> ## Documentation Index
> Fetch the complete documentation index at: https://torpedo.co.mz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Verify a domain

> Set up DNS records and verify your sending domain

Before sending emails, you must verify ownership of your sending domain. Torpedo uses AWS SES under the hood and requires DKIM, SPF, and DMARC records.

## Step 1 — Add the domain

```bash theme={null}
curl -X POST https://api.torpedo.co.mz/api/v1/domains \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "domain": "myapp.com" }'
```

The response contains all the DNS records you need to add.

## Step 2 — Add DNS records

Log in to your DNS provider and add the following records:

### DKIM records (3 CNAME records)

These prove to receiving mail servers that emails claiming to be from your domain were actually sent by you.

| Type  | Name                            | Value                |
| ----- | ------------------------------- | -------------------- |
| CNAME | `torpedo1._domainkey.myapp.com` | provided in response |
| CNAME | `torpedo2._domainkey.myapp.com` | provided in response |
| CNAME | `torpedo3._domainkey.myapp.com` | provided in response |

### SPF record (TXT)

Authorises AWS SES to send on behalf of your domain.

| Type | Name        | Value                               |
| ---- | ----------- | ----------------------------------- |
| TXT  | `myapp.com` | `v=spf1 include:amazonses.com ~all` |

<Note>
  If you already have an SPF record, add `include:amazonses.com` to the existing record instead of
  creating a second one. Multiple SPF records on the same name will cause verification to fail.
</Note>

### DMARC record (TXT)

Tells receiving servers what to do with emails that fail authentication.

| Type | Name               | Value                                          |
| ---- | ------------------ | ---------------------------------------------- |
| TXT  | `_dmarc.myapp.com` | `v=DMARC1; p=none; rua=mailto:dmarc@myapp.com` |

## Step 3 — Wait for propagation

DNS changes can take anywhere from a few minutes to 48 hours to propagate. Most providers (Cloudflare, Namecheap) propagate within 5–10 minutes.

## Step 4 — Trigger verification

Once DNS has propagated, call the verify endpoint:

```bash theme={null}
curl -X POST https://api.torpedo.co.mz/api/v1/domains/DOMAIN_ID/verification-checks \
  -H "X-API-Key: YOUR_API_KEY"
```

If DNS is set up correctly, the response will show `"status": "verified"`.

<Note>
  Torpedo also runs automatic verification checks every 5 minutes for all pending domains, so you
  don't have to call this endpoint manually — but it speeds things up if you're ready.
</Note>

## Troubleshooting

**Status stays `pending` after 30 minutes:**

* Check that all 3 CNAME records are present (not just one or two)
* Make sure there are no extra characters or spaces in the values
* Use a tool like [MXToolbox](https://mxtoolbox.com/SuperTool.aspx) to verify your DNS records are visible

**SPF failure:**

* Ensure you only have one SPF TXT record on the root domain
* The value must include `include:amazonses.com`
