This guide walks you through setting up DNS records provided by OneSignal to authenticate your sending domain. In most cases, DNS can be auto-configured from the OneSignal dashboard as described in the Email Setup guide.

Requirements

If you need to manually set up your sending domain DNS recordss, you must:

  • Own the sending domain.
  • Have access to DNS settings via your provider.

If you don’t own a domain, you can purchase one via the OneSignal dashboard or register through Cloudflare. This guide will use Cloudflare as an example but most DNS providers work the same.

Email DNS configuration

Complete the Email Setup steps until you’re prompted to add DNS records, then return here.

From the OneSignal dashboard, copy each DNS record:

Copy DNS records from OneSignal

In your DNS provider’s interface (e.g., Cloudflare), go to DNS > Records and add each record.

Email authentication methods

Correctly configuring DNS authentication helps ensure your emails are delivered and not flagged as spam. Here’s a breakdown of the DNS records you will add:

SPF (Sender Policy Framework)

Verifies the sending IP is authorized to send emails on your domain’s behalf.

✅ No extra action needed beyond adding the TXT record provided by OneSignal.

DKIM (DomainKeys Identified Mail)

Verifies the message’s content was not altered and was sent by you.

📌 The public key is included in the DNS record from OneSignal.

MX (Mail Exchange)

Receives email responses or bounces. Even if you’re only sending, these help avoid domain verification errors.

If you already use another email provider (e.g. Gmail), do not overwrite existing MX records.

CNAME

Used for open, click, and unsubscribe tracking.

Ensure:

  • Proxy is set to “DNS Only”
  • Flattening is disabled

DMARC

Adds policy enforcement for SPF/DKIM failures.

DMARC is required for secure email sending. Learn more: Email Sender Guidelines

Record configuration formats

TXT record

  • Type: TXT
  • Name: OneSignal “Hostname”
  • Content: OneSignal “Value”
  • TTL: Auto or lowest
  • Priority: 10 (if required)

If you already have an SPF TXT record, append additional includes like:

v=spf1 include:spf.onesignal.email include:mailgun.org include:your-other-spf-records ~all

DNS record interface

CNAME record

  • Type: CNAME
  • Name: OneSignal “Hostname”
  • Target: OneSignal “Value”
  • TTL: Auto or lowest
  • Proxy: DNS only
  • Flattening: Off
  • Priority: 10 (if required)

CNAME record setup

MX record

  • Type: MX
  • Name: OneSignal “Hostname”
  • Mail server: OneSignal “Value”
  • TTL: Auto or lowest
  • Priority: 10

DNS records overview


DNS verification

After adding records:

  1. Return to the OneSignal dashboard.
  2. Click Check Records.

Verified records show green check marks.

Verified DNS records in OneSignal

⏱ Verification typically takes just a few minutes but can take up to 24 hours.

Use whatsmydns.net to check propagation if any records are pending.

Check DNS propagation with whatsmydns.net

🔍 If verification fails:

  • Confirm the domain is correct.
  • Double-check each record was added exactly as shown in the dashboard.

Continue with Email Setup to complete configuration and begin sending emails.