A custom-domain email address ([email protected] instead of [email protected]) is the single highest-return change you can make to how your business looks online. Customers trust it, journalists reply to it, and email providers stop dropping your messages into spam. The setup is mechanical, but it has enough moving parts that most people get one detail wrong and assume email is broken. Here is the order that actually works.
Pick how you want to receive email
Three options, ranked by effort and capability. First, forwarding: [email protected] forwards into your existing Gmail or Outlook inbox. Five-minute setup, free, fine for solo operators. Second, a real mailbox on OneClick: a full IMAP/SMTP account hosted by us, with webmail and mobile-app support. Included on every paid plan. Third, Google Workspace or Microsoft 365: enterprise-grade, $6 to $8 per user per month, the right choice once you have a team or any compliance requirement.
Set up the DNS records
Whichever option you pick, four DNS records do the actual work. MX tells the world where to deliver mail for your domain. SPF (a TXT record) tells receiving servers which IP addresses are allowed to send mail as your domain. DKIM (a TXT record with a long public key) cryptographically signs every outbound message so the recipient can verify it really came from you. DMARC (another TXT record) tells receiving servers what to do with messages that fail SPF or DKIM and where to send authentication reports.
If you buy a domain through OneClick and set up email through OneClick, every one of these records is configured automatically. If you bring an existing domain or use an external provider, you copy four DNS entries into your domain registrar's control panel. We generate them for you on the email setup screen — there is no manual zone editing.
Test the records before you announce the address
Send a test message to a Gmail account you control. Open it, click the three-dot menu, select "Show original". The top of the message will show three lines: SPF, DKIM, and DMARC. All three must say PASS. If any one says FAIL or NEUTRAL, the corresponding DNS record is either missing, wrong, or has not propagated yet. Wait 30 minutes and test again — DNS caching is the most common cause of false negatives.
Set up send-as if you are forwarding into Gmail
If you forwarded into Gmail, you also need to configure Gmail to send mail as your custom address, otherwise replies will go out from your old Gmail address and confuse everyone. In Gmail Settings → Accounts and Import → Send mail as, add the address, point Gmail at OneClick's SMTP server, paste the password we generated, and save. Test by replying to a message and checking the From header on the recipient side.
Watch out for the BIMI temptation
BIMI (Brand Indicators for Message Identification) puts your logo next to your name in Gmail's inbox list. It looks great. It is also gated behind a VMC certificate that costs roughly $1,500 per year and only works once SPF, DKIM, and DMARC are all hard-passing on every message you send. Worth doing for established brands; skip it for a new business until you have volume.
Common gotchas
Three things break email for new domains more than anything else. First, an SPF record that lists the wrong include — every email sender you use (OneClick, Mailchimp, Stripe receipts) needs its include statement in the single SPF record for the domain. Second, a DMARC policy of "reject" applied before SPF and DKIM are fully passing — start at "p=none", monitor the reports for a week, then tighten. Third, a stray catch-all forwarding rule on the registrar side that competes with the new MX records — delete it before changing MX.
Once it works, stop touching it
Email DNS is one of those things that breaks silently. A new staff member changes a record "to clean things up" and a week later your invoices start landing in spam. Lock the DNS zone with two-factor on the registrar account, document the records somewhere your future self can find them, and resist the urge to optimise.