Support The Network
Proton Mail Suite
Home ยป Blog ยป How to Set Up Proton Mail With Your Own Domain (Step-by-Step)

How to Set Up Proton Mail With Your Own Domain (Step-by-Step)

,

๐Ÿ“… Published: March 2026 | โœ๏ธ By Brad Andrews | โฑ๏ธ 14 min read

If you’re serious about owning your digital identity, there’s one thing that matters more than which email app you use: who controls your email address.

When your address ends in @gmail.com or @outlook.com, you’re renting space on someone else’s platform. The day you decide to leave or the day they decide to change something you hate you’re starting over. Every contact, every account signup, every newsletter subscription tied to that address has to be updated.

A custom domain changes that permanently. you@yourdomain.com goes with you, forever, regardless of which email provider is sitting behind it.

Pair that with Proton Mail end-to-end encrypted, zero-knowledge, and based in Switzerland under some of the strongest privacy laws on the planet and you have an email setup that is yours, private, and built to last.

I’ve been running this exact setup for close to two years across my entire family. My wife and I both use Proton. My kids have email addresses on our family domain that I’ve been sending memories and photos to since they were born letters they’ll be able to read when they’re old enough to understand them. Proton even has a mail reservation service to reserve your child’s username before someone else takes it. That’s the kind of long-term thinking that matches how I want to use email.

This guide will walk you through the entire process: buying a domain, setting up Cloudflare for DNS, and configuring Proton Mail to send and receive from your custom address.

Before You Start: Choose Your Path

Not everyone needs a custom domain and Proton Mail is just as good without one. Before diving into DNS records and domain registrars, figure out which path is right for you.

Path A: Just Get Started With Proton Mail (No Custom Domain)

If you’re not ready to buy a domain or you simply don’t need one Proton Mail works beautifully with their own addresses. You get a clean @proton.me or @pm.me address that’s fully encrypted and private, with nothing else to configure.

Which plan should you choose?

  • Free A great starting point. One @proton.me address, 1GB storage, access to Proton Mail and Calendar. No credit card required. Perfect for trying Proton before committing.
  • Unlimited For individuals who want the full experience. 500GB storage, access to all Proton apps (Mail, Calendar, Drive, VPN, Pass), and support for custom domains if you decide to add one later.
  • Duo For two people. Everything in Unlimited, shared between two accounts. Ideal for couples or partners who both want to make the switch.
  • Family For up to 6 users. One subscription covers the whole household. This is what I use my wife, my kids, and myself all have addresses on our family domain under a single plan. Exceptional value.

Already have Gmail or another provider? If you’re moving from Gmail, Outlook, or Yahoo, Proton’s Easy Switch tool imports your existing emails, contacts, and calendar entries directly no manual export needed, no third-party tools. Sign up, run Easy Switch, and you’re done. The rest of this guide (the domain and DNS setup) is completely optional.

Jump straight there: Sign up for Proton Mail โ†’ log in โ†’ click your account name โ†’ Settings โ†’ Import via EasySwitch. That’s it.

Path B: Set Up a Custom Domain (This Guide)

If you want you@yourdomain.com an address tied to a domain you own permanently keep reading. This requires a paid plan (custom domains are not available on the free tier) and takes about 30โ€“45 minutes to configure.

Which paid plan do you need?

  • Unlimited Best for individuals
  • Duo Best for two people
  • Family Best for households of up to 6

I’m on the Family plan and it’s excellent value. One subscription covers email, calendar, Drive storage, and Pass (Proton’s password manager) for everyone in the house.

What You’ll Need

Step 1: Buy Your Domain Name

Your domain is your permanent address on the internet. It’s worth taking a few minutes to choose something you’ll want to keep.

Choosing a registrar

A domain registrar is just the company you buy the domain from. The most important thing is that it’s reputable and makes it easy to transfer your domain elsewhere if you ever want to.

A few solid options:

  • Namecheap My go-to. Competitive pricing, clean interface, no upsell pressure, and straightforward transfers. Great for .ca domains if you’re Canadian.
  • Porkbun Excellent pricing, especially on .com renewals. Very clean and no-nonsense.
  • Cloudflare Registrar Sells domains at cost (no markup). If you’re already going to use Cloudflare for DNS (which we are), this simplifies things slightly.
  • Avoid GoDaddy Expensive on renewals, aggressive upselling, and historically makes it harder to transfer your domain out. If you care about cost, clean UX, and the flexibility to move, GoDaddy is not the right call.

Choosing a domain name

A few practical guidelines:

  • .com is still the most trusted TLD globally. .ca is great if your audience is primarily Canadian.
  • Keep it short, easy to spell, and easy to say out loud.
  • Avoid hyphens they’re easy to forget and hard to say.
  • If your first choice is taken, try variations before settling for an obscure TLD.

Once you’ve chosen and purchased your domain, move on to Step 2. The domain itself doesn’t need to be configured at the registrar beyond the initial purchase we’ll handle everything in Cloudflare.

Step 2: Set Up Cloudflare for DNS

This is the step most guides skip, and it’s the most important one.

Your DNS host is not your domain registrar. The registrar is just where you bought the domain. DNS is what actually tells the internet what to do with it where your website lives, where your email goes, whether your messages are authenticated. Getting this right is the entire foundation of a reliable email setup.

Cloudflare is the best free DNS host available. It’s fast, reliable, has a clean dashboard, and includes excellent tools for email security (including DMARC reporting, which we’ll use). I run all my domains through Cloudflare regardless of where I bought them.

2a. Create a Free Cloudflare Account

Go to cloudflare.com and sign up for a free account.

2b. Add Your Domain to Cloudflare

  1. From the Cloudflare dashboard, click Add a Site
  2. Enter your domain name (e.g. yourdomain.com) and click Add Site
  3. Select the Free plan it includes everything we need
  4. Cloudflare will scan your existing DNS records. Review them and click Continue

2c. Update Your Nameservers at Your Registrar

Cloudflare will give you two nameserver addresses something like:

aria.ns.cloudflare.com
bob.ns.cloudflare.com

Log back into your domain registrar (Namecheap, Porkbun, etc.) and update the nameservers for your domain to these two Cloudflare addresses. The exact steps vary slightly by registrar but it’s always under Domain > Nameservers or DNS Settings.

How long does this take? Nameserver changes propagate globally within a few minutes to a few hours. Cloudflare usually confirms activation within 30 minutes. You’ll get an email when it’s done.

Once Cloudflare confirms your domain is active, you’re in control of your DNS. Everything from here is done in Cloudflare you won’t need to log into your registrar again.

Step 3: Add Your Domain to Proton Mail

  1. Log into Proton Mail
  2. Click your account name in the top-right โ†’ Settings
  3. Navigate to All Settings โ†’ Custom domains
  4. Click Add domain and enter your domain name
  5. Proton will walk you through a verification step to confirm you own the domain this involves adding a TXT record in Cloudflare (instructions in the next step)

Keep this Proton tab open you’ll be copying record values from here into Cloudflare throughout the next step.

Step 4: Configure Your DNS Records in Cloudflare

This is where most people get nervous. Don’t be Cloudflare’s interface is clean and Proton gives you the exact values to copy in. I’ll explain what each record does so you understand what you’re setting up, not just blindly copying.

Go to your domain in Cloudflare โ†’ DNS โ†’ Records.

Before adding anything: If you’re setting up email on a brand new domain, there’s one critical first step delete any pre-existing MX, SPF, or DMARC records. Cloudflare sometimes adds placeholder records when it first scans your domain. Competing records are one of the most common reasons email delivery fails. Clean slate first, then add the correct records below.

4a. Domain Ownership Verification (TXT)

Proton requires you to verify you own the domain before it will let you use it. They’ll give you a TXT record value that looks something like:

protonmail-verification=xxxxxxxxxxxxxxxxxxxx

In Cloudflare:

  • Type: TXT
  • Name: @ (represents your root domain)
  • Content: The verification string from Proton
  • TTL: Auto

Once added, go back to Proton and click Verify. This usually works within a minute or two.

4b. MX Records Where Your Email Is Delivered

MX records tell the internet “send email for this domain to these mail servers.” Without these, no one can email you.

Add these two records:

TypeNameMail serverPriority
MX@mail.protonmail.ch10
MX@mailsec.protonmail.ch20

Important: Delete any other MX records that exist. If there’s a leftover Google or cPanel MX record in there, your email will behave unpredictably. One set of MX records only.

4c. SPF Record Proving You’re Authorised to Send

SPF (Sender Policy Framework) is a TXT record that lists which mail servers are allowed to send email on behalf of your domain. Email providers on the receiving end check this if your server isn’t on the list, your email is more likely to land in spam or be rejected outright.

  • Type: TXT
  • Name: @
  • Content: v=spf1 include:_spf.protonmail.ch ~all
  • TTL: Auto

One SPF record only. You can only have one SPF TXT record on your root domain. If there’s an existing one (e.g. from a previous host), delete it and replace it with the Proton one above.

4d. DKIM Records Cryptographic Email Signing

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every email you send. The receiving server checks that signature against a public key stored in your DNS to verify the email genuinely came from you and wasn’t tampered with in transit.

Proton will give you three CNAME records to add. They’ll look something like:

TypeNameTarget
CNAMEprotonmail._domainkeyprotonmail.domainkey.xxxx.domains.proton.ch
CNAMEprotonmail2._domainkeyprotonmail2.domainkey.xxxx.domains.proton.ch
CNAMEprotonmail3._domainkeyprotonmail3.domainkey.xxxx.domains.proton.ch

Copy the exact values from your Proton setup screen the xxxx portion will be unique to your account.

Cloudflare proxy tip: For DKIM CNAME records, make sure the orange cloud (proxy) is disabled set to DNS only (grey cloud). Proxying these records breaks DKIM verification.

4e. DMARC Use Cloudflare’s Tool, Not a Raw Record

DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together. It tells receiving mail servers what to do when an email claims to be from your domain but fails authentication checks and it generates reports from mail servers around the world showing you exactly what’s happening with your email.

Here’s the thing most guides don’t tell you: if you set up DMARC the traditional way adding a raw TXT record with rua=mailto:you@yourdomain.com you will start receiving a flood of XML report emails from every major mail provider on the internet. Gmail, Microsoft, Yahoo, and dozens of others all send automated aggregate reports. They’re machine-generated XML files that are genuinely unreadable without a dedicated parsing tool. Your inbox will be buried.

The better approach: use Cloudflare’s built-in DMARC Management tool. It’s free, it handles all of this for you, and it gives you an actual dashboard instead of an inbox full of robot emails.

Setting Up Cloudflare DMARC Management

  1. In your Cloudflare dashboard, go to your domain โ†’ Email โ†’ DMARC Management
  2. Click Enable DMARC Management
  3. Cloudflare will automatically create the _dmarc TXT record for you, pointed at their reporting infrastructure you don’t add a record manually

Once enabled, here’s what the DMARC Management dashboard looks like in practice:

![Cloudflare DMARC Management dashboard showing email record overview with DMARC policy set to Quarantine, SPF policy Fail, and DKIM in use. Below is an email volume chart over 7 days showing DMARC pass vs fail trends, and a Top 10 Sources table listing Amazon and Microsoft as top senders with their SPF alignment, DKIM alignment, and DMARC pass rates]

Here’s what you’re looking at in that dashboard:

Email Record Overview (top panel) At a glance you can see your current DMARC policy, whether SPF is passing, and whether DKIM is active. In this screenshot the DMARC policy is set to Quarantine and DKIM is confirmed in use meaning signed emails are being verified correctly. The SPF showing Fail here is expected for this particular setup, which routes through SimpleLogin rather than directly through Proton your SPF should show Pass once your records are correctly configured.

Email Volume Chart (middle panel) The blue line is DMARC pass legitimate authenticated email. The red line is DMARC fail. You want to see blue consistently high and red consistently low before tightening your policy. The chart covers 7 days by default, giving you a clear picture of your sending patterns before making any changes.

Top 10 Sources (bottom panel) This is one of the most useful parts of the whole tool. Every server that has sent email claiming to be from your domain is listed here, broken down by volume, DMARC pass rate, SPF alignment, DKIM alignment, and the number of IPs involved. In this screenshot you can see Amazon and Microsoft appearing these are transactional emails (order confirmations, account notifications) being sent on behalf of the domain. This table tells you immediately if anything unexpected is sending email as you, which is exactly how you’d spot someone spoofing your domain.

The Policy Progression

This is the part most people rush and then wonder why their legitimate emails start bouncing. Take it in stages and use the dashboard to decide when you’re ready to move, not a calendar:

  • p=none Monitor only. Failing emails are still delivered. Start here. This is what Cloudflare sets by default when you enable DMARC Management.
  • p=quarantine Failing emails go to spam. Move here once your volume chart shows the blue line consistently high and the red line low, and your Top 10 Sources table shows your legitimate senders passing at high rates.
  • p=reject Failing emails are blocked entirely. The gold standard. Move here after a week or two on quarantine with no unexpected failures.

The entire point of the Cloudflare dashboard is that you can see exactly when you’re ready to advance. No guesswork, no parsing XML by hand just a clear visual that tells you the answer.

Step 5: What Your Completed DNS Setup Should Look Like

Before heading back to Proton to verify, it’s worth knowing what a correctly configured DNS setup looks like in Cloudflare. Here’s a screenshot of a real completed setup:

Cloudflare dashboard showing Proton Mail and Simplelogin DNS records

A few things to notice:

  • All three DKIM CNAME records are set to DNS only (the grey cloud icon) not proxied. This is correct and intentional, as discussed in Step 4d.
  • Both MX records are present with their priority values (10 and 20) and set to DNS only.
  • The SPF TXT record and DMARC TXT record are both on the root domain.
  • Every record shows DNS only none of the email records should ever be proxied through Cloudflare.

Important note on this screenshot: My setup routes smarthomesecrets.ca through SimpleLogin rather than directly through Proton Mail. That means the content of my MX, SPF, and DKIM records points to SimpleLogin’s servers instead of Proton’s. The structure and record types you’re looking at are identical you’ll just see protonmail.ch addresses in your records instead of simplelogin.co. More on this in the SimpleLogin guide.

Step 6: Verify Everything in Proton

Head back to your Proton Mail settings โ†’ Custom domains โ†’ your domain.

Work through each verification step:

  1. Ownership Should already be verified from Step 4a
  2. MX Proton checks that email is routing to their servers
  3. SPF Proton checks your SPF record
  4. DKIM Proton checks all three DKIM keys
  5. DMARC Proton checks your DMARC record

All green? You’re done.

If something shows as not verified, give it 5โ€“10 minutes for DNS to propagate and try again. Cloudflare is generally fast, but DKIM CNAMEs occasionally take a few minutes longer to resolve.

Step 7: Add Your Custom Email Address

With the domain verified, you can now create addresses on it:

  1. In Proton Mail settings โ†’ Addresses
  2. Click Add address
  3. Enter the local part (the bit before the @) and select your custom domain from the dropdown
  4. Click Create

You can create as many addresses as your plan allows. Common patterns: hello@, hi@, name@, info@.

Step 8: Migrate From Gmail (Optional but Recommended)

If you’re moving from Gmail, Proton’s Easy Switch tool makes this straightforward. It imports your existing emails, contacts, and calendar entries directly into Proton no manual export/import process, no third-party tools.

I used Easy Switch when I left Google and the process was clean. My archive of years of Gmail landed in Proton intact, searchable, and encrypted. It’s one of the things Proton has genuinely nailed.

After migrating, I’d recommend:

  1. Setting up a Gmail auto-forward to your Proton address for a transition period
  2. Gradually updating your important accounts to use your new custom domain address
  3. The custom domain address is the one you want to settle on long-term not @proton.me because it’s the one you’ll own regardless of which provider you use in the future

A Note on SimpleLogin

You may have come across SimpleLogin an email aliasing service that Proton acquired and integrates with. It lets you create disposable alias addresses that forward to your real inbox, so you never hand out your actual email address to websites and services.

SimpleLogin is genuinely useful, but it adds a layer of complexity especially when you want to send email through an alias, which requires additional configuration. For most people setting up Proton Mail for the first time, I’d recommend getting your custom domain working directly in Proton first (which is what this guide covers), and then layering in SimpleLogin once you’re comfortable.

I’ll cover the full SimpleLogin setup including how to use your custom domain with aliases and when to use SimpleLogin vs. a direct Proton address in the next guide in this series.

You’re Done

You now have email that:

  • Delivers to a domain you own permanently
  • Is end-to-end encrypted in transit and at rest
  • Is zero-knowledge not even Proton’s own team can read it
  • Has proper authentication (SPF, DKIM, DMARC) so it actually lands in inboxes
  • Can follow you to a different provider someday if you ever want to leave

The setup takes an afternoon. The payoff is permanent.

Quick Reference: DNS Records Summary

TypeNameValueNotes
TXT@protonmail-verification=...Ownership verification can remove after
MX@mail.protonmail.ch (priority 10)Required
MX@mailsec.protonmail.ch (priority 20)Required
TXT@v=spf1 include:_spf.protonmail.ch ~allOne SPF record only
CNAMEprotonmail._domainkeyFrom Proton dashboardDNS only, no proxy
CNAMEprotonmail2._domainkeyFrom Proton dashboardDNS only, no proxy
CNAMEprotonmail3._domainkeyFrom Proton dashboardDNS only, no proxy
TXT_dmarcAuto-created by Cloudflare DMARC ManagementEnable via Email โ†’ DMARC Management do not add manually

Next in the series: How SimpleLogin Works With Proton Mail and Why You Need Both

Smart Home Secrets is reader-supported. We may earn a commission if you buy through our links.