Email DNS configuration

A step-by-step walkthrough on how to purchase and setup your sending domain with Cloudflare and OneSignal.

This guide walks you through setting up the DNS records provided by OneSignal with your DNS provider. In most cases, you can auto-configure these settings directly from the OneSignal dashboard as described in the Email Setup guide.

Requirements & recommendations

To configure email with OneSignal, you must own the sending domain and have access to DNS settings.

If you do not own a sending domain, you can quickly purchase one through the OneSignal dashboard (see Email Setup) or continue with this guide to register one through Cloudflare.

Example registering your domain with Cloudflare (click to expand)

Create an account at Cloudflare.com

Navigate to Domain Registration > Register Domains and search for the desired domain name.

Choose the desired domain and select Purchase. If the domain you entered is not available, you will have the option to choose a similar domain name.

Once you have purchased the domain you should see it as active under Domain Registration > Managed Domains.

If you already own your sending domain, you can auto-configure the DNS records through the OneSignal dashboard (see Email Setup) or follow the documentation provided by your DNS provider. A list of common DNS provider's docs are provided:

DNS How-to guides by provider (click to expand)
Domain ProviderDocumentation Links
GoDaddyMX, CNAME, TXT
NamecheapDNS Questions
HostingerHow to Manage DNS Records at Hostinger
Network SolutionsHow do I manage DNS and advanced DNS records?
RackspaceMX, CNAME
HostGatorMX, CNAME
GoogleMX, CNAME
CloudflareManage DNS Records
DNS Made EasyMX, CNAME, TXT
DreamhostAdding custom DNS records
Dyn (Oracle DNS)Set up DNS
HoverManaging DNS records
Amazon Route 53Working with records

Create a subdomain

It is recommended to use a subdomain for sending email for several reasons. The most important being:

  1. It allows you to separate the reputation of your domains.
  2. It allows you to manage the DNS records easier across your domains.
How-to setup a subdomain with Cloudflare (click to expand)

To create the subdomain add an "A" record to your DNS > Records page.

  • Click add record.
  • Select Type "A".
  • Add the subdomain to the "name" field. In this example, the subdomain is mail. Cloudflare will automatically append your domain to create the subdomain. In this example it'smail.yourdomain.com.
  • Set the value to be one of the IP addresses used by your root domain.

Once you have the IPs for the "A" record add one of them to the IPv4 address field and hit "Save".

Select one of the IPs to set in your Subdomain IPv4 field.

Copy and paste one of the IPv4 addresses add it to the IPv4 field in your "A" record and hit save.


Email DNS configuration

If you have not done so already, follow the Email setup guide until you get to the Email configuration step, then return back to this page.

Copy-paste each DNS record from OneSignal into your DNS provider.

In this example, we are using Cloudflare but most DNS provider settings work the same.

In Cloudflare, navigate to DNS > Records and click Add record for each row provided.

DNS authentication methods

Email authentication provides verifiable information about the origin of your emails. In order for internet service providers (ISPs) to deliver your email immediately, proper authentication is crucial. Your outreach is considered fraudulent if it lacks authentication.

Email authentication method definitions (click to expand)

Sender Policy Framework (SPF)

By using this method, you can verify that the IP address associated with your OneSignal email-sending account is authorized to send mail on your behalf. In the DNS settings, you publish SPF text records that serve as your basic authentication. DNS records will be checked by the receiving server for authenticity. This method is used to validate the sender of an email.

Your SPF record will be set up once OneSignal configures your IPs and domains. No further action is required beyond adding the DNS records we provide to you.

Domain Keys Identified Mail (DKIM)

The DKIM record confirms that your OneSignal email-sending domain is authorized to send mail on your behalf. This is designed to validate the sender’s authenticity and ensure the integrity of the message is preserved.

The DKIM uses an encrypted signature to inform the ISPs that the mail its delivering is the same as the mail that was sent by you. The ISPs will verify the signature against your public key, which is stored in your custom DNS record.

Mail Exchange Records (MX)

These are your receiving records. MX records are recommended for all domains, even if you are only sending messages. Unless you already have MX records for your domain pointing to another email server (e.g. Gmail), you should update the following records for optimal deliverability.

Without these MX records in place, you may see an increase in "Sender Domain Verification" errors, which are errors that the recipient server returns whenever your domain lacks MX records. By configuring your domain with MX records the "Sender Domain Verification" error gets a solution and is prevented from occurring in future cases.

Canonical Name (CNAME)

A Canonical Name or CNAME record is a type of DNS record that maps an alias name to a true or canonical domain name. CNAME records are typically used to map a subdomain such as www or mail to the domain hosting that subdomain's content.

The CNAME record is necessary for tracking opens, clicks, and unsubscribes.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC authentication protocols add an additional layer of security to your domain.
This allows you to dictate how the ISPs should handle mail that has failed your DNS authentication checks.

Failures could suggest that others are trying to forge your domain or your emails. You can tell the ISPs to reject or quarantine the mail as well as inform you of this by sending you information about the false mail.

📘

Required by Google

DMARC authentication must be set up to ensure email security for bulk sending. Please take the necessary steps to implement DMARC for your domain. Email Sender Guidelines

TXT records

  • Set the "Type" as TXT
  • Copy/paste the OneSignal "Hostname" to the "Name" or provided field in DNS settings.
  • Copy/paste the OneSignal "Value" to the "Content" or provided field in DNS settings.
  • Set "TTL" to "Auto" or lowest value allowed. Can be updated later.
  • Set the "Priority" to 10 if asked. Can be updated later.

📘

Merging multiple SPF records

If your domain already has a TXT records with value like v=spf1 include:... ~all then you can pass in additional include: statements for include:spf.onesignal.email include:mailgun.org

Your SPF record should then look similar to this:

v=spf1 include:spf.onesignal.email include:mailgun.org include:your-other-spf-records ~all

CNAME records

  • Set the "Type" as CNAME
  • Copy/paste the OneSignal "Hostname" to the "Name" or provided field in DNS settings.
  • Copy/paste the OneSignal "Value" to the "Target" or provided field in DNS settings.
  • Set "TTL" to "Auto" or lowest value allowed. Can be updated later.
  • Turn off "Proxy status" to DNS only.
  • Ensure "Flatten" is off.
  • Set the "Priority" to 10 if asked. Can be updated later.

MX records

📘

Important note on MX records

These are your receiving records. MX records are recommended for all domains, even if you are only sending messages.

If you already have MX records for this domain pointing to another email server (e.g. Gmail), then you can skip this step.

  • Set the "Type" as MX
  • Copy/paste the OneSignal "Hostname" to the "Name" or provided field in DNS settings.
  • Copy/paste the OneSignal "Value" to the "Mail server" or provided field in DNS settings.
  • Set "TTL" to "Auto" or lowest value allowed. Can be updated later.
  • Set the "Priority" to 10 if asked. Can be updated later.

DNS verification

Make sure you added all the DNS records as provided in your OneSignal dashboard with possibly the exception of the MX records if you already have them setup.

Go back to your OneSignal dashboard where you got these DNS records and click Check Records.

You'll see green check marks when a record has been verified.

Verification can take up to 24 hours, but this is usually rare and the records should be propagated within a few minutes. If you do not see all green, you can use a site like https://www.whatsmydns.net/ to check where each record is not available yet.

If your DNS records are not showing green check marks within a few minutes, double check your DNS setting to make sure you copy-pasted the values correctly and to the right domain.

👍

Done!

Continue with Email Setup to make sure you have everything in place to start sending emails.