Domain setup
To send email as your domain (e.g. ops@acme.com), you need to verify ownership by adding DNS records. This ensures recipients' mail servers trust messages coming from MCPMail on your behalf.
Step 1: Start verification
Call the domain.verify tool with your domain:
domain.verify({ domain: "acme.com" })This returns the DNS records you need to add:
{
domain: "acme.com",
status: "pending",
dns_records: [
{
type: "TXT",
name: "@",
value: "v=spf1 include:mcpmail.app ~all",
purpose: "SPF — authorizes MCPMail to send for your domain"
},
{
type: "CNAME",
name: "mcpm1._domainkey",
value: "dkim1.mcpmail.app",
purpose: "DKIM key 1 — cryptographic signing"
},
{
type: "CNAME",
name: "mcpm2._domainkey",
value: "dkim2.mcpmail.app",
purpose: "DKIM key 2"
},
{
type: "CNAME",
name: "mcpm3._domainkey",
value: "dkim3.mcpmail.app",
purpose: "DKIM key 3"
}
]
}Step 2: Add DNS records
Go to your DNS provider (Cloudflare, Route 53, GoDaddy, Namecheap, etc.) and add each record.
SPF record
If you already have an SPF record (most companies do), add include:mcpmail.app to it:
# Before
v=spf1 include:_spf.google.com ~all
# After
v=spf1 include:_spf.google.com include:mcpmail.app ~allIf you don't have an SPF record yet, create a TXT record at @ (root domain):
v=spf1 include:mcpmail.app ~allDKIM records
Add three CNAME records exactly as provided. These enable MCPMail to cryptographically sign messages so recipients can verify they weren't tampered with.
mcpm1._domainkey.acme.com CNAME dkim1.mcpmail.app
mcpm2._domainkey.acme.com CNAME dkim2.mcpmail.app
mcpm3._domainkey.acme.com CNAME dkim3.mcpmail.appDMARC (recommended)
If you don't already have a DMARC record, we recommend adding one:
_dmarc.acme.com TXT "v=DMARC1; p=none; rua=mailto:dmarc@acme.com"Start with p=none (monitoring only) and move to p=quarantine or p=reject once you've confirmed everything works.
Step 3: Check verification status
DNS propagation typically takes 5-30 minutes. Check status with:
domain.status({ domain: "acme.com" })
// Returns
{
domain: "acme.com",
status: "verified",
spf: "pass",
dkim: "pass",
dmarc: "pass",
verified_at: "2026-04-17T15:30:00Z"
}Once all checks pass, your agent can send as any address at that domain.
Sending from subdomains
You can verify subdomains separately. This is useful for isolating agent traffic from your main domain's reputation:
domain.verify({ domain: "ops.acme.com" })Your agent would then send as agent@ops.acme.com. This keeps your primary domain's reputation isolated from agent activity.
Multiple domains
You can verify multiple domains on a single account. Each mailbox is tied to a specific domain via its address. The Dev tier supports 1 domain, Pro supports 10, and Scale is unlimited.
Troubleshooting
SPF still showing "fail"
Check that you added include:mcpmail.app to your existing SPF record rather than creating a second TXT record. DNS only allows one SPF record per domain.
DKIM not verifying
Ensure the CNAME records are not proxied (Cloudflare orange cloud). DKIM requires direct DNS resolution. Also confirm there are no typos in the record names — mcpm1._domainkey, not mcpmail._domainkey.
Already have DKIM from another provider
That's fine. DKIM supports multiple signing keys. MCPMail's keys use the mcpm1, mcpm2, mcpm3 selectors, which won't conflict with other providers' keys (Google uses google, Microsoft uses selector1/selector2).