Overview #
There are two main ways to mask your sender email when using our platform: MAIL FROM masking and spoof-style masking. Both allow emails to appear as though they come from your domain, but each behaves differently and requires different DNS setup.
We recommend MAIL FROM masking where possible – it provides stronger deliverability and better domain alignment. However, it can only be used if your domain isn’t already using mail. for receiving emails.
MAIL FROM Masking (Recommended) #
MAIL FROM masking allows us to send email on your behalf using a dedicated subdomain – in our case, this is always mail.yourdomain.com. It ensures that email authentication checks like SPF and DMARC align properly.
What it requires: #
- You must be able to set DNS records under
mail.yourdomain.com - You cannot already be using
mail.as an MX (mail exchange) entry to receive mail - SPF and MX records must be configured for
mail.yourdomain.com - DKIM record must be added on the root domain
Benefits: #
| 🛡 Better deliverability | SPF and MAIL FROM domain are aligned, reducing chances of mail being flagged |
| 🔐 Passes DMARC alignment | Receiving servers can verify the sending domain properly |
| 🧹 Cleaner headers | Inbox providers show your domain more prominently and may hide “via Cloud Email Sending Service – Amazon Simple Email Service – AWS ” info |
Limitations: #
🚫 Cannot be used if mail. already receives mail | If your MX record is set on mail.yourdomain.com, you won’t be able to use this method |
| 🛠 Requires more DNS setup | SPF and MX must be added under the mail. subdomain |
| 🔒 Less flexible | Our system currently does not support custom subdomains like emails. or send. – only mail. is allowed |
If your existing mail setup relies on receiving mail at mail.yourdomain.com, you will need to use spoof-style masking instead.
Spoof-Style Masking (Non-MAIL FROM) #
This fallback option sets your From address to a domain you control (e.g. [email protected]) but doesn’t configure a MAIL FROM domain. The email is still technically sent from Amazon SES on your behalf, but alignment checks like DMARC may not fully pass.
What it requires: #
- DKIM record on the root domain
- SPF record is recommended but optional
- No MX or MAIL FROM setup required
Benefits: #
| ⚡ Fast to set up | Only one or two records are needed |
| ✅ No MX conflict | Works even if mail. is already used to receive email |
| 🧩 Minimal DNS changes | Useful if you have limited access or control over DNS zones |
Drawbacks: #
| ⚠️ Slightly lower deliverability | Missing MAIL FROM alignment may reduce trust scores in some inboxes |
| 🕵️ Reveals SES in headers | Users can view technical details that expose Amazon as the sender |
| ❌ Fails DMARC alignment | SPF and From address don’t fully align, though DKIM can still pass |
What Is SPF and Why Does It Matter? #
SPF (Sender Policy Framework) is a DNS record that tells inboxes which servers are allowed to send email on behalf of your domain.
- For MAIL FROM masking, SPF must be set on
mail.yourdomain.com - For spoof-style masking, SPF should be set on your root domain (
yourdomain.com) and include Amazon’s servers
Adding SPF improves your trust rating and helps prevent spoofing – even if MAIL FROM is not used.
Summary #
| Method | Pros | Cons |
|---|---|---|
| ✅ MAIL FROM masking | Best deliverability and full alignment | Can’t be used if mail. subdomain is already in use for receiving mail |
| ⚠️ Spoof-style masking | Easier setup, no MX conflict | Slightly lower trust, reveals SES, fails DMARC alignment |
If you’re not using mail. for anything else, we strongly recommend setting up MAIL FROM masking. But if your organisation already uses mail. for receiving email (e.g. MX records), spoof-style masking is your only option – and it still works well for most cases.
