Concepts

Sending domains

Your sending domain is the domain in your From: header. Receivers check whether that domain authorized the email — get this wrong and your mail goes to spam.

What is a sending domain

A sending domain is the domain that appears in your From: header — for example,mail.example.co.ke. When a message arrives, the receiving mail server (Gmail, Outlook, etc.) checks whether mail.example.co.ke actually authorized that email to be sent. If the answer is no, the message goes to spam or gets rejected outright.

USE A SUBDOMAIN

Send from mail.example.co.ke, not from example.co.ke. A bounce rate issue or spam complaint on your email subdomain does not bleed into your root domain's reputation with search engines and other receivers.

How receivers verify mail

Three mechanisms work together:

Mechanism	What it checks
DKIM	A cryptographic signature embedded in the message headers. The receiving server fetches your public key from DNS and verifies the signature. Proves the message was not tampered with in transit and came from an authorized sender.
SPF	A DNS record listing which IP addresses are allowed to send on behalf of your domain. If the sending IP is not on the list, SPF fails.
DMARC	A policy record that tells receivers what to do when DKIM or SPF fail — monitor only (`none`), quarantine (spam folder), or reject. Also specifies where to send aggregate reports.

All three records must pass for a message to land reliably in the inbox. Google and Yahoo require DMARC for any sender pushing more than 5,000 messages per day.

The BYO architecture twist

In a platform-owned model (Customer.io, Braze, Mailchimp), the provider owns the sending infrastructure. One DKIM keypair — theirs — signs everything. You publish their DKIM public key in your DNS and you are done.

Nudgel is a bring-your-own (BYO)platform. You supply your own Mailgun, Postmark, SendGrid, or SES credentials. Each of those providers maintains its own DKIM keypair. When a message goes out through Mailgun, Mailgun signs it with Mailgun's key — not Nudgel's, because Nudgel is not the one sending.

The consequence: if you route email through three providers, you need to publish three separate DKIM records in DNS — one per provider. Nudgel does not have a single key that covers all of them.

PUBLISH EACH PROVIDER'S DKIM RECORD

Do not just publish one DKIM record and assume you are covered. Each active provider needs its own record. Nudgel's domain setup UI shows you exactly which records to publish for each configured provider.

How Nudgel helps

Orchestrates per-provider domain registration— calls each provider's domain API using your BYO credentials. You do not need to log in to three separate dashboards.
Aggregates verification status — one dashboard showing the DNS record status for every provider on your domain.
Generates your DMARC record — DMARC is provider-agnostic (same record regardless of which providers you use). See DMARC for the full breakdown.
Polls for DNS propagation — every 30 seconds for the first 10 minutes after you publish records, then hourly until verified.

What we don't do

Sign mail ourselves — your provider signs it with their DKIM key. Nudgel is the orchestration layer.
Host DKIM keys — providers generate and hold their own private keys. We only surface the public key records you need to publish.
Auto-publish DNS records — DNS changes require access to your registrar or DNS host. We give you the records; you publish them.
Replace your DMARC tooling— if you are already using dmarcian, EasyDMARC, or Postmaster Tools, keep using them. Nudgel's managed DMARC is an option, not a requirement.