Sending emails for clients: domains vs. sender identities
MailerSend gives agencies two ways to onboard clients and manage their transactional emails: domains and sender identities. Both approaches have pros and cons around the complexity of configuration, data isolation, deliverability, and more, which makes each one more suitable for specific use cases.
In this guide, we’ll explain how domains and sender identities work so you can choose the right method for each client you onboard.
Domains and sender identities explained
Domains: The client’s own domain
This method involves adding and authenticating your client’s domain directly in MailerSend so that their domain is used for sending. DNS records, API keys, users and activity data are scoped to that domain.
Full SPF, DKIM and DMARC alignment
Send from any address on the client’s domain
Activity, Analytics and Suppressions per domain
Scoped API tokens and user access per client
Best for consistent and high-volume senders
Sender identities: Your domain, the client’s email address
Using sender identities involves verifying a client’s email address and using your authenticated domain to send on their behalf. It’s fast to set up, and no DNS changes are needed on the client’s domain.
No domain authentication needed from the client
Setup is completed by the client clicking to confirm in the verification email
Emails appear to come from the client’s email address
Individual activity cannot be viewed at the domain level, tagging or template IDs must be used
Best for low-volume, occasional senders
Side-by-side comparison
Domains | Sender identities | ||||||||||||
Setup | Client’s DNS records must be configured (SPF, DKIM, etc.) | Client clicks a verification email only | |||||||||||
Onboarding speed | Slower than sender identities, as it can take up to 24 hours for records to propagate, but is straightforward and can be done quickly with automatic domain verification | Faster than domains, the identity is active as soon as the client verifies the email address. | |||||||||||
Authentication | Client’s domain is fully authenticated | No authentication on client’s domain, emails are sent through the agency’s authenticated domain instead, meaning SPF and DKIM alignment aren’t possible. | |||||||||||
DMARC compatibility | Full enforcement is supported | Emails may be blocked if the client’s domain has a policy of p=reject. It’s recommended to set a policy of p=none or p=quarantine | |||||||||||
From addresses | Any address using the domain | Only the verified email address. Each address you want to use must be verified separately | |||||||||||
Data isolation | Full, per-domain activity and analytics can be shared with the client | Shared activity appears under the agency’s sending domain. Access to activity and analytics cannot be given through the MailerSend app; however, you can use tags to create custom reports or create a client dashboard via the API. | |||||||||||
API tokens | Tokens can be restricted to the client’s domain | Tokens belong to the agency’s domain and cannot be restricted to the sender identity. | |||||||||||
User access | Invite clients with domain-level permissions | Access cannot be given to anything except specific templates. For data sharing, you can use tags to create custom reports or create a client dashboard via the API. | |||||||||||
Plan availability | Multiple domains on Starter (10 domains) and Professional (Unlimited) with domain space add-on. | Starter (50 identities) and Professional (Unlimited). | |||||||||||
When you should use sender identities vs. domains
Sender identities
For agencies, sender identities are best when you need a quick setup for low-volume and occasional senders. Since there’s no need for domain configuration, they significantly reduce onboarding friction, making them ideal for situations where you need to get a client up and running fast, or when adding and configuring a domain isn’t justified by the low sending volume.
It’s important to remember that since your domain will be used for sending, the client’s sending activity will impact your domain reputation. If their emails result in a high bounce rate or spam complaint rate, it could impact your own deliverability, as well as any other clients that are sending from your domain.
Therefore, it’s recommended that you audit the client’s sending practices, have some oversight of the emails that will be sent, and monitor performance to identify potential issues quickly.
When to consider using sender identities:
Email volume is low or irregular: When clients send very few emails (less than 2,000-3,000 per month).
You don’t have access to the client’s DNS records: If you don’t have immediate access to configure the client’s domain, and they are unable to do it themselves, you can use sender identities as a temporary solution until you can.
You do not need to add sender identities for domains that you have already added and verified. Once a client’s domain is verified, you can send to any email address belonging to it.
Domains
Because domains allow for full SPF and DKIM alignment, this method is the strongest when it comes to deliverability. What’s more, adding clients’ domains is a more professional and scalable solution, especially for those that send significant volumes of emails or that have security and privacy concerns. By adding a client’s domain, it serves as its own sending environment, allowing you to keep data, settings and API keys separate.
When you should use domains:
The client sends consistently and at high volumes: If a client is regularly sending more than 2,000-3,000 emails per month, you should implement authenticated sending from their own domain to ensure deliverability and optimum monitoring.
The client has already built up their domain reputation: If they have been sending consistently and maintain a good domain reputation, ceasing activity through their domain would create a gap in their sending history, which may result in the need to begin warming up the domain again later on.
The client needs data isolation: By adding the client’s domain, you can keep their data, activity, users and API keys contained within the domain’s scope.
You want to give client access: With custom roles and domain-level separation, you can invite clients to your agency account, only giving them access to their domain without exposing the rest of your account.
You want to implement a strong DMARC policy: If you want to move toward strict DMARC enforcement for your clients, domain authentication is necessary. Having p=reject can result in emails going undelivered if DMARC alignment fails.
How to add a client with sender identities
You can create a new sender identity in the app by going to Email > Sender identities and clicking New identity.
You can also use the identities endpoint to add and manage sender identities via the API.
Head to the Sender identities help guide to learn more about creating sender identities, the limitations, how to use sender identities in emails, and customization options.
How to add a client with domains
To add your client’s domain in the app, go to Email > Domains and click Add domain. You’ll be prompted to add the SPF and DKIM records to the domain’s DNS, which you can do automatically using Entri’s Domain Connect.
You can also use the domains endpoint to add and manage domains via the API.
Check out our guide to adding and authenticating a sending domain to learn more.
Need more info?
Feel free to reach out to support@mailersend.com. A member of our support team will gladly assist you.
-
Getting started
- Navigating the dashboard
- Verify and authenticate a sending domain
- Start sending transactional emails
- The difference between transactional emails and marketing emails
- Purchase an SMS phone number
- Start sending SMS
- How to use personalization in emails
- Sending emails for clients: domains vs. sender identities
-
FAQ
- How transactional emails work
- How to test email sending in MailerSend
- How to create automations
- How to add a custom unsubscribe header
- How to merge multiple SPF records
- How to verify an email list
- How to whitelist IPs
- How to add a domain space to your account
- How to add a survey to your emails
- How to use the MailerSend iOS app
- How to request a dedicated IP
- SMS: How to handle opt-in and opt-out
- How will the Hobby plan update affect my account?
-
Features
- Activity
- Analytics
- API & SMTP request logs
- Blocklist monitoring
- Custom headers
- DMARC monitoring
- Domain tracking options
- Email tagging
- Ensuring secure SMS communication: Verification and usage limits
- File manager
- How to enable Google Email Actions & Highlights
- Inbound routing
- Managing API tokens
- REST API response codes
- Schedule bulk emails
- Sender identities
- Sending domains
- SMTP relay
- Split Testing
- Templates
- Webhooks
- Upcoming changes to TLS Protocol support
- Deliverability
- Account settings
- Billing
- Integrations