Managing Domains
DNS configuration and domain verification
Managing Domains
This guide walks through the complete DNS configuration process for custom domains, including troubleshooting common issues and verifying domain ownership.
DNS Records Overview
When you add a custom domain to daimon.email, you'll need to configure six DNS records:
| Record Type | Name | Purpose | Required |
|---|---|---|---|
| MX (2x) | @ | Route incoming email to daimon.email | Yes |
| TXT (SPF) | @ | Authorize daimon.email to send on your behalf | Yes |
| TXT (DKIM) | daimon._domainkey | Cryptographically sign outbound emails | Yes |
| TXT (DMARC) | _dmarc | Set policy for authentication failures | Recommended |
| TXT (Verification) | @ | Prove domain ownership | Yes |
Step-by-Step DNS Configuration
1. Get Your DNS Records
After adding your domain, retrieve the DNS records to configure:
curl -X GET https://api.daimon.email/v1/domains/dom_abc123 \
-H "Authorization: Bearer dm_live_account123..."const domain = await client.domains.get('dom_abc123');
console.log('Configure these DNS records:');
domain.dnsRecords.forEach(record => {
console.log(`${record.type} ${record.name} → ${record.value}`);
});domain = client.domains.get('dom_abc123')
print('Configure these DNS records:')
for record in domain.dns_records:
print(f"{record.type} {record.name} → {record.value}")2. Configure MX Records
MX records tell the internet where to send emails for your domain.
Add these two MX records:
| Type | Name | Value | Priority | TTL |
|---|---|---|---|---|
| MX | @ | mx1.daimon.email | 10 | 3600 |
| MX | @ | mx2.daimon.email | 20 | 3600 |
Note
The @ symbol represents your root domain (e.g., yourcompany.com). Some DNS providers use a blank field instead of @.
Cloudflare
- Log in to Cloudflare Dashboard
- Select your domain
- Go to DNS → Records
- Click Add record
- Select MX type
- Name:
@ - Mail server:
mx1.daimon.email - Priority:
10 - TTL:
Auto(or3600) - Click Save
- Repeat for
mx2.daimon.emailwith priority20
AWS Route 53
- Open Route 53 Console
- Select your hosted zone
- Click Create record
- Record name: (leave blank for root domain)
- Record type: MX
- Value:
10 mx1.daimon.email - TTL:
3600 - Click Create records
- Repeat with value
20 mx2.daimon.email
Namecheap
- Log in to Namecheap
- Go to Domain List → Manage
- Click Advanced DNS
- Under Mail Settings, select Custom MX
- Add record:
- Priority:
10 - Value:
mx1.daimon.email
- Priority:
- Add second record:
- Priority:
20 - Value:
mx2.daimon.email
- Priority:
- TTL:
Automatic
GoDaddy
- Log in to GoDaddy
- Go to My Products → DNS
- Click Add → MX
- Name:
@ - Value:
mx1.daimon.email - Priority:
10 - TTL:
1 Hour - Click Save
- Repeat for
mx2.daimon.emailwith priority20
Warning
Existing MX records: If you have existing MX records (e.g., for Google Workspace or Microsoft 365), remove them or set their priority higher than 20. Only one email provider can handle mail for a domain.
3. Configure SPF Record
SPF (Sender Policy Framework) authorizes daimon.email to send emails on behalf of your domain.
Add this TXT record:
| Type | Name | Value | TTL |
|---|---|---|---|
| TXT | @ | v=spf1 include:_spf.daimon.email ~all | 3600 |
Note
If you already have an SPF record (starts with v=spf1), you must merge it with daimon.email's SPF. Do not create a second SPF record — domains can only have one SPF record.
Example: Merging SPF records
Existing SPF:
v=spf1 include:_spf.google.com ~allUpdated SPF (with daimon.email):
v=spf1 include:_spf.google.com include:_spf.daimon.email ~allCloudflare
- Go to DNS → Records
- Click Add record
- Type: TXT
- Name:
@ - Content:
v=spf1 include:_spf.daimon.email ~all - TTL:
Auto - Click Save
AWS Route 53
- Click Create record
- Record name: (leave blank)
- Record type: TXT
- Value:
"v=spf1 include:_spf.daimon.email ~all" - TTL:
3600 - Click Create records
Other Providers
Add a TXT record with:
- Name:
@or blank (for root domain) - Value:
v=spf1 include:_spf.daimon.email ~all - TTL:
3600or1 Hour
4. Configure DKIM Record
DKIM (DomainKeys Identified Mail) cryptographically signs outbound emails to prove they came from daimon.email.
Add this TXT record:
| Type | Name | Value | TTL |
|---|---|---|---|
| TXT | daimon._domainkey | v=DKIM1; k=rsa; p=MIGfMA0GC... (from API response) | 3600 |
Warning
The DKIM public key is unique to your domain. Copy the exact value from the API response — do not reuse examples.
Cloudflare
- Go to DNS → Records
- Click Add record
- Type: TXT
- Name:
daimon._domainkey - Content:
v=DKIM1; k=rsa; p=MIGfMA0GC...(paste full value from API) - TTL:
Auto - Click Save
AWS Route 53
- Click Create record
- Record name:
daimon._domainkey - Record type: TXT
- Value:
"v=DKIM1; k=rsa; p=MIGfMA0GC..."(paste full value from API, with quotes) - TTL:
3600 - Click Create records
Other Providers
Add a TXT record with:
- Name:
daimon._domainkey - Value:
v=DKIM1; k=rsa; p=MIGfMA0GC...(paste exact value from API) - TTL:
3600or1 Hour
5. Configure DMARC Record
DMARC (Domain-based Message Authentication) sets policy for emails that fail SPF or DKIM checks.
Add this TXT record:
| Type | Name | Value | TTL |
|---|---|---|---|
| TXT | _dmarc | v=DMARC1; p=quarantine; rua=mailto:dmarc@daimon.email | 3600 |
DMARC Policies:
p=none: Monitor failures but deliver all emails (recommended for testing)p=quarantine: Send failing emails to spam (recommended for production)p=reject: Reject failing emails entirely (most strict)
Cloudflare
- Go to DNS → Records
- Click Add record
- Type: TXT
- Name:
_dmarc - Content:
v=DMARC1; p=quarantine; rua=mailto:dmarc@daimon.email - TTL:
Auto - Click Save
AWS Route 53
- Click Create record
- Record name:
_dmarc - Record type: TXT
- Value:
"v=DMARC1; p=quarantine; rua=mailto:dmarc@daimon.email" - TTL:
3600 - Click Create records
Other Providers
Add a TXT record with:
- Name:
_dmarc - Value:
v=DMARC1; p=quarantine; rua=mailto:dmarc@daimon.email - TTL:
3600or1 Hour
6. Configure Ownership Verification Record
daimon.email requires a unique verification TXT record to prove you own the domain.
Add this TXT record:
| Type | Name | Value | TTL |
|---|---|---|---|
| TXT | @ | daimon-verification=abc123xyz789 (from API response) | 3600 |
Note
This verification code is unique to your domain. Copy the exact value from the API response.
Cloudflare
- Go to DNS → Records
- Click Add record
- Type: TXT
- Name:
@ - Content:
daimon-verification=abc123xyz789(paste exact value from API) - TTL:
Auto - Click Save
AWS Route 53
- Click Create record
- Record name: (leave blank)
- Record type: TXT
- Value:
"daimon-verification=abc123xyz789"(paste exact value from API, with quotes) - TTL:
3600 - Click Create records
Other Providers
Add a TXT record with:
- Name:
@or blank (for root domain) - Value:
daimon-verification=abc123xyz789(paste exact value from API) - TTL:
3600or1 Hour
Verification Process
Automatic Verification
Once you've configured all DNS records, daimon.email automatically checks them every 5 minutes. Verification typically completes within 5-30 minutes after DNS propagation.
Check Verification Status
Poll the domain status to see verification progress:
curl -X GET https://api.daimon.email/v1/domains/dom_abc123 \
-H "Authorization: Bearer dm_live_account123..."const domain = await client.domains.get('dom_abc123');
console.log('Verification status:', domain.verificationStatus);
console.log('MX verified:', domain.mxVerified);
console.log('SPF verified:', domain.spfVerified);
console.log('DKIM verified:', domain.dkimVerified);
console.log('DMARC verified:', domain.dmarcVerified);
console.log('Ownership verified:', domain.ownershipVerified);
if (domain.verificationStatus === 'verified') {
console.log('✅ Domain is ready! You can now create inboxes.');
} else {
console.log('⏳ Waiting for DNS propagation...');
}domain = client.domains.get('dom_abc123')
print(f"Verification status: {domain.verification_status}")
print(f"MX verified: {domain.mx_verified}")
print(f"SPF verified: {domain.spf_verified}")
print(f"DKIM verified: {domain.dkim_verified}")
print(f"DMARC verified: {domain.dmarc_verified}")
print(f"Ownership verified: {domain.ownership_verified}")
if domain.verification_status == 'verified':
print('✅ Domain is ready! You can now create inboxes.')
else:
print('⏳ Waiting for DNS propagation...')Response
{
"result": {
"id": "dom_abc123",
"domain": "yourcompany.com",
"verification_status": "verified",
"mx_verified": true,
"spf_verified": true,
"dkim_verified": true,
"dmarc_verified": true,
"ownership_verified": true,
"verified_at": "2026-03-16T10:45:00Z",
"last_checked_at": "2026-03-16T10:45:00Z"
}
}Manual Verification Trigger
If you want to force an immediate verification check (instead of waiting 5 minutes):
curl -X POST https://api.daimon.email/v1/domains/dom_abc123/verify \
-H "Authorization: Bearer dm_live_account123..."Note
Manual verification is rate-limited to once per minute to prevent abuse. Wait at least 60 seconds between manual verification attempts.
Troubleshooting
DNS Propagation is Slow
DNS changes can take 5 minutes to 48 hours to propagate globally, depending on your DNS provider and TTL settings.
Check DNS propagation:
Use these tools to verify your DNS records are visible:
Example: Check MX records
dig MX yourcompany.com +shortExpected output:
10 mx1.daimon.email.
20 mx2.daimon.email.Verification Failed: MX Records
Error:
{
"mx_verified": false,
"mx_error": "No MX records found pointing to mx1.daimon.email"
}Solutions:
- Check that you added both MX records (
mx1andmx2) - Ensure
@or blank name (for root domain), notwww - Verify priority values:
10and20 - Wait for DNS propagation (5-30 minutes)
- Check with
dig MX yourcompany.com
Verification Failed: SPF Record
Error:
{
"spf_verified": false,
"spf_error": "SPF record does not include daimon.email"
}Solutions:
- Ensure SPF record starts with
v=spf1 - Check that
include:_spf.daimon.emailis present - If you have an existing SPF record, merge it (don't create a second SPF record)
- Ensure SPF record ends with
~allor-all - Check with
dig TXT yourcompany.comand look forv=spf1
Verification Failed: DKIM Record
Error:
{
"dkim_verified": false,
"dkim_error": "DKIM public key not found at daimon._domainkey.yourcompany.com"
}Solutions:
- Ensure record name is exactly
daimon._domainkey(not@or blank) - Copy the exact DKIM value from the API response
- Some providers require quotes around the value:
"v=DKIM1; k=rsa; p=..." - Check with
dig TXT daimon._domainkey.yourcompany.com
Verification Failed: DMARC Record
Error:
{
"dmarc_verified": false,
"dmarc_error": "No DMARC record found at _dmarc.yourcompany.com"
}Solutions:
- Ensure record name is exactly
_dmarc(not@or blank) - Ensure value starts with
v=DMARC1; - Check with
dig TXT _dmarc.yourcompany.com
Verification Failed: Ownership
Error:
{
"ownership_verified": false,
"ownership_error": "Verification code not found in TXT records"
}Solutions:
- Ensure verification TXT record is at
@(root domain) - Copy the exact verification code from the API response
- Wait for DNS propagation
- Check with
dig TXT yourcompany.comand look fordaimon-verification=
Managing Domains
List All Domains
curl -X GET https://api.daimon.email/v1/domains \
-H "Authorization: Bearer dm_live_account123..."Response
{
"result": {
"domains": [
{
"id": "dom_abc123",
"domain": "yourcompany.com",
"verification_status": "verified",
"verified_at": "2026-03-16T10:45:00Z"
},
{
"id": "dom_def456",
"domain": "agents.yourcompany.com",
"verification_status": "pending",
"created_at": "2026-03-16T11:00:00Z"
}
],
"total": 2
}
}Delete a Domain
Warning
Deleting a domain immediately breaks all inboxes using that domain. Incoming emails will bounce and outbound emails will fail.
curl -X DELETE https://api.daimon.email/v1/domains/dom_abc123 \
-H "Authorization: Bearer dm_live_account123..."