Skip to main content

Setting Up Email for your Domain

It's becoming increasingly complicated to set up email for a domain. You have many things to worry about, including SPF, DKIM, and DMARC. Below are a few short reminders and docs for how to set up everything correctly.

Setting Up Subdomains with Google for Email Sending

It is crucial to set up subdomains for email sending, so that the primary domain is uneffected by the email gods in case they decide to punish you for some reason. So set up subdomains, like support.domain.com and updates.domain.com, for sending email, and then set up those domains in Google (assuming google is your email provider). Important, the subdomains require that the email actually works and can receive email! You can always add more subdomains later if the situation warrants it, i.e. one subdomain is having deliverability issues.

In Google Admin Console for the domain you are using:

  • Account -> Domains -> Manage Domains ---> Add Domain and choose the "User Alias Domain Option" You need to then add the full domain when adding a domain, so for example: support.mywebsite.com
  • Refresh the "manage domain" page and see if it is verified
  • Click on Active Gmail for the domain on the "manage domain page" -> Choose Set Up MX Record
  • follow the directions to add the MX record for Cloudflare in Google, but for the name do NOT use @, as suggested by Google, because this is for the primary domain. Instead use the subdomain as the name, like support. So your Cloudflare mx record would look something like this: name: support , smtp.google.com, 1. Follow the directions to verify it. If it is verified you will be redirected back to the manage domains and it will say verified.
  • Then if you go to that user in the Google Admin (Directory->Users - see below), you should see the alternate email there. you can test it.
  • Add Alternate Email for Email (done automatically when you set up per above): After the subdomain is set up and verified, you must add an alternate email. To do so, go to Admin Console->Directory->Users click on the User and then Add Alternate Emails. (use the drop down, "Show Alternate Emails" to see the other alternate emails that already are in use)
  • IMPORTANT!!! After testing, proceed to set up DKIM for every subdomain with Google and Postmark (our email provider).

Setting Up DKIM with Google Workspace

Assuming you use Google for handling your email, here are the necessary links

  • https://support.google.com/a/answer/174126?hl=en (see the optional link to check if you set it up already)
  • https://support.google.com/a/answer/180504?sjid=387361275196311783-NA - main doc for setting up DKIM.
  • IMPORTANT: You need to do DKIM for every Google subdomain you set up. When you log into Google Admin Console > Apps > Google Workspace > Gmail > Authenticate Email. DKIM, you will see a drop down for selecting the domain needed for DKIM. But, when setting up your subdomain for DKIM, you have to remember to add the subdomain to the text name, for example, NAME._domainkey.community (for community.mywebsite.com subdomains)
  • Testing: You can use pipedream workflows to test each subdomain, sending emails from the correct sender to an outside email address.

Setting Up DKIM with Postmark

If you are using Postmark for handling your emails, remember that you need to set up postmark DKIM for every subdomain!

  • Log into Postmark -> Sender signatures -> Add domain or signature and choose the Send from any email address on a domain
  • Add your domain and follow instructions to add the DKIM (need to do this for every subdomain!)
  • IMPORTANT: when setting subdomains in cloudflare, make sure the proxy status is grey! you don't want to proxy these.

Set Up DMARC

After the above is done and you have everything set up and verified, you can set up DMARC with strict policy, because there is no reason why any other domain should be sending email for you, other than what you set up DKIM for.