Verified Senders

For one-off From: addresses where you don't control the domain's DNS — e.g. sending as [email protected] when you don't own startup.com.

Verified senders use a magic-link flow (like Slack or Google Docs): Finn emails the address, they click a link, the address becomes usable. Finn then sends on-behalf through its relay so SES accepts mail from a domain the tenant hasn't DKIM-verified.

Not allowed if the sender's domain publishes DMARC p=reject — those domains have explicitly said nobody should send on their behalf.

POST /v1/senders

Start the magic-link flow.

{"email": "[email protected]"}

Response — 201 Created

{
  "id": "…",
  "email": "[email protected]",
  "status": "pending",
  "dmarc_policy": "none",
  "created_at": "2026-04-20T16:10:00Z"
}

Status flips to "verified" after the recipient clicks the link.

Errors

• dmarc_reject — sender's domain publishes p=reject. Use domain verification instead (POST /v1/domains).

GET /v1/senders

List verified senders.

{"senders": [ /* Sender objects */ ]}

DELETE /v1/senders/{id}

Revoke a verified sender. Returns 204 No Content. Future POST /v1/send calls using the revoked address will be rejected.