Get started
New tenant — first 30 minutes
Go from I just created an account to my user-signup email landed in a real Gmail inbox. This page is the only one you need to read on day 1.
- Add your sending domain (5 min)
- Publish DNS records (5 min in your DNS console + ~5 min propagation)
- Set sender identity (1 min)
- Mint a server-side API key (1 min)
- Send your first verification email (5 min)
- Verify it landed (1 min)
1 · Add your sending domain
Open /dashboard/domains → click Add domain. Enter the apex (e.g. acme.com, not mail.acme.com). SendBolt auto-generates a 2048-bit DKIM keypair scoped to that tenant + domain and stores the private half encrypted at rest.
2 · Publish DNS records
The domain detail page shows 4 records you must add to your DNS provider (Cloudflare, Route53, Namecheap, etc.). Each row has a one-click copy button.
| Type | Name | Value (sample) |
|---|---|---|
| TXT | @ | v=spf1 ip4:135.148.35.116 ~all |
| TXT | mp1._domainkey | v=DKIM1; k=rsa; p=MIIBIjAN... |
| TXT | _dmarc | v=DMARC1; p=quarantine; rua=mailto:... |
| MX | @ | 10 mail.yourdomain.com |
Click Verify after you save them. Propagation usually takes 2-5 minutes; the page polls every 30 seconds and turns green when all four records resolve.
Why all four? SPF authorizes the sending IP, DKIM cryptographically signs the message, DMARC tells receivers what to do on misalignment, and MX makes your domain look legitimate to Outlook (which otherwise drops your mail). Skip any of them and Gmail/Outlook will hurt you — see troubleshooting.
3 · Set sender identity
Open /dashboard/settings → Sender identity. Set:
- From email — typically
no-reply@yourdomain.com - From name — your brand
- Reply-to — a real mailbox that reaches your support team (e.g.
support@yourdomain.com)
Every send-test and transactional send from now on uses these as defaults; you can still override per-message.
4 · Mint a server-side API key
Open /dashboard/settings/api-keys → Create key. Scopes for a typical app:
transactional:send— requiredtemplates:read+templates:write— if you store templates server-sidesuppressions:write— if your code needs to manually add to the suppression list (most apps don't)events:read— if you want to poll for opens / clicks
Copy the key (it's shown once) and stash it in your app's secret store. Conventional env var:
SENDBOLT_API_URL=https://api.sendbolt.io
SENDBOLT_API_KEY=mp_live_a1b2c3d4e5...5 · Send your first verification email
Hit the transactional endpoint. The example below sends a 6-digit OTP + click-to-confirm link to a brand-new signup:
curl -X POST "$SENDBOLT_API_URL/api/v1/transactional/send" \
-H "Authorization: Bearer $SENDBOLT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"to": "alice@example.com",
"subject": "Confirm your Acme signup",
"body_text": "Hi Alice, confirm your email: https://acme.com/verify?t=abc123 — or use code 482910",
"body_html": "<p>Hi Alice,</p><p><a href=\"https://acme.com/verify?t=abc123\">Confirm your email</a></p><p>Or use code <strong>482910</strong></p>",
"bounce_risk_check_enabled": true
}'Response shapes
| Status | Meaning | What to do |
|---|---|---|
queued | Sent to MTA | Nothing — success |
skipped_suppressed | Recipient is on the suppression list | Mark the user as email_undeliverable in your DB. Don't retry. |
skipped_frequency_cap | Tenant-level cap hit | Retry tomorrow, or raise the cap in settings |
skipped_high_risk | W133-C bounce-risk classified as block | Don't retry — show the user a UI error and ask them to fix their email |
HTTP 402 | Monthly send-cap exceeded (W132-B) | Upgrade plan or wait until 1st of next month |
6 · Verify it landed
Three places to confirm:
- The recipient's inbox (the obvious one)
- Your dashboard's message log — search by recipient email or message-id
- The events stream — every
sentevent is in the dashboard activity feed
If you don't see it in the recipient's inbox within 60 seconds, check:
- Spam folder — common on the very first send to a brand new domain (no reputation yet)
- Gmail Promotions tab — see troubleshooting
- The message log for an explicit error — bounce, suppression, or DSN code
You're done
Next steps:
- Add a welcome email that fires after the verify-link clicks
- Add a password reset flow
- Configure inbound mail webhook so replies hit your helpdesk
- Read the warm-up guide before you launch a campaign > 200 recipients