Domain verification is a required step to confirm ownership of a domain. Verification used to be optional for many Transactional Email users, so please check that any domains actively used for sending have three green check marks on the sending domains page:
After you verify a domain in your account, any other Transactional Email user that wants to send email from that domain will also need to go through the verification process. If they don't verify the domain, the email will be be rejected at the time of send, with the reject reason, unsigned. Verifying a domain prevents other Transactional Email users from sending from your domain unless they also complete the verification process.
Regardless of how you send email (and which ESP you might use), for an added level of protection from phishing and spoofing, we strongly recommend setting up DMARC, SPF, and DKIM.
When you set up DMARC, as the domain owner you can be explicit in telling receiving mail servers how they should handle email that's purported to come from you but that doesn't authenticate. For example, you might have a DMARC policy that tells receiving servers to reject any email from your domain when SPF and DKIM checks don't pass.
Verify a sending domain
Verify a domain on the Sending Domains page in your Transactional Email account or with the Mandrill API using the /senders/verify-domain endpoint. To confirm ownership of the domain, we'll send an email with a confirmation link to the address you specify, so you'll need to make sure that the domain can accept incoming email.
To verify a domain you need to have login access to the Transactional Email account where the sending domain is stored, so if you manage sending domains for your own users you'll need to work directly with them to verify their sending domains.
You'll need to add SPF and DKIM records and verify ownership of your sending domains before you can send email through your account. Transactional Email will not send any email from unverified domains or domains without valid SPF and DKIM records, including public domains like gmail.com, yahoo.com, and more.
A message that is rejected with the reject reason unsigned indicates that the sending domain hasn't been properly set up, and that your account is unable to send and authenticate email from that domain.