Email DNS configuration
A step-by-step walkthrough on how to purchase and setup your sending domain with Cloudflare and OneSignal.
This guide walks you through setting up the DNS records provided by OneSignal with your DNS provider. In most cases, you can auto-configure these settings directly from the OneSignal dashboard as described in the Email Setup guide.
Requirements & recommendations
To configure email with OneSignal, you must own the sending domain and have access to DNS settings.
If you do not own a sending domain, you can quickly purchase one through the OneSignal dashboard (see Email Setup) or continue with this guide to register one through Cloudflare.
Example registering your domain with Cloudflare (click to expand)
Create an account at Cloudflare.com
Navigate to Domain Registration > Register Domains and search for the desired domain name.
Choose the desired domain and select Purchase. If the domain you entered is not available, you will have the option to choose a similar domain name.
Once you have purchased the domain you should see it as active under Domain Registration > Managed Domains.
If you already own your sending domain, you can auto-configure the DNS records through the OneSignal dashboard (see Email Setup) or follow the documentation provided by your DNS provider. A list of common DNS provider's docs are provided:
DNS How-to guides by provider (click to expand)
| Domain Provider | Documentation Links |
|---|---|
| GoDaddy | MX, CNAME, TXT |
| Namecheap | DNS Questions |
| Hostinger | How to Manage DNS Records at Hostinger |
| Network Solutions | How do I manage DNS and advanced DNS records? |
| Rackspace | MX, CNAME |
| HostGator | MX, CNAME |
| MX, CNAME | |
| Cloudflare | Manage DNS Records |
| DNS Made Easy | MX, CNAME, TXT |
| Dreamhost | Adding custom DNS records |
| Dyn (Oracle DNS) | Set up DNS |
| Hover | Managing DNS records |
| Amazon Route 53 | Working with records |
Create a subdomain
It is recommended to use a subdomain for sending email for several reasons. The most important being:
- It allows you to separate the reputation of your domains.
- It allows you to manage the DNS records easier across your domains.
How-to setup a subdomain with Cloudflare (click to expand)
To create the subdomain add an "A" record to your DNS > Records page.
- Click add record.
- Select Type "A".
- Add the subdomain to the "name" field. In this example, the subdomain is
mail. Cloudflare will automatically append your domain to create the subdomain. In this example it'smail.yourdomain.com. - Set the value to be one of the IP addresses used by your root domain.
Once you have the IPs for the "A" record add one of them to the IPv4 address field and hit "Save".
Select one of the IPs to set in your Subdomain IPv4 field.
Copy and paste one of the IPv4 addresses add it to the IPv4 field in your "A" record and hit save.
Email DNS configuration
If you have not done so already, follow the Email setup guide until you get to the Email configuration step, then return back to this page.
Copy-paste each DNS record from OneSignal into your DNS provider.
In this example, we are using Cloudflare but most DNS provider settings work the same.
In Cloudflare, navigate to DNS > Records and click Add record for each row provided.
DNS authentication methods
Email authentication provides verifiable information about the origin of your emails. In order for internet service providers (ISPs) to deliver your email immediately, proper authentication is crucial. Your outreach is considered fraudulent if it lacks authentication.
Email authentication method definitions (click to expand)
Sender Policy Framework (SPF)
By using this method, you can verify that the IP address associated with your OneSignal email-sending account is authorized to send mail on your behalf. In the DNS settings, you publish SPF text records that serve as your basic authentication. DNS records will be checked by the receiving server for authenticity. This method is used to validate the sender of an email.
Your SPF record will be set up once OneSignal configures your IPs and domains. No further action is required beyond adding the DNS records we provide to you.
Domain Keys Identified Mail (DKIM)
The DKIM record confirms that your OneSignal email-sending domain is authorized to send mail on your behalf. This is designed to validate the sender’s authenticity and ensure the integrity of the message is preserved.
The DKIM uses an encrypted signature to inform the ISPs that the mail its delivering is the same as the mail that was sent by you. The ISPs will verify the signature against your public key, which is stored in your custom DNS record.
Mail Exchange Records (MX)
These are your receiving records. MX records are recommended for all domains, even if you are only sending messages. Unless you already have MX records for your domain pointing to another email server (e.g. Gmail), you should update the following records for optimal deliverability.
Without these MX records in place, you may see an increase in "Sender Domain Verification" errors, which are errors that the recipient server returns whenever your domain lacks MX records. By configuring your domain with MX records the "Sender Domain Verification" error gets a solution and is prevented from occurring in future cases.
Canonical Name (CNAME)
A Canonical Name or CNAME record is a type of DNS record that maps an alias name to a true or canonical domain name. CNAME records are typically used to map a subdomain such as www or mail to the domain hosting that subdomain's content.
The CNAME record is necessary for tracking opens, clicks, and unsubscribes.
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
DMARC authentication protocols add an additional layer of security to your domain.
This allows you to dictate how the ISPs should handle mail that has failed your DNS authentication checks.
Failures could suggest that others are trying to forge your domain or your emails. You can tell the ISPs to reject or quarantine the mail as well as inform you of this by sending you information about the false mail.
Required by Google
DMARC authentication must be set up to ensure email security for bulk sending. Please take the necessary steps to implement DMARC for your domain. Email Sender Guidelines
TXT records
- Set the "Type" as
TXT - Copy/paste the OneSignal "Hostname" to the "Name" or provided field in DNS settings.
- Copy/paste the OneSignal "Value" to the "Content" or provided field in DNS settings.
- Set "TTL" to "Auto" or lowest value allowed. Can be updated later.
- Set the "Priority" to
10if asked. Can be updated later.
Merging multiple SPF records
If your domain already has a TXT records with value like
v=spf1 include:... ~allthen you can pass in additionalinclude:statements forinclude:spf.onesignal.email include:mailgun.orgYour SPF record should then look similar to this:
v=spf1 include:spf.onesignal.email include:mailgun.org include:your-other-spf-records ~all
CNAME records
- Set the "Type" as
CNAME - Copy/paste the OneSignal "Hostname" to the "Name" or provided field in DNS settings.
- Copy/paste the OneSignal "Value" to the "Target" or provided field in DNS settings.
- Set "TTL" to "Auto" or lowest value allowed. Can be updated later.
- Turn off "Proxy status" to DNS only.
- Set the "Priority" to
10if asked. Can be updated later.
MX records
Important note on MX records
These are your receiving records. MX records are recommended for all domains, even if you are only sending messages.
If you already have MX records for this domain pointing to another email server (e.g. Gmail), then you can skip this step.
- Set the "Type" as
MX - Copy/paste the OneSignal "Hostname" to the "Name" or provided field in DNS settings.
- Copy/paste the OneSignal "Value" to the "Mail server" or provided field in DNS settings.
- Set "TTL" to "Auto" or lowest value allowed. Can be updated later.
- Set the "Priority" to
10if asked. Can be updated later.
DNS verification
Make sure you added all the DNS records as provided in your OneSignal dashboard with possibly the exception of the MX records if you already have them setup.
Go back to your OneSignal dashboard where you got these DNS records and click Check Records.
You'll see green check marks when a record has been verified.
Verification can take up to 24 hours, but this is usually rare and the records should be propagated within a few minutes. If you do not see all green, you can use a site like https://www.whatsmydns.net/ to check where each record is not available yet.
If your DNS records are not showing green check marks within a few minutes, double check your DNS setting to make sure you copy-pasted the values correctly and to the right domain.
Done!
Continue with Email Setup to make sure you have everything in place to start sending emails.
Updated 26 days ago