By the end of this tutorial, you’ll know how to configure the DNS records Lemlist needs in Cloudflare, including MX, SPF, DKIM, DMARC, and a custom tracking domain. You’ll also know what each record does and how to avoid the most common setup mistakes.

Getting your DNS right is one of the most important parts of email deliverability. A correct setup helps your emails reach inboxes more reliably, protects your domain from spoofing, and enables Lemlist tracking features like opens and clicks.

In Cloudflare, start by going to Domains, open the three-dot menu for the domain you want to use, and click Configure DNS. This takes you to the DNS records area where you can add, edit, or remove records for that domain.

Cloudflare domain management page showing Domains in the sidebar, the domain action menu, and Configure DNS selected

Once you’re on the DNS records page, click Add record whenever you want to create a new DNS entry for Lemlist.

Cloudflare DNS records page showing the Add record button

Why this matters

Lemlist relies on several DNS records to verify that your domain is allowed to send email, receive mail correctly, and track engagement safely. When these records are configured properly, you improve deliverability, protect your sender reputation, and make sure your campaigns work as expected.

Prerequisites

You already have access to your Cloudflare account and the correct domain.
You already know which email provider handles your mailbox, such as Google Workspace, Microsoft 365, Zoho, or Fastmail.
You have access to your email provider admin panel for provider-specific values like MX and DKIM.
You have access to your Lemlist sending settings if you want to configure a custom tracking domain.

Core lesson: Configure your DNS records step by step

Phase 1: Add your MX record

Your MX record controls incoming email for your domain. This tells other mail servers where to deliver email sent to your addresses.

Click Add record, then open the Type dropdown and select MX.
Fill in the MX record fields:
- Type: MX
- Name: @
- Mail server: the value provided by your email provider
- TTL: Auto
- Priority: use the value recommended by your provider
This record is provider-specific, so the mail server value is the most important part to confirm before saving.

Common MX examples:

Zoho: mail server like mx.zoho.com, usually priority 10
Fastmail: use the MX value provided in Fastmail admin settings
Microsoft 365: use the unique MX value from your Microsoft Admin Center, usually priority 0
Google Workspace: use the MX value provided by Google, with the priority Google recommends

After entering the values, save the record. If you ever need to change it later, you can edit the existing MX record in Cloudflare.

Phase 2: Add your SPF record

Your SPF record tells receiving servers which tools are allowed to send email on behalf of your domain. Without SPF, your emails are more likely to land in spam or fail authentication checks.

Click Add record, choose TXT as the record type, and enter the record details.
Use these standard SPF settings:
- Type: TXT
- Name: @
- TTL: Auto
- Content: your SPF value
The content field is where you define which providers are authorized to send mail for your domain.

Important: each domain should have only one SPF record. If you use multiple sending tools or providers, combine them into a single SPF TXT record by adding multiple include: statements.

Example SPF formats:

Google Workspace:v=spf1 include:_spf.google.com ~all
Microsoft 365:v=spf1 include:spf.protection.outlook.com ~all
Zoho:v=spf1 include:zoho.com ~all

If you use more than one provider, your SPF might look like this:

v=spf1 include:_spf.google.com include:spf.protection.outlook.com ~all

If you later add another sending tool, edit your existing SPF record instead of creating a second one.

Phase 3: Add your DKIM record

DKIM acts like a digital signature for your emails. It proves that the message really came from your domain and wasn’t altered in transit.

Generate the DKIM record inside your email provider’s admin area.
In Cloudflare, add a new TXT record.
Paste the Name and Value exactly as provided by your email provider.
Leave TTL set to Auto, then save.

Unlike SPF and DMARC, DKIM values are usually unique to your domain and provider. That means you should always copy them directly from Google, Microsoft, Zoho, or whichever mail platform you use.

Phase 4: Add your DMARC record

DMARC adds another layer of protection by telling receiving servers how to handle messages that fail SPF or DKIM. It also helps you monitor how your domain is being used.

Before you add DMARC, make sure your SPF and DKIM records are already in place.

Add a new TXT record.
Set the Name to _dmarc.
Leave TTL on Auto.
Paste your DMARC policy into the Content field.

A common starting value is:

v=DMARC1; p=quarantine; pct=90; sp=none;

About the policy setting:

p=none monitors only
p=quarantine is the recommended starting point
p=reject is stricter and is often used later once your domain is fully configured and warmed up

If you’re just getting started, quarantine is usually the safest choice.

Phase 5: Set up your custom tracking domain for Lemlist

A custom tracking domain makes your links and tracking look aligned with your own domain instead of a generic one. This improves trust, supports deliverability, and enables open and click tracking in Lemlist.

To set this up, you’ll create:

one CNAME record
one TXT verification record

Step 1: Open the custom tracking domain settings in Lemlist

In Lemlist, click your name in the lower-left corner and select Settings.

Lemlist home page showing the user menu opened from the lower-left corner with Settings selected

Then open Sending settings, expand the Email section if needed, and click Settings for the email address you want to configure.

Lemlist sending settings page showing the Email section and the Settings button for a connected email address

Inside that email’s settings, open the Custom tracking domain section and copy the CNAME values Lemlist shows you, including the Host name and Value.

Lemlist email settings modal showing the Custom tracking domain section with CNAME host name and value fields

Step 2: Add the CNAME record in Cloudflare

Back in Cloudflare, click Add record, open the Type dropdown, and select CNAME.

Cloudflare DNS records page showing Add record and the Type dropdown with CNAME selected

Then paste the Lemlist values into the new record:

Type: CNAME
Name: the Host name from Lemlist, such as omega
Target: the Value from Lemlist, such as custom.lemlist.com
TTL: Auto
Proxy status:DNS only

This part is very important: the custom tracking domain CNAME should not be proxied through Cloudflare. If proxying stays enabled, the tracking domain may fail validation in Lemlist.

Cloudflare CNAME record form showing the Lemlist host name and target entered with proxying turned off

Step 3: Add the TXT verification record

After saving the CNAME, return to Lemlist.
Choose Configure manually.
Enter your full tracking domain, for example omega.yourdomain.com.
Lemlist will generate a TXT verification record.
Back in Cloudflare, add a new TXT record.
Set the Name to the value shown by Lemlist, often @.
Paste the generated verification value into Content.
Save the record.

Step 4: Validate the setup in Lemlist

DNS changes can propagate quickly, but they may still take time. In many cases, records appear within 10 to 15 minutes, but propagation can also take up to 48 to 72 hours.

Wait about 10 to 15 minutes after saving the records.
Return to Lemlist and click Check setup.
If you have multiple mailboxes on the same domain, use Validate this CTD for all mailboxes on the same domain to apply it more broadly.

Once the records propagate, Lemlist will validate the tracking domain successfully.

Practical example

Here’s what a typical Lemlist domain setup in Cloudflare might include:

MX for your email provider, such as Google Workspace or Microsoft 365
One SPF TXT record that includes every authorized sending provider
One or more DKIM TXT records from your email provider
One DMARC TXT record with a quarantine policy
One CNAME for your custom tracking subdomain
One TXT verification record generated by Lemlist

Troubleshooting and common pitfalls

Issue: Emails fail authentication or land in spam

Root cause: SPF, DKIM, or DMARC is missing or misconfigured.

Check that SPF exists as a single TXT record
Verify that your DKIM name and value match your provider exactly
Make sure your DMARC record name is _dmarc

Issue: You accidentally created multiple SPF records

Root cause: each sending tool was added as a separate SPF record instead of being combined.

Delete extra SPF TXT records
Merge all providers into one SPF value using multiple include: entries
Save the single combined SPF record

Issue: Lemlist custom tracking domain won’t validate

Root cause: the CNAME is proxied through Cloudflare or the TXT verification record is incorrect.

Open the CNAME record and make sure it is set to DNS only
Verify the hostname and target exactly match the values in Lemlist
Check that the TXT verification record content was copied without changes

Issue: MX record doesn’t work

Root cause: wrong mail server value or incorrect priority.

Confirm the MX value in your email provider admin panel
Use the priority recommended by your provider
Edit the existing record rather than adding a duplicate unless your provider requires multiple MX records