be marked as spam
Brand Protection
- Prevent spoofing of your domain by unauthorized senders
- Build reputation with consistent sending identity
- Establish trust with recipients and email providers
Tracking Capability
- Click tracking uses your tracking domain for links in broadcasts
- Open tracking uses your tracking domain for pixels in campaigns
- Custom domains look more professional than third-party URLs
Viewing Sending Domains
Navigate to Setup → Sending Domains to view all configured domains.
Page Features
- Add New button to add a domain
- Our records / User records toggle to filter view
- Filter by admin dropdown to filter by administrator
- Show entries dropdown to control page size
- Search box to find specific domains
- Pagination for navigating through domains
Table Columns
| Column | Description |
|---|---|
| Sending Domain | Domain name (clickable link) |
| Tracking Prefix | Subdomain prefix for tracking (e.g., "email") |
| Redirection Type | Method: cname, htaccess, or cloak |
| DKIM | DKIM verification status |
| Tracking Domain | Tracking domain verification status |
| Created on | Date and time domain was added |
| Actions | Row action menu |
Status Indicators
Both DKIM and Tracking Domain columns show these statuses:
| Status | Badge Color | Description |
|---|---|---|
| OFF | Dark/Gray | Feature is disabled |
| PENDING | Yellow/Orange | Awaiting verification |
| PASSED | Green | Verification successful |
| FAILED | Red | Verification failed |
Row Actions
Click the ... (three dots) menu on any row to access:
| Action | Description |
|---|---|
| View sending domain | Open domain details page |
| Set ownership as verified | Manually verify domain ownership |
| Verify domain key | Check DKIM DNS record |
| Verify tracking domain | Check tracking domain configuration |
| Download domain key pair | Download DKIM public/private keys |
| Delete | Remove this domain |
Domain Status
Overall Domain Status
| Status | Badge | Description |
|---|---|---|
| Active | Green | Domain is fully verified and can be used |
| Inactive | Gray | Domain is disabled |
| Suspended | Red | Domain has been suspended by admin |
| Pending Verification | Orange | Ownership verification is pending (when domain verification is enabled in application settings) |
| Pending Authentication | Orange | DNS records (DKIM, tracking, SPF, MX) are awaiting verification |
| Authentication Failed | Red | One or more DNS verifications have failed |
What Affects Domain Status
The domain status is automatically calculated based on:
- Domain ownership verification status (if enabled)
- DKIM verification status
- Tracking domain verification status
- Bounce domain verification status (SPF + MX)
- Whether all required DNS records have been confirmed
If any verification fails, the domain status changes to reflect the issue until it is resolved.
Domain Status Toggle
The Domain Status toggle (Active/Inactive) allows you to manually enable or disable a sending domain. This toggle is available on the main DNS authentication page but is hidden during the ownership verification step when domain verification is mandatory.
Domain Setup Flow
When a new sending domain is added, it goes through a two-step setup process (when domain ownership verification is enabled in application settings):
+------------------+ +------------------+ +------------------+
| ADD DOMAIN | ---> | STEP 1: | ---> | STEP 2: |
| Enter domain | | OWNERSHIP | | DNS AUTH |
| name | | VERIFICATION | | DKIM + Tracking |
+------------------+ +------------------+ | + Bounce |
+------------------+
Step 1: Domain Ownership Verification
If domain ownership verification is enabled in application settings, the first page you see after adding a domain requires proving you own the domain.
Page indicators:
- Domain name is displayed in the card header
- A "Pending Verification" badge (orange) is shown next to the domain name
- The Domain Status toggle and status labels are hidden during this step
Two verification methods are available:
Method 1: DNS Record (Default)
- A TXT record is displayed with the host and hash value
- Add this TXT record to your domain's DNS zone
- The Current Value column fetches and displays the live DNS value automatically
- Click Verify Domain to confirm
Method 2: Upload File
- Download the verification HTML file
- Upload it to the root folder of your domain
- Mumara checks if the file is publicly accessible
- Click Verify Domain to confirm
The current DNS value is fetched asynchronously when the page loads. If your DNS provider's records haven't propagated yet, the value may show "No value found". DNS propagation can take up to 48 hours.
If domain ownership verification is disabled in application settings, this step is skipped entirely and domains go directly to the DNS authentication page.
Step 2: DNS Authentication
After ownership is verified (or if verification is disabled), you are redirected to the main DNS authentication page where you configure DKIM, tracking domain, and bounce domain records.
Page indicators:
- A "Verified" badge (green) appears next to the domain name
- Domain Status toggle is visible
- Status labels show Active, Pending Authentication, or Authentication Failed
DNS Record Host Formatting
All DNS record tables use a smart host formatting system that helps you identify exactly what to enter in your DNS zone editor.
Click-to-Copy Host Records
In every DNS record table (DKIM, Tracking CNAME, SPF, MX, and Ownership Verification), the Host column displays the record in a formatted way:
- Bold text: The portion you need to enter in your DNS zone editor (click to copy to clipboard)
- Gray text: The registrable domain (automatically appended by your DNS provider)
Example: For domain newsletters.marketing.example.com:
- Bold:
key._domainkey.newsletters.marketing(this is what you copy) - Gray:
.example.com(your DNS zone already knows this)
This formatting uses the Mozilla Public Suffix List to accurately identify the registrable domain (e.g., example.com, example.co.uk) regardless of how many subdomain levels are used.
Click on any host record in the DNS tables to instantly copy the relevant portion to your clipboard. A success notification will confirm the copy.
Creating a Sending Domain
Navigate to Setup → Sending Domains and click Add New.
Domain Name
Enter the domain you'll use for sending emails.
Examples:
example.com(main domain recommended)yourbrand.commail.yourbrand.com(subdomain)
Using your main domain for sending emails increases the trust factor with recipients and email providers. Mumara will automatically create the necessary subdomain DNS records for tracking (e.g., email.example.com for tracking links).
Sending Domain Details
After creating a domain (and completing ownership verification if required), you'll see the domain details page with configuration options.
Sending Domain Authentication Card
The authentication card header displays:
| Element | Description |
|---|---|
| Domain Name | The full sending domain name displayed prominently in the card body |
| Verified Badge | Green "Verified" badge (when ownership verification is enabled and passed) |
| Status Labels | Active, Pending Authentication, or Authentication Failed indicators |
| Recheck Button | Re-verifies all DNS records |
| Domain Status Toggle | Enable or disable the domain |
DKIM Authentication
DKIM (DomainKeys Identified Mail) signs your outgoing emails with a domain key to verify authenticity.
Automatic Key Generation
When you first access the DNS authentication page, DKIM keys are automatically generated if they don't already exist. This eliminates the need to manually click "Generate Keys" before configuring DKIM.
Auto-generation only occurs on the main DNS authentication page, not during the ownership verification step. If key generation fails for any reason, you can always use the Regenerate Keys link manually.
Sign Outgoing Emails
Toggle to enable DKIM signing for emails sent through this domain.
When enabled, Mumara will sign your outgoing emails with a domain key. Ensure that the public DNS entry is added after enabling.
DKIM Record Configuration
After enabling, you'll see a table with the required DNS record:
| Column | Description |
|---|---|
| Host | The DNS record host (e.g., key._domainkey.yourdomain.com) — click to copy |
| Type | Record type (TXT) |
| Value | The DKIM public key value to add |
| Current Value | The current value found in DNS (fetched automatically) |
Adding the DKIM Record
- Click the Host value to copy it to your clipboard
- Copy the Value (DKIM public key) using the copy button
- Log into your DNS provider
- Add a new TXT record with the host and value
- Wait for DNS propagation
- Click Recheck to verify
Regenerate Keys
Click Regenerate Keys to generate a new DKIM key pair. Use this if:
- Your private key was compromised
- You want to rotate keys for security
- The current keys are not working
Regenerating keys requires updating the DNS record with the new public key. The old key will no longer validate signatures.
Download Private Key
Click Download Private Key to download the DKIM private key file for backup or external use.
Custom Tracking Domain
Configure a custom tracking domain to replace the default system domain in all tracking links and image paths within your emails.
Enable Tracking Domain
Toggle to enable custom tracking domain.
Tracking Prefix
The subdomain prefix used for tracking. Default is typically "email".
Example: With prefix "email" and domain "example.com", tracking domain becomes email.example.com
Use Secure URL
Toggle to enable HTTPS for all tracking links. When enabled, Mumara generates tracking URLs using the HTTPS protocol for this tracking domain.
If "Use Secure URL" is enabled, a valid SSL certificate must be installed on the tracking domain. Without it, tracking links will not work. Either install an SSL certificate or disable this option.
Redirection Types
Choose how tracking requests are redirected to Mumara's tracking server:
CNAME
Uses DNS CNAME record pointing to Mumara's primary domain.
Configuration:
- Add a CNAME record in your DNS
- Point it to the value shown (e.g.,
campaigns.mumara.dev)
| Column | Description |
|---|---|
| Host | Your tracking subdomain — click to copy (e.g., email) |
| Type | CNAME |
| Value | The target domain to point to |
| Current Value | What DNS currently resolves to (fetched automatically) |
Pros:
- Simple DNS configuration
- No server-side setup required
Cons:
- Exposes Mumara's IP in trace routes
.htaccess
Uses Apache .htaccess rewrite rules for redirection.
Configuration:
- Click Download File to get the .htaccess file
- Extract the downloaded file
- Upload the .htaccess file to the root folder of your tracking domain
| Column | Description |
|---|---|
| Host | Your tracking subdomain — click to copy |
| Type | CNAME (still requires DNS pointing) |
| Value | The target domain |
| Current Value | Current DNS resolution (fetched automatically) |
Pros:
- Hides the primary domain IP in trace routes
- More control over redirects
Cons:
- Requires Apache web server
- Requires file upload access to tracking domain
Index / Cloak
Uses a PHP file for cloaking/redirection.
Configuration:
- Click Download File to get the PHP cloak file
- Place the file at the root folder of your tracking domain
Requirements:
allow_url_fopenmust be enabled in PHP settings
| Column | Description |
|---|---|
| Host | Your tracking subdomain — click to copy |
| Type | CNAME |
| Value | The target domain |
| Current Value | Current DNS resolution (fetched automatically) |
Pros:
- Hides the primary domain completely
- Works with any web server supporting PHP
Cons:
- Requires PHP support on tracking domain
- Requires specific PHP configuration
Bounce Domain Configuration
When bounce processing is enabled (via IMAP settings), additional DNS records are required for proper bounce handling.
Bounce Prefix
The subdomain prefix used for bounce handling (e.g., "bounce"). This prefix can be edited inline on the domain details page.
SPF Record
An SPF record must be added for the bounce subdomain:
| Column | Description |
|---|---|
| Host | Bounce prefix + subdomain — click to copy (e.g., bounce.newsletters.marketing) |
| Type | TXT |
| Value | SPF include value (e.g., v=spf1 include:spf.mumara.com ~all) |
| Current Value | Current DNS value (fetched automatically) |
MX Record
An MX record must be added for the bounce subdomain:
| Column | Description |
|---|---|
| Host | Bounce prefix + subdomain — click to copy |
| Type | MX |
| Value | Bounce mail server domain |
| Current Value | Current DNS value (fetched automatically) |
DNS Current Values
All DNS record tables fetch their Current Value column automatically when the page loads. The system uses multiple DNS lookup methods with automatic fallback to ensure reliable results.
A loading spinner is displayed in the Current Value column while the lookup is in progress. If no value is found after all methods are tried, "No value found" is displayed.
Verification Process
Domain Ownership Verification
When enabled in application settings:
- Add a new sending domain
- Choose verification method (DNS Record or Upload File)
- Configure DNS or upload file as instructed
- Click Verify Domain
- Upon success, you're redirected to the DNS authentication page
The verification checks all TXT records for the domain (not just the first one) and handles quoted values and whitespace automatically.
DKIM Verification
- DKIM keys are auto-generated when you first access the DNS page
- Enable Sign Outgoing Emails
- Copy the DKIM record details (click host to copy)
- Add TXT record to your DNS
- Wait for DNS propagation (up to 48 hours)
- Click Recheck or Verify domain key from actions menu
- Status changes from PENDING to PASSED
Tracking Domain Verification
- Enable Tracking Domain
- Choose redirection type (CNAME, .htaccess, or Index/Cloak)
- Configure DNS or upload files as required
- Click Recheck or Verify tracking domain from actions menu
- Status changes from PENDING to PASSED
Bounce Domain Verification
- Enable bounce processing
- Add SPF TXT record to your DNS
- Add MX record to your DNS
- Click Recheck to verify both records
- Both SPF and MX must pass for bounce verification
Verification Statuses
| Status | Meaning |
|---|---|
| Pending | Verification not yet attempted or in progress |
| Passed | DNS record verified successfully |
| Failed | DNS record not found or incorrect |
Managing Sending Domains
Viewing Domain Details
- Click on the domain name in the list, OR
- Click ... menu → View sending domain
Verifying DNS Records
Verify DKIM:
- Click ... menu → Verify domain key
- System checks DNS for DKIM record
- Status updates to Passed or Failed
Verify Tracking:
- Click ... menu → Verify tracking domain
- System checks DNS/file configuration
- Status updates to Passed or Failed
Manual Ownership Verification
If automatic verification isn't working:
- Click ... menu → Set ownership as verified
- Domain ownership is manually marked as verified
Downloading DKIM Keys
- Click ... menu → Download domain key pair
- Download contains public and private key files
- Use for backup or external configuration
Deleting a Domain
- Click ... menu → Delete
- If the domain is assigned to lists or sending nodes, you'll see a dependency check modal
- Optionally reassign assets to another domain before deletion
Deleting a domain used by contact lists or sending nodes requires unassigning or reassigning those assets first.
DNS Record Reference
SPF Record
| Property | Value |
|---|---|
| Type | TXT |
| Host | Bounce prefix + subdomain (e.g., bounce) |
| Value | v=spf1 include:_spf.mumara.com ~all |
DKIM Record
| Property | Value |
|---|---|
| Type | TXT |
| Host | selector._domainkey + subdomain |
| Value | (auto-generated by Mumara — starts with v=DKIM1; k=rsa; p=...) |
Tracking CNAME
| Property | Value |
|---|---|
| Type | CNAME |
| Host | Tracking prefix (e.g., email) |
| Value | (provided by Mumara — your primary domain) |
MX Record
| Property | Value |
|---|---|
| Type | MX |
| Host | Bounce prefix + subdomain |
| Value | (provided by Mumara — bounce server domain) |
Best Practices
Domain Selection
- Use main domain — Increases trust factor with recipients and providers
- Consistent branding — Use your primary brand domain for recognition
- Plan for growth — Consider multiple domains for different business units if needed
DNS Configuration
- Click to copy — Use the click-to-copy feature on host records to avoid typos
- Verify records carefully — Ensure you only copy the bold portion (your DNS zone adds the registrable domain automatically)
- Check propagation — Use DNS lookup tools to verify before clicking Recheck
- Document configurations — Keep records of DNS settings
- Set appropriate TTLs — Lower TTLs for faster changes
Security
- Protect DKIM keys — Keep private keys secure
- Use HTTPS — Enable "Use Secure URL" for tracking when SSL is available
- Implement DMARC — Add DMARC policy to your domain
- Monitor reports — Review authentication reports for issues
Verification
- Verify before sending — Always verify domains before campaigns
- Check regularly — DNS changes can break authentication
- Re-verify after changes — Use Recheck button after DNS updates
Troubleshooting
DKIM Keys Show "No Key Found"
Possible causes:
- OpenSSL configuration not available on the server
- Key generation failed during auto-generation
Solutions:
- Click Regenerate Keys to manually trigger key generation
- Check that OpenSSL is properly configured on your server
- Verify the
OPENSSL_CONFenvironment variable points to a validopenssl.cnffile
DKIM Verification Failed
Possible causes:
- DNS record not added
- Wrong host name (check you copied only the bold portion)
- Public key truncated
- DNS propagation not complete
Solutions:
- Verify TXT record exists in DNS
- Click the host record to copy the exact value needed
- Ensure full public key is in record (long TXT values may need to be split)
- Wait up to 48 hours for propagation
Domain Ownership Verification Failing
Possible causes:
- TXT record not yet propagated
- DNS provider returning cached results
- Record added with wrong host name
Solutions:
- Wait for DNS propagation (up to 48 hours)
- The system checks all TXT records for your domain, not just the first one
- The system automatically falls back to alternative DNS lookup methods if the primary method fails
- Verify the Current Value column shows your expected hash value
- As a last resort, use Set ownership as verified from the domain list actions
Current Value Shows "No Value Found"
Possible causes:
- DNS record not yet added or propagated
- Local DNS resolver cannot reach the record
- Deeply nested subdomains may not resolve with all DNS lookup methods
Solutions:
- The system automatically falls back to alternative DNS methods
- Wait for DNS propagation
- Verify the record exists using an external DNS lookup tool (e.g., MXToolbox)
Tracking Domain Not Working
Possible causes:
- CNAME not configured correctly
- .htaccess file not uploaded
- PHP file missing or misconfigured
- SSL certificate issues
- DocumentRoot not pointing to Mumara's root directory
Solutions:
- Verify DNS record for CNAME type
- Check file exists at tracking domain root
- Ensure
allow_url_fopenis enabled for Cloak/Index method - Check tracking domain has valid SSL certificate if "Use Secure URL" is enabled
- If using CNAME, ensure the server's DocumentRoot points to Mumara's installation directory
Domain Shows Warning Status
Possible causes:
- DKIM verification failed
- Tracking domain verification failed
- Bounce domain issues (SPF or MX)
Solutions:
- Click Recheck to re-verify all records
- Fix any failed verifications
- Review and correct DNS records
DNS Provider Guides
Adding Records in Common Providers
Cloudflare:
- Login to dashboard → Select domain → DNS
- Click Add Record
- Enter Type, Name, Content
- Save
GoDaddy:
- Login → My Products → DNS
- Click Add under Records
- Select type, enter details
- Save
Namecheap:
- Login → Domain List → Manage
- Advanced DNS → Add New Record
- Enter details → Save
AWS Route 53:
- Login → Route 53 → Hosted zones
- Select domain → Create record
- Enter details → Create
Next Steps
- Sending Nodes - Configure SMTP with domain authentication
- Bounce Addresses - Set up bounce processing
- Contact Lists - Assign domains to lists