In this article we look at how to add your own domain to ProtonMail so that you can send and receive emails using an @yourdomain address. We also look at how to verify your domain for use with ProtonMail and how to set its MX records so that emails sent to your domain are properly directed to your ProtonMail Inbox.
To use custom domains within ProtonMail, you must have control of the domain’s Domain Name System (DNS) records. DNS records are basically public information about your domain that other web servers look up to see how to communicate with your domain. Typically, you can change your DNS records (or DNS Zone File) on your domain registrar’s website, or wherever you host your name servers.
For example, let’s say we bought yourdomain.com through the registrar namecheap.com. We can then go to namecheap.com‘s Domain List → yourdomain.com → Advanced DNS and edit DNS records there (see below). The process is similar for other registrars. Below you can see where to update the DNS for namecheap.com.
Once a DNS change has been made, then DNS lookups by other web servers will now find the new records. However, this change may take some time to propagate, since the old DNS records can still be cached across the Internet.
The Time to Live (TTL) setting controls how long DNS records are cached, and we suggest setting it to a low number (1 hour or less) if possible during setup. Some domain registrars do not allow setting such a low number, you can search your domain registrar and “TTL” to learn more about their restrictions.
Add your domain
1. In your browser, log in to your ProtonMail account and go to Settings → ProtonMail → Custom domains -> Add domain.
2. Enter your domain name, click Next (bottom right of page). You might be asked to re-enter your ProtonMail password for security reasons.
Verify your domain
The first thing you have to do after adding a custom domain name is to show ProtonMail that you control this domain. This is done by adding a TXT record with a unique code that ProtonMail has generated to your domain’s DNS records in your registrars domain management portal.
ProtonMail servers will then look up all the TXT records for your domain and see if any matches the verify code. If we find a match, then verification succeeds and you are allowed to move on to the other steps.
If you clicked Next in the last step you will be taken to the Verify tab. You can also reach it from Settings → ProtonMail → Domain Names → Custom domains by clicking on the Actions → Review button and selecting the Verify tab.
In the Verify tab, your Host Name (@) and TXT verification record are shown to the right of your newly added domain.
Click on the small Copy icon to the left of the TXT verification record to copy it to your clipboard. You can then paste it into your registrar’s domain management portal.
Wait a few minutes then click Next to trigger a DNS check by our servers. If it succeeds, you can now move on to the next steps. If it did not succeed, do not worry; it is possible that our servers are still reading old cached DNS records.
Note: If your DNS entry page does not allow you to add @ as the hostname, please try leaving this field blank when you enter the ProtonMail verification information. Some hosting providers do not provide a field for the “Host/Name.” If this is the case, please provide all other information and ignore the “Host/Name” in the Verify step.
Wait an hour and come back to the same page to see if it has succeeded; this can take up to a day depending on your TTL setting. If it still doesn’t succeed, and you have double checked your DNS matches the code in the setup wizard, please contact our customer support for assistance.
After the first verification, our servers will periodically check your domain’s DNS records and update the status of your domain. It is important you keep the right verification code in your domain’s DNS settings and to quickly fix any DNS issues that come up. After your domain is all set up, if we detect missing DNS records, such as the verify record, we will warn you for a week before disabling your domain and its addresses.
Once your domain is verified, click Next to go to the MX tab (or come back to this page later and simply go directly to the MX tab). The mail exchanger (MX) record is vital for email operation: it tells the Internet which server(s) should receive your domain’s email.
If you are setting up a new domain then go ahead and add the specified MX records to your n the control panel of your domain name registrar.
To ensure a smooth transition, if your domain currently has existing mailboxes we recommend that you add all used email addresses before switching your MX records to ProtonMail. We describe how to do this below. This is to avoid disruption to your email delivery, because ProtonMail will only accept mail for addresses that you have added. mail.protonmail.ch points to ProtonMail’s mail servers, so once you have made this change, you are telling the Internet to send email for your domain to your ProtonMail mailbox/es.
If you have MX records for multiple services, the email will be delivered to the service with the highest priority (lowest value). If you have other MX records, you should either delete them or make sure mail.protonmail.ch‘s priority is a smaller number (higher priority) than the other MX records.
Again, it may take up to a day for MX changes to propagate, and email may still go to your old MX during this transition. Once we detect your domain’s top MX record is pointing to ProtonMail, the MX tab will show a green tick icon.
Setting up your addresses
If you are changing an existing domain to deliver emails to your ProtonMail Inbox, then you should setup all existing email addresses before filling in the MX records (as described above).
Select the Address tab → Add address.
This will take you to the Organization section of your ProtonMail accounts page. Click on Add Address to create a ProtonMail email address using your custom domain. This can be found in the dropdown domains selection menu.
You may need to sign in again with your password. After this, you will be asked what encryption strength you want to use for the keys that will be generated for your account. The default is State of the Art (X25519), but you can also choose you can choose Compatibility RSA 4096-bit . Click Submit, and then Done when you have made your choice.
Now that you have finished all the required steps for custom domain setup, we can explore Anti-spoofing for Custom Domains (SPF, DKIM & DMARC). These are widely adopted methods that protect your email delivery and prevent email spoofing. Learn more here.