Frequently asked questions

ZidiMail is a transactional email API and dashboard: verify sending domains, create API keys, send mail from your backend, track delivery, and optionally receive webhooks. Technical details live in the documentation.

Yes. You add a domain you control, publish the DNS records we show (SPF, DKIM, and related checks), then verify from the Domains page. Until the domain is verified, the API will not accept sends from that domain.

Yes — and this is actually the recommended setup for most businesses.

ZidiMail sends your outbound emails from your own domain, so your customers see support@yourbusiness.com or bookings@yourbusiness.com. When a customer hits reply, that reply goes directly to your existing Gmail, Outlook, or whichever inbox you already use.

You get the professional appearance of a branded domain without giving up the inbox you are already comfortable with — no new passwords, no new app, no migration.

To make replies reach your existing inbox, set up email forwarding on your domain. Most registrars (Namecheap, Cloudflare, GoDaddy, etc.) offer this for free — it takes about two minutes to configure and automatically forwards any incoming mail to your Gmail or Outlook.

This setup is how most small businesses and freelancers operate: professional outbound identity, familiar inbox for everything that comes back.

Your domain is a business asset. Every customer email from hello@yourbusiness.com reinforces your brand, while every customer email from Gmail reinforces Gmail.

You do not have to abandon Gmail as an inbox. ZidiMail is for outbound sending from your domain, and replies can still go to Gmail, Outlook, or another mailbox you already use.

Yes. Customers often judge the sender before they read the message. Compare support@yourbusiness.com with yourbusiness247@gmail.com. The branded address looks more official, is easier to remember, and matches your website.

Start with simple role-based addresses on your domain: hello@, support@, billing@, orders@, or bookings@. These addresses keep communication tied to the business instead of one person's private inbox.

No. ZidiMail is not an inbox provider. ZidiMail helps you send outbound customer emails from your own domain. You can keep Gmail, Outlook, Google Workspace, Zoho, or another mailbox for receiving replies.

New or restricted organizations may be limited to sending only to your account owner email. That lets you test integration safely. To send to real users, complete onboarding and move out of sandbox per the message returned by the API.

The From address must use a domain that shows as verified in your dashboard. Double-check DNS at your DNS host, wait for propagation, then use “Verify” on the domain. SPF and DKIM must pass for verification.

Keys look like zm_live_…. Creating and revoking keys uses your dashboard session (JWT). Sending email requires an API key — store it only on servers, never in a browser bundle or public repo.

The Authorization header must be exactly Bearer followed by your full key. Partial keys, revoked keys, or typos return 401. If you lost the secret, revoke the old key and create a new one.

Limits include per-IP caps on sensitive routes, free-plan burst (e.g. sends per second), daily and monthly quotas per plan, and warm-up rules for new accounts. When exceeded, the API returns 429 with a message. See the rate limits table in /docs.

Addresses that hard-bounced or filed spam complaints are blocked from future sends to protect your reputation. If all recipients in a request are suppressed, you get 422. Remove bad addresses from your lists and fix content/list hygiene.

You register an HTTPS URL and choose events (sent, delivered, bounced, complained, opened, clicked). We POST JSON and sign the body with HMAC-SHA256; verify using the secret shown once at creation. See the Webhooks section in docs.

You should not expose API keys in the frontend. The API CORS policy is tied to your dashboard origin for cookie-based dashboard calls; server-to-server integration should run from your backend.

Yes. The Contacts page can import .csv, .xlsx, .xls, and public Google Sheets. Files and sheet exports are limited to 10 MB, and imports are capped by your plan's per-import and total contact limits. Contact management is dashboard-only: API keys cannot create, import, or delete contacts.

Your file needs a header row. We look for an email column first, use an optional name column if present, skip invalid email rows, deduplicate addresses, and only count truly new contacts against your quota. See importing contacts in the docs for details.

There are two common reasons Google Sheets imports fail:

1. The sheet is not publicly shared. Google blocks any request that does not come from someone with access. Before importing, open your sheet, click Share (top-right), and under General access set it to Anyone with the link → Viewer. Then click Copy link and paste that link into ZidiMail.

2. You pasted the wrong URL. Do not copy the URL from your browser address bar — that link only works if you are already signed into Google. Instead, use the Share → Copy link button inside the sheet. The correct link looks like: https://docs.google.com/spreadsheets/d/…/edit?usp=sharing

Once you have shared and copied the link correctly, ZidiMail will read the sheet, detect your email and name columns automatically, and show you a preview before saving anything.

If you would rather not share the sheet publicly, export it as a .csv file (File → Download → CSV) and upload that instead — no sharing required.

Yes, on all plans. There are two ways to attach a file:

1. Embed it directly. Your server reads the file, converts it to a Base64 string (a standard way to turn any file into text so it fits inside a JSON request), and you put that string in the content field. No file hosting needed. This works great for invoices, receipts, or any file your code generates on the fly.

2. Give us a direct link. If your file is already stored online, put a public HTTPS direct download URL in the path field and ZidiMail will fetch it when sending. Private/internal hosts, localhost, and non-HTTPS URLs are rejected.

⚠ Google Drive and Dropbox links will not work. Those links open a webpage, not the actual file. You need an HTTPS link that downloads the raw file directly — from Amazon S3, Cloudflare R2, or your own server.

Size limits per email (all attachments combined): 5 MB on Free, 25 MB on Pro, 40 MB on Scale. Max 10 attachments per email. Keep your own copy of what you send — ZidiMail does not store attachments after delivery.

Plans (Free, Pro, Scale) set monthly and daily sending limits. Upgrades run through the dashboard billing flow (PayPal subscriptions). Overage and pricing details are summarized in the documentation.

After policy or JWT changes, a fresh login ensures your session cookie carries the latest claims. Hard-refresh the dashboard if the UI looks cached. For API behavior, confirm your deployment is on the latest backend revision.

Use the support channel or email referenced in your onboarding materials. For integration questions, start with /docs and the dashboard in-app pages (Domains, API Keys, Webhooks). For terms and privacy, see Legal.

All legal documents are listed on the Legal page, including Terms of Service, Privacy Policy, Cookie Policy, Acceptable Use, DPA, and Subprocessors.