Skip to content

DNS records to send email from a custom domain

By default, transactional emails (e.g., password resets, user registration notifications) are sent from the default email address donotreply@wpvip.com. The default sender’s email address can be overridden and emails can be sent from a custom domain that has the required DNS records.

Access to the DNS settings of the custom domain with the third-party DNS host provider is required for this modification to work as expected.

Prerequisite

To send emails from a custom domain:

Limitation

Convenience domains cannot be used for sending emails.

Requirements

To send emails from a custom domain:

  • The domain must be added to the environment’s VIP Dashboard.
    • If the www variant of a domain is added to an environment’s Domains panel, both the www and the non-www variant of the domain—and all other subdomains of that domain—can be used for sending email as long as the domain (or subdomain) that will be used meets the DNS record requirements.
    • If the non-www variant of a domain is added to an environment’s Domains panel, only the non-www variant of the domain can be used for sending email as long as that domain meets the DNS record requirements.
  • The domain must be verified.
  • The domain’s DNS records must be updated with the SPF and DKIM setting values as outlined in DNS record requirements. Emails sent in large quantities from custom domains also require DMARC setting values.
  • After updating a custom domain’s DNS settings with the DNS record requirements , at least 12 hours must elapse before the updated settings can be detected and allow for the domain to be used to send emails.
  • If the domain is being added solely for the purpose of sending emails (not for launching a site) the domain’s DNS does not need to point to VIP. Only the updated records outlined below in DNS record requirements are necessary.
  • Even if a domain has been verified and has all of the required DNS settings, at least 12 hours must elapse after adding the domain to an environment’s VIP Dashboard before it can be used to send emails.

Required DNS records

To successfully configure emails to be sent with a custom domain, SPF and DKIM records must be added to the DNS records for that domain.

SPF record

A Sender Policy Framework (SPF) record identifies the mail servers and domains that are allowed to send email on behalf of a domain.

Adding SPF records for Automattic’s mail servers to the DNS records of the custom domain helps prevent emails sent from a WordPress site on VIP using a custom email address from being marked as spam on the receiving end.

SPF record value: 

include:_spf.wpvip.com

If a range of IPs is required for the SPF record, they can be retrieved by running this command in a local machine’s terminal: 

dig txt +short _spf.automattic.com

DKIM record

A DomainKeys Identified Mail (DKIM) record stores the public key used to verify the authenticity of the email sent from the custom domain. For most DNS providers, these settings are assigned to the TXT DNS record type.

Substitute <custom_domain> where it appears with the actual custom domain (i.e. update wpvip1._domainkey.<custom_domain> to wpvip1._domainkey.example.com).

DKIM record values: 

wpvip1._domainkey.<custom_domain> CNAME wpvip1._domainkey.wpvip.com
wpvip2._domainkey.<custom_domain> CNAME wpvip2._domainkey.wpvip.com

DMARC record

If more than 5,000 emails are sent per day from the custom domain, a Domain-based Message Authentication, Reporting and Conformance (DMARC) record must also be added to the domain’s DNS records. For most DNS providers, these settings are assigned to the TXT DNS record type.

Substitute <custom_domain> where it appears with the actual custom domain (i.e. update _dmarc.<custom_domain> to _dmarc.example.com).

DMARC host value: 

_dmarc.<custom_domain>

DMARC TXT value: 

v=DMARC1; p=none;

Last updated: November 07, 2024

Relevant to

  • WordPress