Email DNS configuration
Step-by-step guide to set up your sending domain and authenticate email using DNS records via OneSignal and Cloudflare.
This guide walks you through setting up DNS records provided by OneSignal to authenticate your sending domain. In most cases, DNS can be auto-configured from the OneSignal dashboard as described in the Email Setup guide.
Requirements
If you need to manually set up your sending domain DNS recordss, you must:
- Own the sending domain.
- Have access to DNS settings via your provider.
If you don’t own a domain, you can purchase one via the OneSignal dashboard or register through Cloudflare. This guide will use Cloudflare as an example but most DNS providers work the same.
Registering your domain with Cloudflare
Registering your domain with Cloudflare
Create an account at Cloudflare.com.
Go to Domain Registration > Register Domains, search for an available name, and purchase it.
Cloudflare's Domain Registration Page
Cloudflare's Domain Purchase Page
Once purchased, your domain will appear under Domain Registration > Managed Domains.
Cloudflare's Domain Management Page
Email DNS configuration
Complete the Email Setup steps until you’re prompted to add DNS records, then return here.
From the OneSignal dashboard, copy each DNS record:
Copy DNS records from OneSignal
In your DNS provider’s interface (e.g., Cloudflare), go to DNS > Records and add each record.
Email authentication methods
Correctly configuring DNS authentication helps ensure your emails are delivered and not flagged as spam. Here’s a breakdown of the DNS records you will add:
SPF (Sender Policy Framework)
Verifies the sending IP is authorized to send emails on your domain’s behalf.
✅ No extra action needed beyond adding the TXT record provided by OneSignal.
DKIM (DomainKeys Identified Mail)
Verifies the message’s content was not altered and was sent by you.
📌 The public key is included in the DNS record from OneSignal.
MX (Mail Exchange)
Receives email responses or bounces. Even if you’re only sending, these help avoid domain verification errors.
If you already use another email provider (e.g. Gmail), do not overwrite existing MX records.
CNAME
Used for open, click, and unsubscribe tracking.
Ensure:
- Proxy is set to “DNS Only”
- Flattening is disabled
DMARC
Adds policy enforcement for SPF/DKIM failures.
DMARC is required for secure email sending. Learn more: Email Sender Guidelines
Record configuration formats
TXT record
- Type:
TXT
- Name: OneSignal “Hostname”
- Content: OneSignal “Value”
- TTL: Auto or lowest
- Priority:
10
(if required)
If you already have an SPF TXT record, append additional includes like:
v=spf1 include:spf.onesignal.email include:mailgun.org include:your-other-spf-records ~all
DNS record interface
CNAME record
- Type:
CNAME
- Name: OneSignal “Hostname”
- Target: OneSignal “Value”
- TTL: Auto or lowest
- Proxy: DNS only
- Flattening: Off
- Priority:
10
(if required)
CNAME record setup
MX record
- Type:
MX
- Name: OneSignal “Hostname”
- Mail server: OneSignal “Value”
- TTL: Auto or lowest
- Priority:
10
DNS records overview
DNS verification
After adding records:
- Return to the OneSignal dashboard.
- Click Check Records.
Verified records show green check marks.
Verified DNS records in OneSignal
⏱ Verification typically takes just a few minutes but can take up to 24 hours.
Use whatsmydns.net to check propagation if any records are pending.
Check DNS propagation with whatsmydns.net
🔍 If verification fails:
- Confirm the domain is correct.
- Double-check each record was added exactly as shown in the dashboard.
Continue with Email Setup to complete configuration and begin sending emails.