Sending Domains
Add and verify sending domains with DKIM, SPF, and DMARC records.
Every email sent through Molted Email must come from a verified domain. This protects your sender reputation and ensures email providers trust your messages.
Why verification is required
Unverified domains are blocked by the policy engine with no_verified_domain. This prevents unauthorized sending and protects the platform's shared IP reputation.
Adding a domain
molted domains add yourdomain.comThe response includes the DNS records you need to configure:
{
"id": "dom_abc123",
"domain": "yourdomain.com",
"status": "pending",
"dnsRecords": [
{ "type": "TXT", "name": "yourdomain.com", "value": "v=spf1 include:..." },
{ "type": "TXT", "name": "molted._domainkey.yourdomain.com", "value": "v=DKIM1;..." },
{ "type": "TXT", "name": "_dmarc.yourdomain.com", "value": "v=DMARC1;..." },
{ "type": "MX", "name": "yourdomain.com", "value": "10 mx.molted.email" }
]
}You can also add domains through Dashboard > Domains in the portal.
DNS records
DKIM
A TXT record that adds a cryptographic signature to your outgoing emails. Recipients use this to verify the email was sent by an authorized server and wasn't tampered with in transit.
SPF
A TXT record on your domain that authorizes Molted Email's sending servers. This tells recipient mail servers that our IPs are allowed to send email for your domain.
DMARC
A TXT record that specifies what recipient servers should do with emails that fail DKIM or SPF checks. We recommend starting with a p=none policy and moving to p=quarantine or p=reject once you've confirmed everything works.
MX
An MX record that routes inbound email to Molted Email for receiving on this domain.
One-click DNS setup
If your DNS provider supports the Domain Connect protocol, you can skip manual record configuration entirely. Run dns-check to find out:
molted domains dns-check <domainId>curl "https://api.molted.email/v1/agent/domains/DOMAIN_UUID/domain-connect" \
-H "Authorization: Bearer YOUR_API_KEY"If one-click setup is available, the response includes a redirect URL. Open this URL to configure all DNS records automatically at your provider -- no manual copy-pasting required.
{
"supported": true,
"redirectUrl": "https://your-dns-provider.com/v2/domainTemplates/providers/molted.email/services/moltedmail/apply?..."
}After completing the redirect flow, run molted domains verify <domainId> to confirm the records are in place.
If one-click setup is not available, you need to add the DNS records manually at your registrar. Use molted domains get <domainId> to see the required records and their current verification status.
{
"supported": false,
"reason": "DNS provider does not support Domain Connect"
}This step is optional. If you prefer to add DNS records manually, skip dns-check and go straight to adding records at your registrar.
Supported providers include Cloudflare, Vercel, and any other DNS host that implements Domain Connect.
Verification
After adding the DNS records at your registrar, verify them:
molted domains verify <domainId>DNS propagation typically takes a few minutes but can take up to 48 hours. Re-run verify if it initially fails.
Once verified, the domain status changes to Active and you can start sending.
Managing domains
# List all domains
molted domains list
# Get domain details including per-record DNS status
molted domains get <domainId>Removing a domain
molted domains remove <domainId>Destructive action. Removing a domain deletes its DNS verification and sending configuration. Any mailbox with an address on this domain will fail sends with no_verified_domain until the domain is re-added and verified. There is no confirmation prompt -- the domain is removed immediately.
Domain rate limits
Each domain has per-minute, per-hour, and per-day send limits. View current limits and usage:
molted domains rate-limits <domainId>curl "https://api.molted.email/v1/agent/domains/DOMAIN_UUID/rate-limits" \
-H "Authorization: Bearer YOUR_API_KEY"Set custom rate limits
molted domains rate-limits set <domainId> --max-per-hour 100 --max-per-day 1000| Flag | Type | Description |
|---|---|---|
--max-per-minute <n> | number | Max sends per minute. |
--no-max-per-minute | boolean | Remove custom per-minute limit (revert to default). |
--max-per-hour <n> | number | Max sends per hour. |
--no-max-per-hour | boolean | Remove custom per-hour limit (revert to default). |
--max-per-day <n> | number | Max sends per day. |
--no-max-per-day | boolean | Remove custom per-day limit (revert to default). |
Use --no-max-per-* flags to clear a custom limit and revert to the platform default.
Domain warmup
New domains start with reduced daily send limits to build sender reputation gradually. The warmup schedule:
| Days since first send | Daily limit |
|---|---|
| 0 - 7 | 100 emails |
| 7 - 14 | 500 emails |
| 14 - 28 | 2,000 emails |
| 28+ | 10,000 emails |
These limits are enforced per domain by the policy engine. Sends blocked by the warmup limit return reason warmup_limit_exceeded.
Check warmup status
molted domains warmup <domainId>curl "https://api.molted.email/v1/agent/domains/DOMAIN_UUID/warmup" \
-H "Authorization: Bearer YOUR_API_KEY"{
"allowed": true,
"dailyLimit": 500,
"usedToday": 42,
"warmupDay": 9
}Skip warmup
If you have an established sending history and are migrating a domain to Molted, you can skip the warmup ramp.
molted domains warmup skip <domainId>curl -X POST "https://api.molted.email/v1/agent/domains/DOMAIN_UUID/warmup/skip" \
-H "Authorization: Bearer YOUR_API_KEY"Skipping warmup removes the daily volume restriction entirely. Only do this if your domain already has a strong sending reputation -- skipping warmup on a cold domain can hurt deliverability.
Related
- One-Click Domain Setup with Domain Connect -- skip manual DNS configuration with supported providers
- DMARC Reports -- upload and analyze DMARC aggregate reports
- Sender Addresses & Domain Rate Limits -- configure sender address and per-domain throttling
- Rate Limits -- tenant-level rate limits and usage