To verify your domain, you must configure the DNS (Domain Name System) records provided in the Dashboard. These DNS records are necessary to ensure your ownership of the domain and reliable email delivery.
The procedure for adding DNS records to your domain’s DNS server depends on who provides your DNS service. Consult the documentation for your DNS service for specific instructions.
Here are instructions for a few popular providers:
It may take up to 72 hours for DNS record changes to be confirmed. We will notify you whether your domain has been verified.
If your domain hasn’t been verified after 72 hours, try the following:
- Correct any typos. You can check your domain’s records in the Dashboard’s email domain settings by clicking “Verify domain” to narrow down issues.
- Ensure there are no records that share the same name as the provided CNAME records. CNAME records must be the only record present for a record name.
- Ensure the added record names do not include your domain twice. Some providers automatically append DNS record names with the domain name. In this case, if we ask you to create a record with the name “bounce.example.com” you must only enter “bounce” into the name field.
- Check that the DNS records are published. You can verify this by using a DNS lookup tool which displays the published records for your domain.
If you are still having trouble verifying your domain, contact your DNS provider.
Purpose of DNS records
Each category of record that needs to be configured has a purpose.
|Stripe proof-of-ownership||TXT||Before email can be sent from a domain we must confirm ownership of the domain you will be using.|
|Mail From Domain||CNAME||This specifies the source of the message to the receiving email server and the Sender Policy Framework (SPF) policy to allow sending.|
|DomainKeys Identified Mail (DKIM)||CNAME||These allow a mail server to verify that a message has not been modified by a third party in transit.|
Do not delete the provided DNS records from your domain after the domain has become verified. We will be checking these records frequently and will notify you if records become invalid or go missing. If DNS records are not corrected within 48 hours, we will send customer emails from stripe.com to guarantee they reach your customers until the problem is resolved.
As a best practice, always configure the Domain-based Message Authentication, Reporting & Conformance (DMARC) record on your domain. This record is especially valuable for preventing impersonation attacks, such as phishing.
The record value specifies a policy that email providers use to decide how to handle fraudulent emails. For example, you can create a DMARC policy that rejects an email that does not pass SPF or DKIM checks. This policy would make it harder for malicious email senders to impersonate you.
If you’re already using this domain to send email, use caution when adding DMARC to ensure that it does not interfere with your existing configuration. Consult an email or IT professional before adding or modifying this record.