Skip to main content
This guide walks you through setting up DNS records provided by OneSignal to authenticate your sending domain. In most cases, DNS can be auto-configured from the OneSignal dashboard as described in the Email Setup guide.

Requirements

If you need to manually set up your sending domain DNS recordss, you must:
  • Own the sending domain.
  • Have access to DNS settings via your provider.
If you don’t own a domain, we recommend purchasing one via Cloudflare. This guide will use Cloudflare as an example but most DNS providers work the same.
Create an account at Cloudflare.com.Go to Domain Registration > Register Domains.

Cloudflare's Domain Registration Page

Search for an available name and purchase it.

Cloudflare's Domain Purchase Page

Once purchased, your domain will appear under Domain Registration > Managed Domains.

Cloudflare's Domain Management Page

Email DNS configuration

Complete the Email Setup steps until you’re prompted to add DNS records, then return here or use the Auto-Configure DNS button. From the OneSignal dashboard:
  • ⚠️ means the current DNS record does not match
  • ✅ means the current DNS record matches
Each DNS record needs to be added to your DNS provider with the exception of the MX record. You must have MX records set up, but they may point to a different server.

Copy DNS records from OneSignal into your DNS provider

In your DNS provider’s interface (e.g., Cloudflare), go to DNS > Records and add each record. Correctly configuring DNS authentication helps ensure your emails are delivered and not flagged as spam. Here’s a breakdown of the DNS records you will add:

TXT records

  • Type: TXT
  • Name: OneSignal “Hostname”
  • Content: OneSignal “Value”
  • TTL: Auto or lowest
  • Priority: 10 (if required)
If you already have an SPF TXT record, append additional include: records like:v=spf1 include:spf.onesignal.email include:mailgun.org include:your-other-spf-records ~all

Cloudflare's TXT DNS record interface

SPF (Sender Policy Framework)

Verifies the sending IP is authorized to send emails on your domain’s behalf.

DMARC

Adds policy enforcement for SPF/DKIM failures. DMARC is required for secure email sending. Learn more: Email Sender Guidelines
OneSignal uses the value v=DMARC1; p=none; for the DMARC record. If you already have a DMARC record, make sure this is included and not set multiple times.

CNAME records

Used for open, click, and unsubscribe tracking.
  • Type: CNAME
  • Name: OneSignal “Hostname”
  • Target: OneSignal “Value”
  • TTL: Auto or lowest
  • Proxy: DNS only
  • Flattening: Off
  • Priority: 10 (if required)

Cloudflare's CNAME DNS record interface

DKIM (DomainKeys Identified Mail)

Verifies the message’s content was not altered and was sent by you. The public key is included in the DNS record from OneSignal.

MX records

Receives email responses or bounces. Even if you’re only sending, these help avoid domain verification errors.
If you already use another email provider (e.g. Gmail), do not overwrite existing MX records.
  • Type: MX
  • Name: OneSignal “Hostname”
  • Mail server: OneSignal “Value”
  • TTL: Auto or lowest
  • Priority: 10

Cloudflare's MX DNS record interface

DNS verification & troubleshooting

After adding records:
  1. Return to your OneSignal dashboard.
  2. Click Check Records or refresh button.
Verified records show green check marks ✅. All records should be verified (✅) in OneSignal with the exception of the MX records as long as your MX records are pointing somewhere else (like Google Mail).

Verified DNS records in your OneSignal dashboard

Verification typically takes just a few minutes but can take up to 48 hours.

Troubleshoot DNS propagation

  1. Use whatsmydns.net to check propagation if any records are pending.
  2. For records that show ⚠️, copy-paste the hostname from the OneSignal dashboard into the search bar and set the DNS type.
  3. Check the results.
Green check marks ✅ mean the record is verified and red cross marks ❌ mean the record is not verified. You can also see the current value of the record. If this is different from what OneSignal provides, you need to check your DNS provider’s interface and update the record to match what is in OneSignal. In this example, we see the TXT records are mostly green, with only a few that have not been updated yet.

Check DNS propagation with whatsmydns.net

If verification fails:
  • Confirm the domain is correct.
  • Double-check each record was added exactly as shown in the dashboard.

Common errors & solutions

  • TXT SPF record isn’t verified
    • You likely have an SPF record already. You should only have 1 SPF record and add multiple include: records to it’s value.
    • See above TXT records section for more details.
  • DNS not fully propagated
    • When checking the DNS record in whatsmydns.net you may see many green check marks ✅ but also a lot of red cross marks ❌
    • This means the records are not fully propagated to the internet yet and may take up to 48 hours.
    • Either wait and check again or contact your DNS provider to help you troubleshoot.
  • DNS value not matching OneSignal
    • If the values in whatsmydns.net do not match what we provide, then there are a couple things to check:
    • If MX records, that is ok. You can have the MX records point somewhere else as long as the are ✅ in whatsmydns.net
    • Check the URL is correct in whatsmydns.net and in your DNS provider. mail.yourdomain.com is not the same as yourdomain.com.
    • Contact your DNS provider to help you troubleshoot.
Return to Email Setup to complete configuration and begin sending emails.