Email domain verification


Messages sent through Greenhouse Recruiting may seem like they're coming from your normal email address, but they're actually sent on behalf of one of our third-party mail servers. Since spammers have been known to use a similar method to imitate legitimate email addresses, sometimes mail providers start to mark these messages as spam or block them altogether. Verifying your domain lets mail providers know your company has given Greenhouse permission to send emails on your behalf, which should drastically improve your overall deliverability rate.

In this article, we will cover:


Verify email domain

In order to send emails successfully through Greenhouse Recruiting, a Site Admin should work with your internal IT team to verify your domain. If you skip this step, there's a high probability that some or all of your messages could be flagged as spam or rejected before ever reaching their recipients. We recommend looping in your IT team as early as possible to avoid losing any email messages.

Note: If your organization has a strict "aspf" or "adkim" DMARC policy, read the following section of this article before continuing with email domain verification: Verify email domain without using gh-mail subdomain

To verify your domain, click the Configure icon Configure.png in the upper-right corner and navigate to the Email Settings on the left panel.


From the Email Settings page, enter your organization's email domain in the provided field. Your email domain is the part of your email address that appears after the @ sign. 

Example: With the email address, the email domain is

When you've finished, click Register.

Note: Do not use your whole email address (, and do not include the @ sign ( 


Once you've registered your company's email domain, Greenhouse Recruiting generates SPF, DKIM, MX, and CNAME records. These records need to be added by whoever manages the DNS for your email domain. Most likely, you can forward these records to someone in your IT department, and they should know what to do.

Click Email Your I.T. Dept to forward the records. For more information on how to add these DNS Records to your domain, click here.


Note: For organizations using web hosting services with the domain implied (such as GoDaddy or SquareSpace), the records populated after clicking Email your IT Department must be edited further to successfully verify your domain. Click here to learn more. 

Once the records have been added by your IT team, check the Email Settings page to ensure the domain is verified. Click Show verification details, and then click Check DNS Records Now to receive an up-to-date status of your domain’s verification progress.


Note: It may take up to 48 hours for DNS changes to propagate online. If your new domain doesn't show as Verified right away, try checking again in a couple of hours.


Gh-mail subdomain

When registering a new domain, the subdomain gh-mail is appended automatically. Greenhouse adds this prefix because you may not be able to register your root domain with Greenhouse Recruiting for a few reasons: 

  • Your IT team may have strict policies on adding new DNS records to your root domain
  • Your root domain may already have been registered with our email provider (Mailgun)
  • Your root domain’s SPF record may already generate the maximum of 10 DNS Lookups

With the gh-mail subdomain, your users can continue sending and receiving email from their normal email addresses in Greenhouse Recruiting. If you have any questions about the gh-mail subdomain, please click here to connect with the Greenhouse Support team.

**If you have other requirements that aren't covered here, you may be able to use one of our options that sends email using your own email infrastructure. These are paid options that require someone from your IT team to work with one of Greenhouse's solutions engineers on a custom SMTP setup. Please reach out to your Account Manager or Support contact for more information.


Verify email domain without gh-mail subdomain

Some companies employ a strict security policy on their domain that prohibits use of the gh-mail subdomain. If a company with a strict domain security policy registers its domain in Greenhouse Recruiting with the gh-mail subdomain (registered by default when a user adds their email domain to the Email Settings page), emails sent by the company's users won't be delivered successfully. Accordingly, a company with a strict DMARC policy should register its domain without the gh-mail subdomain instead. 

To do this, navigate to Configure Configure.png Email Settings in Greenhouse Recruiting. If your domain is registered already with the gh-mail subdomain, remove the entry entirely. 

Next, enter your domain with an exclamation point preceding the domain name. This tells Greenhouse's tool not to add the gh-mail subdomain. Click Register when finished to generate the SPF and DKIM records, then follow the steps provided earlier in this article to finish verifying your email domain.



MX record

When a new gh-mail subdomain is created, one of the records that is added is the MX record. While MX records generally are used to have emails delivered to your team’s address, most email clients check for the presence of MX records when receiving an email as a part of spam filtering. Since the gh-mail subdomain won't yet have any MX records, we provide the records so they can be added to the subdomain and improve the deliverability of the emails originating from Greenhouse Recruiting.

Please note the gh-mail subdomain is only used in the envelope of the email being sent. The From address is still be set to your team’s root domain, and therefore any replies are sent using the MX records added to your team’s root domain.


CNAME record

Adding the optional CNAME record helps the Greenhouse Support team better monitor and troubleshoot email deliverability issues for messages sent from Greenhouse Recruiting. When a CNAME record is added, Greenhouse Support has the ability to track if a given message was opened or not by the recipient. 

Note: Only the Greenhouse Support team has access to check if an email was opened or not. This tracking is not accessible to Greenhouse Recruiting users.


DKIM record

By default, Greenhouse Recruiting generates a 2048-bit DKIM key that is approximately 392 characters long. However, some hosting services, including AWS Route 53, only allow DKIM keys with a maximum length of 255 characters.  

If your organization's email is hosted by AWS and you encounter an error when attempting to add the DKIM key to your DNS, please see the following AWS support article: How do I resolve the "CharacterStringTooLong (Value is too long) encountered with {Value}" error that I received when I tried to create a TXT record using DKIM syntax?