The Complete Groove Email Setup — From Zero to Verified Sender (Amazon SES + GrooveMail Setup Guide)

You want a sales funnel where subscribers are opting in, receiving your emails automatically, and clicking and choosing to buy while you're asleep or at the beach. This is the complete, step-by-step walkthrough for wiring GrooveMail to Amazon SES so your autoresponder actually fires — with proper authentication, DNS configuration, and a verified sender identity your list will trust.

The Problem Nobody Warns You About

Back in the early days of email marketing — AWeber, GetResponse, the early 2010s — you added a couple of CNAMEs, clicked a button, and emails flew. Simple. Done. Move on.

That era is over.

Gmail and Yahoo now permanently reject email from unauthenticated senders. As of late 2025, non-compliant messages don't even reach spam folders — they are refused at the server level before they ever touch an inbox. SPF, DKIM, and DMARC are no longer optional best practices. They are hard requirements.

For Groove users, this creates a specific problem. GrooveMail is your email marketing dashboard — your list manager, your campaign builder, your automation engine. But it doesn't send email on its own. It requires an external SMTP driver to do the actual delivery. And if that SMTP driver isn't properly authenticated, your campaigns silently fail.

This guide walks you through the exact process we used to get it all working: GrooveMail connected to Amazon SES, domain verified, sender authenticated, email forwarding live, and the autoresponder ready to fire. Every step, every decision, every field.

Which SMTP Driver Should You Use With Groove?

Groove supports several SMTP drivers: MailGun, SendGrid, SparkPost, Amazon SES, and TurboSMTP among others. Here's the honest breakdown:

What You'll Need Before You Start

• A Groove account — with your funnel already built (pages + opt-in form)
• An AWS account — free to create at aws.amazon.com
• Access to your DNS settings — wherever your domain DNS lives (Groove backoffice, Cloudflare, etc.)
• Your sending domain — a domain you own (e.g. yoursite.com), not a Gmail address
• An authenticator app — Google Authenticator or Authy for AWS MFA setup
• ImprovMX account — free, for email forwarding from your domain to Gmail

Step 1 — Create Your AWS Account and Secure It

Go to aws.amazon.com and create an account using your business email. This is your root user email — it's just your admin login and nobody ever sees it. Use your business address (e.g. [email protected]) to keep things organized.

Once you're in, AWS will prompt you to set up MFA (Multi-Factor Authentication). Do this immediately — it protects your account and AWS now requires it for root users. Choose Authenticator App, scan the QR code with Google Authenticator or Authy, and you're set.

Step 2 — Set Up Amazon SES and Verify Your Domain

In the AWS console search bar, type SES and click Simple Email Service. This is your email sending infrastructure dashboard.

Create a Domain Identity

1. Go to Verified Identities in the left sidebar and click Create Identity
2. Choose Domain — not Email address. Domain-level verification covers all email addresses under your domain automatically
3. Enter your domain (e.g. starlovexp.com or determinationdevelopment.com)
4. Choose Easy DKIM — not Deterministic Easy DKIM (that's for multi-region enterprise setups) and not BYODKIM (bring your own key — unnecessary complexity)
5. Set signing key length to RSA_2048_BIT — the current industry standard required by Gmail and Yahoo
6. Leave Route 53 toggle alone — only relevant if your DNS is on Amazon Route 53, which it likely isn't
7. Click Create Identity

AWS will now generate three CNAME records for DKIM verification and display them on the identity detail page. Leave this tab open — you'll copy these into your DNS next.

Step 3 — Add the DNS Records to Your Domain

This is where most people get stuck. You need to add several records to your domain's DNS. Here's exactly what to add and why each one exists:

The 3 DKIM CNAME Records (from AWS)

AWS generates these for you. They look like this:

SPF TXT Record

Add this TXT record to authorize Amazon SES to send on behalf of your domain:

Type: TXT Name: yourdomain.com (or @ depending on your DNS interface) Value: v=spf1 include:amazonses.com ~all

DMARC TXT Record

DMARC tells receiving servers what to do when authentication fails, and where to send reports:

Type: TXT Name: _dmarc.yourdomain.com Value: v=DMARC1; p=none; rua=mailto:[email protected]

Use p=none to start — this is monitoring mode and won't block any mail while you're getting established. Replace the rua email with a real address you check regularly to receive authentication reports.

Custom MAIL FROM Domain Records

AWS also needs a custom MAIL FROM domain to mark your email as originating from your domain rather than a subdomain of amazon.com. Go back to SES → your domain identity → click Publish DNS records under Custom MAIL FROM. Add these:

Step 4 — Wait for Verification (and Troubleshoot If Needed)

Once your DNS records are saved, go back to AWS SES → Verified Identities and look for your domain status. It will say Pending while AWS checks your DNS, then flip to Verified once everything is found. This usually takes 15–60 minutes, though it can technically take up to 48 hours.

If it stays on error after several hours, here's how to troubleshoot:

• Check dnschecker.org — paste one of your CNAME names and look for global green checkmarks. If nothing shows up, the records didn't save properly in your DNS
• Check for duplicate domains in the name — if your DNS interface auto-appends your domain, you may have ended up with abc123._domainkey.yourdomain.com.yourdomain.com. Delete the duplicate and re-enter
• Check for duplicate DMARC records — having two _dmarc TXT records on the same domain causes conflicts. Keep only one
• Delete and recreate the identity in AWS — sometimes the verification polling gets stuck. Deleting the identity (your DNS records stay intact) and recreating it forces a fresh verification cycle
  
• 
  

Step 5 — Request Production Access (Get Out of Sandbox)

By default, every new AWS SES account is in Sandbox mode. In sandbox, you can only send emails to addresses you've manually verified in AWS. Real subscribers can't receive anything until you get production access approved.

Go to SES → Account dashboard → click Request production access. Fill out the form like this:

• Mail type: Marketing (if you're sending campaigns and sequences to opt-in subscribers)
• Website URL: your domain (e.g. https://starlovexp.com)
• Use case: Describe your opt-in process — "I send email sequences to subscribers who voluntarily opt in through my website funnels. All contacts are permission-based. Every email contains a one-click unsubscribe link."
• Acknowledge the compliance checkbox

AWS typically approves within a few hours to 24 hours. Submit this early in the process so approval arrives before you need it.

Step 6 — Generate Your SMTP Credentials

This is what GrooveMail uses to actually connect to Amazon SES and send mail. Go to SES → SMTP settings in the left sidebar.

1. Note your SMTP endpoint on this page — it looks like email-smtp.us-east-2.amazonaws.com (your region may differ)
2. Click Create SMTP credentials
3. Name the IAM user something like groovemail-ses
4. Click Create
5. Download the CSV immediately — the SMTP password is shown only once and cannot be recovered. If you close this page without downloading, you'll need to create new credentials from scratch

Your CSV will contain an SMTP username (a long string starting with AKIA...) and an SMTP password. These are different from your AWS login credentials — they're specifically generated for SMTP authentication.

Step 7 — Set Up Event Tracking (Opens, Clicks, Bounces)

This step connects AWS to Groove's webhook so Groove can track when subscribers open emails, click links, bounce, or mark as spam. It's important for list health and campaign analytics.

Create a Configuration Set in AWS

1. In SES left sidebar, go to Configuration sets → Create configuration set
2. Name it groovemail-tracking
3. Enable Reputation metrics
4. Click Create set
5. Inside the new configuration set, click Add event destination
6. Select these event types: Deliveries, Hard bounces, Complaints, Subscriptions, Opens, Clicks
7. Destination type: Amazon SNS
8. Name the destination: groovemail-webhook
9. Create a new SNS topic named groovemail-ses-topic
10. Select that topic and click Add destination

Connect SNS to Groove's Webhook URL

1. In AWS, search for SNS → Simple Notification Service
2. Click Topics → click groovemail-ses-topic
3. Click Create subscription
4. Protocol: HTTPS
5. Endpoint: paste the Webhook URL from your GrooveMail sender setup page
6. Leave "Enable raw message delivery" unchecked
7. Click Create subscription

Step 8 — Set Up Email Forwarding With ImprovMX

You'll want to send email from a branded address like [email protected] rather than a Gmail address. But for that to work — for Groove's verification email and for subscriber replies to reach you — you need that address to actually forward somewhere you check.

ImprovMX is a free email forwarding service that handles this perfectly. Go to improvmx.com and create an account.

1. Add your domain (e.g. starlovexp.com)
2. ImprovMX will show you 2 MX records and an SPF record to add to your DNS
3. Add both MX records to your DNS (set proxy to off / DNS only)
4. Update your existing SPF record to merge ImprovMX in: v=spf1 include:amazonses.com include:spf.improvmx.com ~all
5. Back in ImprovMX, click the Aliases tab and create an alias: chiefwizard → forwarding to [email protected]

Once the MX records propagate (usually a few minutes), any email sent to [email protected] will arrive in your Gmail. ImprovMX even has a test button to confirm it's working before you proceed.

Step 9 — Create Your Verified Sender in GrooveMail

Now everything comes together. In Groove, navigate to GrooveMail → Senders → New Sender. Fill out the form:

Hit Save. Groove will send a verification email to your sender address. Since you set up ImprovMX forwarding in the previous step, it will arrive in your Gmail. Click the confirmation link and your sender status will flip to Verified: Yes.

The Email Authentication Trinity Explained

You just configured three authentication protocols that every serious email sender needs post 2025. Here's what each one actually does:

SMTP Driver Comparison at a Glance

*Amazon SES free tier applies when sending from EC2 or other AWS services. Otherwise $0.10/1,000 emails — still extremely affordable.

What Comes Next: Building Your Autoresponder

With your sender verified and Amazon SES connected, you now have the infrastructure to actually market to your list. The next phase is building the automation that fires when someone opts into your funnel:

1. Create a List in GrooveMail — this is where your funnel opt-ins land. Give it a clear name like "Star Love XP Main List"
2. Connect your funnel form to the list — in GroovePages, your opt-in form needs to be mapped to this specific list so submissions flow in automatically
3. Build an Email Sequence — write your welcome email, your follow-up sequence, your value emails. In GrooveMail → Sequences, build this out with timing delays between each email
4. Create an Automation — in GrooveMail → Automations, set the trigger: "When contact subscribes to [your list] → Start sequence [your sequence]." This is the engine that fires automatically every time someone opts in
5. Test end-to-end — submit your own funnel form with a real email address and confirm the welcome email arrives in your inbox

Complete Setup Checklist

• AWS account created with root user email and MFA enabled
• Domain identity created in Amazon SES with Easy DKIM / RSA_2048_BIT
• 3 DKIM CNAME records added to DNS (all contain ._domainkey. in name, proxy off)
• SPF TXT record added — single merged record covering all sending services
• DMARC TXT record added — one record only, with real rua email address
• Custom MAIL FROM MX and TXT records added to DNS
• Domain shows Verified in AWS SES → Verified Identities
• Production access requested (and approved)
• SMTP credentials generated and CSV downloaded
• Configuration set created (groovemail-tracking) with SNS event destination
• SNS subscription created with Groove webhook URL as HTTPS endpoint
• ImprovMX set up with domain MX records and alias forwarding to Gmail
• GrooveMail sender created with all SMTP fields filled in
• Sender email verified (Verified: Yes shows in Groove)
• List created and funnel form mapped to it
• Email sequence built and automation trigger active
• End-to-end test completed — opt-in form → welcome email received
• 
  

---

---