Custom domain email setup

Goal

By the end of this guide, customers can email support@yourdomain.com and your team can reply from the same address, with the message arriving in Gmail or Outlook in the inbox (not spam) and threaded correctly.

You need access to your DNS provider (Cloudflare, Route 53, GoDaddy, Namecheap, etc.). Plan on 15 minutes of work plus up to 24 hours for DNS propagation, though most providers propagate in under an hour.

1. Add your domain

Go to Settings → Domains and click Add domain. Enter the domain you want to send from, e.g. yourdomain.com. Ochre generates a set of DNS records for you to add.

You'll see records of three types:

• TXT records for DKIM. These prove that email signed with our keys is authorized to claim your domain. Two records, prefixed with selector names.
• TXT record for SPF. This authorizes our mail servers to send on behalf of your domain. If you already have an SPF record, you'll merge ours into it rather than adding a second one.
• MX record for inbound. Points an inbox subdomain (like inbox.yourdomain.com) at our receiving infrastructure.

2. Add the records

In your DNS provider's dashboard, add each record exactly as shown. A few common gotchas:

• TTL. Use 300 seconds (5 minutes) for the initial setup so you can iterate quickly. You can raise it once everything verifies.
• Trailing dots. Some providers require a trailing dot on the value (mx.example.com.); some forbid it. Match what other working records on your domain use.
• CNAME flattening. Cloudflare and a few others will flatten certain records at the apex. This is fine for our use, but if you see warnings, leave the record un-proxied (gray cloud in Cloudflare).
• Existing SPF. Only one SPF record per domain is allowed. If you have v=spf1 include:_spf.google.com ~all, change it to v=spf1 include:_spf.google.com include:<our include> ~all.

3. Verify

Back in Settings → Domains, click Verify. Ochre queries your DNS and confirms each record. Verification usually completes in under a minute. If a record is missing or wrong, you'll see exactly which one and what we found instead.

If verification fails, wait 10 minutes (DNS caches) and try again.

4. Set the from address

Once the domain verifies, choose the address customers will email. The most common choice is support@yourdomain.com. You can have multiple addresses on the same domain; route each to its own team via Routing rules.

5. Test

Send a test email from a personal account to your support address. You should see it appear in the inbox within a few seconds. Reply from Ochre and confirm it arrives in your test account's inbox, not spam, with your custom signature and no Ochre branding.

Then click the message in Gmail and check the headers (Show original). Look for:

• dkim=pass with your domain.
• spf=pass with your domain.
• dmarc=pass if you have a DMARC policy.

All three should pass. If DKIM or SPF show neutral or fail, the records likely haven't propagated yet, or the SPF record was merged incorrectly.

DMARC

If you have an existing DMARC policy (_dmarc.yourdomain.com), check that it's compatible with our setup. Most policies are. The common breakage is aspf=s (strict alignment), which requires the from-domain to exactly match the signing domain. Our default setup aligns by default, so this is fine.

If you don't have a DMARC policy, you don't need one to send email. We recommend adding one (p=none to start) for better deliverability and to prevent spoofing.

Subdomain versus apex

You can send from yourdomain.com (apex) or from a subdomain like support.yourdomain.com. We recommend the apex for the customer-facing address. Use a subdomain (like notifications.yourdomain.com) for transactional or system mail to keep them on a separate reputation.

What's next

• See Inbound email and how receiving works for the receive path.
• Configure Auto-replies for new conversations.