Configure your email + sender domain

Send signing emails from your own domain (contracts@yourcompany.com) instead of noreply@sign.pacta.ink. DNS setup, troubleshooting, and what changes for recipients.

Last updated May 12, 2026

This is the highest-leverage upgrade you can make to deliverability. Corporate spam filters routinely strip emails from unknown senders — having Pacta send from contracts@yourcompany.com instead of noreply@sign.pacta.ink is the difference between recipients seeing your email and them never knowing it existed.

What you’ll need

  • Pro or Business plan (Free tier sends from sign.pacta.ink only)
  • A domain you control — and access to its DNS records (typically via Cloudflare, Route 53, Namecheap, GoDaddy, etc.)
  • ~10 minutes for DNS propagation

Step 1 — Add the domain in Pacta

Settings → Email Domains → + Add domain. Pacta asks for:

  • The domain you want to send from (e.g., yourcompany.com)
  • A selector name (default: pacta). The selector becomes part of the DNS record path — most people leave it as pacta.

Pacta generates a public key and shows you a TXT record to add to your DNS. The record looks like:

Host:  pacta._domainkey.yourcompany.com
Type:  TXT
Value: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN...<long key>
TTL:   3600

The exact v=DKIM1; k=rsa; p=... value is unique to your Pacta org — it’s how your DNS proves it authorized us to send mail.

Step 2 — Add the TXT record at your DNS provider

Every provider has a slightly different UI but the steps are the same:

Cloudflare

  1. Dashboard → your domain → DNS → Records → + Add record
  2. Type: TXT
  3. Name: pacta._domainkey (Cloudflare auto-appends your domain)
  4. Content: paste the entire v=DKIM1; ... string
  5. TTL: Auto
  6. Proxy status: DNS only (NOT proxied — DKIM records can’t be behind Cloudflare’s proxy)
  7. Save

Route 53

  1. Hosted Zone → your domain → Create record
  2. Record name: pacta._domainkey
  3. Record type: TXT
  4. Value: paste the v=DKIM1; ... string (Route 53 wants it in quotes if it has spaces — wrap the whole thing in double-quotes)
  5. TTL: 300
  6. Create

Namecheap

  1. Advanced DNS → Add New Record
  2. Type: TXT Record
  3. Host: pacta._domainkey
  4. Value: paste the key
  5. TTL: Automatic
  6. Save

Same pattern for GoDaddy, Hover, NS1, DNSimple, etc. — find the TXT record section, add a record matching the values Pacta gave you.

Step 3 — Verify

Back in Pacta → Email Domains → click Verify. Pacta does a DNS lookup, finds the TXT record, compares the key to what we expect.

  • Match — domain is verified, immediately usable
  • No record found — DNS hasn’t propagated yet. Wait 5-15 minutes and try again
  • Mismatch — the TXT record exists but the key doesn’t match. Usually means the record got truncated when you pasted (DNS UI sometimes mangles long strings). Delete + re-add carefully.

You can re-verify any time. Pacta also auto-checks every ~6 hours so if you fix DNS in another window, the status updates on its own.

Step 4 — Use the domain

Once verified, the domain appears in the From address dropdown when you send a document or configure a template:

Document → Send → From address → contracts@yourcompany.com

You can set the user portion (contracts@ vs legal@ vs signatures@) per send, or default it in org settings.

What changes for recipients

  • From address: Acme Capital <contracts@yourcompany.com> (instead of Pacta <noreply@sign.pacta.ink>)
  • Reply-to: by default, replies route to the user who sent the document; you can override to a shared inbox like legal@yourcompany.com
  • Deliverability: way better — your domain has reputation; Pacta inherits it via DKIM. Recipients in enterprise environments (Outlook 365, Google Workspace with strict spam settings) are much more likely to see the email
  • Trust: recipients recognize your domain. Signature requests from a real company they know are way less likely to look like phishing

DKIM (the TXT record above) is the most important. SPF is a secondary check that some spam filters use. To add it:

  • Look up your current SPF record (usually a single TXT record at the root of your domain starting with v=spf1)
  • If it exists, add include:sign.pacta.ink to the existing record: 
    v=spf1 include:_spf.google.com include:sign.pacta.ink ~all
  • If no SPF record exists, add a new TXT record at the root: 
    v=spf1 include:sign.pacta.ink ~all

SPF is optional but recommended for Business / Enterprise where every percentage point of deliverability matters.

Multiple sender domains

Pacta supports multiple verified domains per org. Common reasons:

  • Different legal entitiescontracts@acme-capital.com for the parent + contracts@ac-lending.com for a subsidiary
  • Different teamscontracts@sales.com for sales + agreements@hr.com for HR
  • Staging vs productionstaging-contracts@example.com for test envelopes

Add each domain separately (separate TXT record per domain), then pick which one to send from per document.

Custom SMTP (Business)

If you’d rather Pacta send through your own SMTP server instead of ours (so deliverability logs live in your stack), Business plans support custom SMTP:

Settings → SMTP → Configure. You provide:

  • SMTP host + port
  • Username + password (encrypted at rest)
  • From-address override
  • TLS settings (most providers want TLS on port 587)

Pacta routes outbound signing emails through your SMTP. You get full deliverability logs in your provider (Postmark, AWS SES, SendGrid, your in-house Postfix). You’re responsible for managing reputation / warming the sending IP.

For most teams, DKIM-verified sending through Pacta’s infrastructure is plenty — Custom SMTP is for compliance-heavy customers who need every email to flow through their own systems.

Common gotchas

  • DNS just won’t verify. Hard refresh the verify button after 15 minutes. Some providers (notably GoDaddy, occasionally Route 53) take a long time to propagate. Try dnschecker.org for the TXT record at pacta._domainkey.yourcompany.com — if it shows up there, the record exists; if Pacta still can’t see it, contact support.
  • “Verified” but recipients say emails still come from noreply@sign.pacta.ink. Pacta uses your domain for new sends after verification. Documents you sent before verifying went out from the old address; they don’t retroactively change. Re-send a test document after verification.
  • DKIM record value got truncated. Long DKIM keys often hit the 255-char limit per TXT record string. Most DNS providers handle this automatically by splitting; some don’t. If your provider shows the value truncated, paste it as a quoted multi-part string: "first 250 chars" "next 250 chars". Pacta still parses it correctly.
  • SPF says “too many lookups.” SPF allows max 10 DNS lookups. If you’re hitting the limit, use SPF flattening — services like spfwizard.net generate a flattened record.

Where to go next

Have a question this doc didn't answer? Email us and we'll fix it.