How to Configure Domain and Email
Overview
Why This Matters
- Boost brand trust and SEO with a canonical HTTPS domain
- Improve email deliverability and reduce missed order confirmations
- Prevent duplicate content in search engines, protecting rankings
- Reduce support tickets from failed email deliveries
Configure a custom domain and professional email to boost brand trust, SEO, and email deliverability. A canonical HTTPS domain prevents duplicate content in search, protecting rankings. Authenticated email (SPF/DKIM/DMARC) improves inbox placement, reducing support tickets from missed order emails.
Track these KPIs to measure success:
- Order email delivery rate (target: ≥98%)
- Order confirmation open rate (target: 60–80%)
- Support tickets about missing emails (target: ↓50% after DMARC)
- Organic sessions and CTR to canonical URLs
- Single-hop 301 redirects to canonical HTTPS host
Quick ROI Example
If you send 4,000 order emails/month and 3% fail today (120 emails), improving delivery to 98% saves ≈$108/month in support costs and preserves ≈$720/month in at-risk revenue (15% support touch rate at $6/ticket, 5% churn at $120 AOV).
Prerequisites
Before you begin, make sure you have:
Domain Registrar Access
Access to your domain registrar or DNS provider
Hosting Control Panel
Access to your hosting control panel or server
Magento Admin Access
Magento Admin credentials for configuration
SSH Access (Optional)
For server/CLI tasks like Certbot and Magento CLI
Who should use this guide: Merchant administrators and technical managers can complete most steps. A developer or hosting provider may assist with server/CDN configuration.
What You'll Accomplish
By following this guide, you will:
- Configure your store's custom domain with proper DNS records
- Implement secure HTTPS with TLS certificates and canonical redirects
- Set up professional email with SPF, DKIM, and DMARC authentication
- Configure Magento for optimal email deliverability
- Improve your store's performance and customer experience
Quick Checklist for Experienced Users
- DNS: A/AAAA, CNAME (www), MX, TXT for SPF/DKIM/DMARC
- TLS/SSL: Issue and install certificates (or configure at CDN)
- Redirects: Force HTTPS and canonical host at edge (CDN/web server)
- Magento: Set Base URLs (secure), enable web server rewrites
- Email: ESP/SMTP module, store email identities, SPF/DKIM/DMARC, return-path
- Validation: DNS, redirects, TLS grade, email auth headers, delivery logs
Step-by-Step Instructions
This guide is divided into two themes to streamline your setup:
- Domain & HTTPS (Steps 1–5): Configure DNS, SSL/TLS, redirects, and Magento base URLs
- Email & Deliverability (Steps 6–10): Set up email authentication, sending method, and validation
Plan your canonical domain and email identities
Choose your canonical host to avoid rework later:
- www.yourdomain.com – Recommended if you use a CDN or want maximum flexibility and cookie isolation
- yourdomain.com (apex) – Simpler if your DNS/CDN supports apex records (ALIAS/ANAME)
List the professional email addresses you will use (e.g., support@yourdomain.com, orders@yourdomain.com). If you plan to use a transactional email provider (recommended), create your account now.
Decide on canonical host (www vs apex) and delivery architecture (direct-to-origin vs CDN) first to reduce rework later. If using a CDN, you'll point DNS to the CDN and terminate TLS there in later steps.
Create DNS records for your website
In your DNS provider, create the following records:
- A record (apex): Host/Name = @ (or yourdomain.com), Value = your IPv4 address, TTL = 300
- AAAA record (IPv6, optional): Host/Name = @ (or yourdomain.com), Value = your IPv6 address
- CNAME (www): Host/Name = www, Value = yourdomain.com (do not create CNAME at apex)
DNS UI Tips:
- Host/Name "@" represents the apex (yourdomain.com)
- Most DNS UIs do not require trailing dots (enter yourdomain.com, not yourdomain.com.)
- Always enter full hostnames for targets, not "@"
CDN Variant
If using a CDN, point DNS to the CDN per provider docs (ALIAS/ANAME for apex, CNAME for www). Enable proxying on web traffic records. Validate CDN health checks before switching traffic. Only cut over DNS after TLS is ready at the CDN.
Cutover Planning (Minimize Downtime)
- Lower TTL to 300 seconds 24–48 hours before changes
- Pre-provision TLS and verify with hosts-file test if possible
- Schedule DNS changes in low-traffic window
- Prepare quick rollback plan (restore DNS, disable new redirects)
Save changes and wait for DNS propagation (5–30 minutes, sometimes longer). Test with dig +short A yourdomain.com or nslookup yourdomain.com on Windows.
If you need to receive email at your domain (e.g., support@yourdomain.com), you will add MX records for your mailbox provider in Step 7.
Provision and install an SSL/TLS certificate
Choose one approach:
Option A: Hosting Control Panel
Enable a free SSL option (e.g., Let's Encrypt) for both yourdomain.com and www.yourdomain.com.
Option B: Server with Certbot
- 1. Install certbot per your OS
-
2.
For Nginx:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com -
3.
For Apache:
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com -
4.
Test renewal:
sudo certbot renew --dry-run
HTTP-01 challenges require inbound port 80 accessible from public internet. If blocked, use DNS-01 validation with your DNS provider's API to automate issuance.
Cloudflare-Specific Configuration
Set SSL/TLS mode to Full (Strict). Do not use Flexible—it causes HTTP at origin and breaks secure policies. Install a publicly trusted cert (e.g., Let's Encrypt) or Cloudflare Origin Certificate on your server before enabling Full (Strict).
If using a CDN (e.g., Fastly, Cloudflare): Terminate TLS at the CDN and upload/manage certificates there. After confirming site-wide HTTPS is working, consider enabling HSTS (e.g., max-age=31536000; includeSubDomains; preload) at the CDN or server.
HSTS/Preload Caution
Enable HSTS preload only after confirming stable HTTPS across all subdomains. Preload is hard to roll back and can cause site inaccessibility if misconfigured. Submit to hstspreload.org only after thorough verification.
Set canonical redirects at the web server or hosting panel
Enable a 301 redirect to your canonical host and HTTPS in your hosting panel/CDN (often called "Force WWW/Non-WWW" and "Force HTTPS"). If editing configuration files:
Nginx Example (www canonical):
server {
listen 80;
server_name yourdomain.com;
return 301 https://www.yourdomain.com$request_uri;
}
# Also redirect HTTPS requests for the non-canonical host
server {
listen 443 ssl http2;
server_name yourdomain.com;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
return 301 https://www.yourdomain.com$request_uri;
}
Apache Example (non-www canonical):
RewriteEngine On
# Redirect www to non-www
RewriteCond %{HTTP_HOST} ^www\.yourdomain\.com$ [NC]
RewriteRule ^(.*)$ https://yourdomain.com/$1 [L,R=301]
# Force HTTPS (supports proxies)
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]
Important: Handle canonical and HTTPS redirects at the edge (CDN/web server) to avoid double redirects. A single 301 hop improves crawl efficiency, preserves link equity (SEO), and reduces page load time. Set Magento's "Auto-redirect to Base URL" to No in Step 5 unless you cannot control redirects at the edge.
Update Magento Base URLs to HTTPS and canonical domain
In Magento Admin:
- 1. Go to Stores › Settings › Configuration › General › Web
- 2. In the scope switcher (upper-left), select the Website you want to configure. If you run different domains per store view, switch to Store View scope and set Base URLs there.
-
3.
Under Base URLs, set Base URL to
https://yourdomain.com/(match your canonical) - 4. Under Base URLs (Secure), set Base URL (Secure) to the same HTTPS URL. Enable "Use Secure URLs on Storefront" and "Use Secure URLs in Admin"
- 5. Under URL Options, set Auto-redirect to Base URL = No (recommended when redirects handled at CDN/web server)
- 6. Under Search Engine Optimization, set Use Web Server Rewrites = Yes (removes index.php from URLs)
-
7.
Default Cookie Settings: Go to General › Web › Default Cookie Settings
- Cookie Domain: .yourdomain.com (for subdomain sharing) or leave blank
- Use HTTP Only: Yes
- Use Secure Cookies: Yes (after HTTPS works end-to-end)
- 8. Click Save Config, then System › Tools › Cache Management › Flush Magento Cache
Recovery if Locked Out Due to Incorrect Base URL:
CLI recovery (default scope):
bin/magento setup:store-config:set --base-url="https://yourdomain.com/" \
--base-url-secure="https://yourdomain.com/" --use-secure=1 --use-secure-admin=1
bin/magento cache:flush
CLI recovery (per-website scope):
bin/magento config:set web/unsecure/base_url "https://yourdomain.com/" \
--scope=websites --scope-code=YOUR_WEBSITE_CODE
bin/magento config:set web/secure/base_url "https://yourdomain.com/" \
--scope=websites --scope-code=YOUR_WEBSITE_CODE
bin/magento cache:flush
If using a CDN for static/media files, configure Base URL for Static View Files and Base URL for User Media Files separately. Enable signing for cache-busting. See source markdown for detailed CDN configuration steps.
Set store email identities in Magento
In Magento Admin:
- 1. Go to Stores › Settings › Configuration › General › Store Email Addresses
-
2.
For each identity (General Contact, Sales Representative, Customer Support, Custom Emails), set:
- Sender Name: Your brand name
- Sender Email: Professional address (e.g., support@yourdomain.com)
- 3. Go to General › Contacts. Set Enable Contact Us = Yes, Send Emails To = your support address, Email Sender = appropriate identity
- 4. Click Save Config
Use the Store View scope switcher to configure different Sender Name and Sender Email for each store view that has a different brand or domain.
Configure SPF, DKIM, DMARC (and MX) for your domain
In your DNS provider:
MX Records (Inbound Email):
Add MX records for your mailbox provider (e.g., Google Workspace, Microsoft 365).
Example (Google Workspace): Host/Name = @, Value = ASPMX.L.GOOGLE.COM., Priority = 1 (plus additional MX hosts per provider docs)
SPF Record (Single TXT Record at Root):
v=spf1 include:YOUR_EMAIL_PROVIDER include:YOUR_ESP -all
Examples:
- Google Workspace only:
v=spf1 include:_spf.google.com -all - Microsoft 365 only:
v=spf1 include:spf.protection.outlook.com -all - Google + SendGrid:
v=spf1 include:_spf.google.com include:sendgrid.net -all
Only include providers you actively use. Keep total DNS lookups ≤10 across all includes.
DKIM Records:
Add TXT or CNAME records provided by your email/ESP (e.g., s1._domainkey.yourdomain.com) exactly as instructed by your provider.
DMARC Record (TXT at _dmarc.yourdomain.com):
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; \ ruf=mailto:dmarc-forensic@yourdomain.com; adkim=s; aspf=s; fo=1; pct=100
Start with p=none for monitoring. After 1–2 weeks of clean reports, tighten to p=quarantine or p=reject to block phishing attempts.
Alignment & Reputation Tips
- Ensure From address domain matches authenticated domain for DMARC alignment
- Consider subdomain for marketing (m.yourdomain.com) to isolate reputation
- Add domain to Google Postmaster Tools to monitor reputation
- Configure custom Return-Path/bounce domain with your ESP
Choose and configure your email sending method
Recommended (best deliverability): Use an ESP (e.g., SendGrid, Mailgun, Amazon SES) with a Magento integration.
Install ESP Integration via Composer:
composer require mageplaza/module-smtp bin/magento module:enable Mageplaza_Smtp bin/magento setup:upgrade bin/magento cache:flush
Then configure at Stores › Configuration › Mageplaza Extensions › SMTP
Set host and port per your ESP: typically port 587 with STARTTLS (TLS) or port 465 with SSL. Use the module's Test feature to verify connectivity. Ensure only one SMTP/ESP module is enabled at a time to avoid transport conflicts.
ESP Selection Guidance (Tied to Outcomes):
- Volume < 50k/month: Shared IP on reputable ESP (fast start, no warm-up)
- Volume 50k–300k/month: Dedicated IP(s) with 2–3 week warm-up; strong deliverability tooling
- Volume > 300k/month: Dedicated IP pool + subdomain segmentation; SLAs and account support
- Typical cost: ~$0.10–$1.50 per 1,000 emails depending on tier and features
Dedicated IP Warm-up (If Applicable)
Ramp volume gradually over 2–3 weeks, starting with engaged recipients (recent purchasers, frequent openers). Example: 2k/day → 5k/day → 10k/day → 20k+/day. Monitor ESP dashboards for blocks, spam complaints, bounce rate. Slow the ramp if rates spike.
Not Recommended for Production
Host-provided SMTP. Many hosts block outbound SMTP or have poor IP reputation, harming deliverability and DMARC alignment. If you must use it temporarily, verify outbound mail is permitted and obtain SMTP credentials from your host.
Enable and test Magento transactional emails
In Magento Admin:
-
1.
Go to Stores › Configuration › Advanced › System › Mail Sending Settings
- Set "Disable Email Communications" = No
- Set "Set Return Path" = Specified
- Set "Return-Path Email" = bounce-capable address from ESP (e.g., bounce@yourdomain.com)
-
2.
Go to Stores › Configuration › Sales › Sales Emails
- Ensure emails enabled for Orders, Invoices, Shipments, Credit Memos
- Set Email Sender to appropriate Store Email Identity
- Under General Settings, set Asynchronous Sending = Yes (recommended)
-
3.
Ensure Magento cron is running (emails won't send otherwise)
- Verify cron:
crontab -u <magento_user> -l - If not installed:
bin/magento cron:install - Check last run times in var/log/cron.log and system.log
- Verify cron:
- 4. Test: Place a small test order or use Contact Us form. Verify From address, brand name, and successful delivery to your inbox.
Validate DNS, redirects, and authentication
Check DNS (Unix/macOS):
dig +short A yourdomain.com dig +short CNAME www.yourdomain.com dig +short TXT _dmarc.yourdomain.com
Check DNS (Windows):
nslookup -type=A yourdomain.com nslookup -type=CNAME www.yourdomain.com nslookup -type=TXT _dmarc.yourdomain.com
Confirm Redirects:
- Browser test: Visit http://yourdomain.com and http://www.yourdomain.com — verify single 301 to canonical HTTPS
- CLI test:
curl -I http://yourdomain.com— should see single 301 to https://<canonical-host>/
Validate TLS:
- Test at SSL Labs and aim for A grade
- Ensure only TLS 1.2/1.3 enabled and weak ciphers disabled
Email Authentication:
- Open headers of received test email and confirm SPF=PASS, DKIM=PASS, DMARC=PASS
- Gmail: More (⋮) › Show original. Outlook: File › Properties › Internet headers
- ESP validation: Confirm test messages show Delivered (250 OK) in ESP dashboard
In Magento, clear caches after any changes: System › Tools › Cache Management › Flush Magento Cache
Verification
Use this checklist to confirm everything is working correctly:
-
DNS Configuration
- ✓ Apex and www records point to origin or CDN as designed
- ✓ MX, SPF, DKIM, DMARC records valid and propagated
-
TLS/SSL & Redirects
- ✓ Valid certs (A grade on SSL Labs); HSTS considered after verification
- ✓ Single 301 hop to canonical HTTPS host from all entry points
-
Magento Configuration
- ✓ Base URLs (secure) set at correct scope
- ✓ Web Server Rewrites enabled; cookies configured
- ✓ Caches flushed after configuration changes
-
Email Configuration
- ✓ Store Email Identities set with professional addresses
- ✓ SMTP/ESP module configured (only one enabled)
- ✓ Return-Path set and verified with ESP
- ✓ Asynchronous Sending enabled; cron operational
-
Email Authentication & Delivery
- ✓ Test emails show SPF=PASS, DKIM=PASS, DMARC=PASS in headers
- ✓ ESP dashboard shows Delivered (250 OK)
- ✓ Bounces and complaints processed by feedback loops
- ✓ Dedicated IP warm-up plan executed (if applicable)
-
Go-Live & SEO Follow-up
- ✓ Sitemaps updated and submitted to Search Console/Bing
- ✓ Search Console properties verified for canonical domain
- ✓ Top 50 landing URLs tested for single-hop redirects
- ✓ Robots.txt set to INDEX, FOLLOW for production
Business Signoff Criteria:
- Delivery rate ≥98% (ESP dashboard)
- Order/shipment open rate ≥60%
- Support tickets about missing emails ↓≥50% vs baseline
- Organic CTR to canonical URLs ↑ vs baseline
Common Issues and Solutions
Solution
- Check Stores › Configuration › Advanced › System › Mail Sending Settings → Disable Email Communications = No
- Verify SMTP/ESP module credentials and encryption settings
- Ensure only one SMTP/ESP module is enabled
- Confirm Magento cron and system cron are running
- Review var/log/exception.log for error messages
Solution
- Use a single SPF TXT record at your domain root
- Include only providers you actively use for sending
- Keep total DNS lookups ≤10 across all includes
- Remove permissive "a" or "mx" mechanisms unless required
Solution
- Confirm DKIM selector names match ESP's instructions exactly
- Use TXT or CNAME record type as specified by your ESP
- Allow time for DNS propagation (up to 24-48 hours)
- Test again and verify with dig or nslookup commands
Solution
- Handle redirects at CDN/web server level only
- Set Magento Auto-redirect to Base URL = No
- Ensure Magento Base URLs exactly match canonical domain and protocol
- Clear Magento caches after configuration changes
Solution
- Clear all Magento caches after changing Base URLs
- Ensure all Base URLs use HTTPS protocol
- Update hardcoded http:// URLs in custom themes or CMS blocks
- Check third-party scripts and update to HTTPS versions
Solution
- Revert Base URLs via CLI or database (see Step 5 recovery procedures)
- Use correct website scope code for multi-site installations
- Recheck SSL certificate and web server configuration
- Clear caches after recovery: bin/magento cache:flush
Related Resources
- Google Postmaster Tools – Monitor domain reputation and deliverability
- SSL Labs Server Test – Test TLS configuration and certificate grade
