Sending from your company’s custom domain name

Set up domain authentication to allow Axios HQ to send emails that look like they're coming from you!

Integrating with a custom domain allows you to choose what email address your series send from.

  • Why it matters: This makes your messaging friendlier, lets you stay on-brand, and gives your audience confidence that your messages are coming from you!

🔍 How it works: Owners and Admins can access the “Custom Domain” page by navigating to “Settings” > “Custom Domain.” 

Table of Contents:

  1. We will not take over your root domain
  2. Choose your sending domain
  3. Adding DNS records
  4. Internal DNS and anti-spoofing
  5. Send a test!
  6. FAQ
  7. Common providers

 

1. We will not take over your root domain

We will never ask for DNS changes to be made on your root domain. Instead, your HQ communications will be sent from your HQ-specific subdomain.

  • To verify and authenticate your domain, you will place our required DNS records on the account-specific subdomain of your choice (example: comms.your-domain.com)

Do not edit your domain’s primary DNS records: When adding Axios HQ’s DNS records, be sure you are not editing or deleting any records on your root domain. If you do, you may not be able to receive email.


This configuration protects the health and stability of your domain; if there are any spam complaints, bounces, blocks, or other reputation hits against your HQ sends, it will affect the HQ subdomain and our IP addresses, not yours. 

  • This also means that the DNS records we send over for your subdomain won’t impact your existing DNS records.
  • Our SPF record will not count against any lookup limits and should not be added to any existing records.
  • Our MX records will not disrupt incoming email to your email server. They exist to receive bounce and spam feedback.

Set up DMARC on your root domain: in your hosting provider, make sure you only include _dmarc as a subdomain on your root domain. You should not add it to any of your subdomains, as this policy should automatically apply to the new subdomain we are configuring.

We also recommend ensuring that your DMARC is set up to accept emails from subdomains by adding an adkim=r tag to your policy.

Additionally, your DNS provider needs to support connecting your mailbox to a subdomain in order to properly set up this connection.

 


 

2. Choose your sending domain

Determine your send-from address

To begin setting up your custom domain, you will need to enter a unique subdomain and a domain you own.


The subdomain should be unique to HQ! Examples include:

  • comms.your-domain.com
  • info.your-domain.com
  • axioshq.your-domain.com

The domain address should be whatever domain you intend to send from.

  • This will be what follows the @ in your email address.

✅ When the above is complete, select “Generate DNS records.” 

Choose a friendly subdomain! Your team may need to send from an address that includes the subdomain (ex: john@comms.your-domain.com.) This may be necessary depending on your spam rules and possible exceptions; we typically see this behavior with Outlook anti-spam policies.

Read more about spam recommendations here.


 

3. Adding DNS records

To allow HQ to send on behalf of your domain, your team will need to add the five provided records to your DNS configuration.

🛠️ Once DNS records are generated:

  1. Navigate to “Settings” > “Custom Domain” 
  2. Click the “TXT records” drop down to view records. 
  3. Copy and paste these records into your DNS configuration. 
  4. Repeat steps 2 and 3 for the MX records and CNAME record. 

You will need these records to authenticate your domain:

  • SPF record: This TXT record specifies Axios HQ as a valid email sender for your domain. SPF records are used to identify which IP addresses are authorized to send email on behalf of you.
  • DKIM record: This TXT record allows Axios HQ to create an encrypted signature on emails sent on your behalf. DKIM signatures verify that the message that arrives at the inbox provider is legitimate, and actually came from the sender.
  • CNAME record: The CNAME record is necessary for tracking link clicks and opens, and without one, links in your edition will not work. Ensure that these records are added to any internal configurations your team may have (like a VPN or LAN network).

    You may see your links wrapped with something that looks very similar to your custom domain address. This is expected, and they will quickly redirect, all while tracking the link click.

These records are optional, but highly recommended:

  • Our MX records exist to create a custom return-path using your subdomain, which will allow HQ to receive bounce and spam feedback. They are also recommended for any checks that your recipients' inboxes may attempt. If an email client looks for valid MX records and there are none, the message will almost certainly bounce. 

    MX records can be added retroactively. If your team decides to forgo MX records and sees unfavorable deliverability, these can always be added in at a later time.

 


Once all records are added to your DNS, click the “Verify DNS records” button in HQ. Each section should show “Verified” in green if properly added. 

  • DNS records can take up to 48 hours to propagate. Your domain will remain unverified until we are able to process that all three of the required records have the expected values.
  • Note: your provider may automatically add your primary domain as a suffix to the hostname. In some cases, you may need to enter the entire record name (ex: comms.your-domain.com) while in others, you may only need to add the subdomain (ex: comms) as the host input.

If you do not see verified records, review your setup and hit verify again.

 


 

4. Internal DNS & anti-spoofing

If your team has an internal DNS setup (ex: as part of a VPN or LAN network in your office/campus) add these DNS records to that configuration to ensure your HQ communications are accessible to your internal recipients.

  • It’s especially important to add the CNAME record internally. Without it, your images may not display and links will throw an error for anyone on your internal network.
  • This error may include messaging like "This site can't be reached" and will usually include the code DNS_PROBE_FINISHED_NXDOMAIN.

❗ If you have an anti-spoofing policy, please add your HQ-specific subdomain to the exceptions or bypass list to ensure that your editions are neither quarantined nor rejected. 

  • Go deeper: Find instructions for adding an exception to common anti-spoofing protection frameworks include Mimecast, Proofpoint, and Microsoft 365, here.



 

5. Send a test!

Send a test edition from HQ, and include a link

Ensure that the DNS records have been properly implemented by creating and sending a test message to yourself! Include a link that you can click from your inbox. Make sure the link properly navigates you to its destination!

  • Axios HQ will use the address you set in the “Reply-to” field in your Series Settings as the “Send-from” address, as long as it matches this domain. The Send-from address can optionally be specified.
  • Click here to learn how to send a test. 

Seeing blocked images or EXTERNAL warnings? Review our allowlisting recommendations.

 


 

6. FAQ

Can I still send from HQ before we set up a custom domain?

Yes, you can still send from HQ without a custom domain. Your email will come from noreply@axioshq.com and any replies will return to whatever address you set as your reply-to email. 

My DNS records are not verifying.

Navigate to "Settings" > "Custom Domain" and ensure that the provided value and the current value match for the SPF, DKIM, and CNAME records. Check for any typos.

  • SPF: If your SPF record is not verifying, make sure it has not been included as part of an existing SPF record. Our SPF records should not live on your root domain, and will only verify if they are on the subdomain you've configured for HQ.

  • DKIM: Typical DKIM mismatches are due to typos and misspellings. Remember, the DKIM record is a unique to each setup!

  • CNAME: Ensure that this record is added to both your internal and external setups. This record will properly verify if added to your external setup, but will need to exist on your internal setup to resolve links on all networks.

  • MX: MX records are technically optional. We typically see mismatches when the priority is accidentally included in the value. Check the Current Value field in HQ to ensure there are no typos in this record.

My records say None found.

None found indicates that the hostname cannot be found or is improperly entered in your DNS configuration. 

  • Some DNS providers automatically add the root domain as a suffix to the hostname, in which case you can remove it from your inputs. You may not need to enter the entire record name (e.g., comms.your-domain.com) and instead may only need to add the subdomain (e.g., comms) as the host input.

My custom domain is set up, but none of my messages are coming to my inbox.

Adding a custom domain can flag anti-spoof policies your team has set up. If it seems like your messages aren't sending, check out our allowlisting documentation for recommendations on setting up rules, exceptions, and quarantine bypasses that will allow your messages to reach your internal recipients.

My custom domain is set up, but images are blocked / there's an EXTERNAL warning banner.

Review our allowlisting recommendations here.

Can I use multiple custom domains with one HQ organization?

At this time, we do not support more than one custom domain per HQ organization.

Can we use a hard fail instead of a soft fail for our SPF record?

Yes! This can be adjusted as you see fit.

Can we change the include:mailgun to something more specific?

Yes. include:mailgun is necessary for verification, but once your records are verified, you can remove it and add a more specific record; simply replaceinclude:mailgun with the value you would prefer.

What email address can we put in the send-from field?

Any email address that matches your domain! This address does not even need to be an active inbox. We do recommend that the reply-to address is active to receive responses.

 


 

7. Common providers

Below is a list of common DNS providers and instructions on how to add the appropriate DNS records.

  • AWS:
    • AWS does not allow you to set multiple MX records per hostname. To circumvent this issue, add a single record that has both MX values on separate lines.

  • Cloudflare:
    • Cloudflare offers a setting to dynamically flatten the CNAME records to the A record of the root domain. Although the record is functional, it is not accessible to our ESP and will likely prevent an https certificate from generating.
    • The CNAME record must be set to "DNS only" and not "Proxied" in order to verify.

  • GoDaddy
    • This provider automatically includes the root domain for any DNS records, so please be sure to only add the subdomain for your Axios HQ additions.
  • Google
    • Check if you have the correct credentials to set up your DNS configuration by navigating to google.domains.
    • This provider automatically includes the root domain for any DNS records, so please be sure to only add the subdomain for your Axios HQ additions.
    • Google may reject adding two separate MX records for the subdomain. To address this issue, enter one record with the value 10 mxa.mailgun.org and then click "Add to this record" to add another entry for it. Then you will enter 10 mxb.mailgun.org.
  • Valimail
    • If you use Valimail for DMARC monitoring and enforcement, your SPF record may appear with additional characters, likely due to Valimail's use of macros.
      • The value will look something like this: v=spf1include:%{i}._ip.%{h}._ehlo.%{q}._spf.vali.email ~all
      • Manually entering the necessary expected value (v=spf1 include:mailgun.org ~all) is not possible.
    • Our ESP recommends hosting the SPF record via another DNS provider to verify the domain, then switching back to Valimail once it is properly verified in Axios HQ. It is important to keep in mind that if re-verification happens after your team switches the records back to Valimail, your DNS configuration in HQ will revert to "Unverified." Because of this, you may want to keep the record hosted outside of Valimail.
  • Verio
    • Does not support adding TXT records to subdomains, and for that reason we are unable to integrate a custom domain with this provider.
  • Wix
    • Wix does not support adding MX records (optional) to subdomains.
  • WANworX
    • This provider requires adding the subdomain as a new domain in WANworX and adding the DNS records we provide to the new domain.
    • MX records may need to be altered in order to enter them. You may also have to enter each MX record as both an MX and CNAME record.