This guide walks you through adding your SendX DNS records in Cloudflare. Cloudflare has a unique proxy feature that must be disabled for email authentication records, so pay close attention to the proxy status steps below.
When you'll need this
Follow this guide if your domain's DNS is managed through Cloudflare and you need to add the four SendX authentication records (DKIM, Return Path, Track, and DMARC).
Before you start
Make sure you have:
Access to your Cloudflare account
The four DNS records from your SendX account (visible in Settings > Domains after adding your domain)
If you haven't added your domain in SendX yet, see How to Authenticate a Domain first.
Step 1: Copy your DNS records from SendX
Log in to SendX and go to Settings > Domains. Expand your domain to see the four records you need to add.
Make sure the "View as" dropdown is set to Cloudflare. This formats the record names correctly for Cloudflare's interface.
You'll see four records:
Host | Type | TXT Value / Points To |
sp-dkim._domainkey | TXT | Your unique DKIM key |
sp-bounce | CNAME | sp.sendpost.info |
sp-track | CNAME | track url |
_dmarc | TXT | v=DMARC1; p=none; |
Keep this tab open. You'll be copying from here in the next steps.
Step 2: Log in to Cloudflare
Go to dash.cloudflare.com and sign in to your account.
Step 3: Select your domain
From the Domains page, click on the domain you want to authenticate.
Step 4: Go to DNS Records
In the left sidebar, click DNS and then click Records. This opens the DNS management panel where you'll add your records.
Step 5: Add the DKIM record (TXT)
Click the "Add record" button. Then:
Set Type to TXT (click the type dropdown and select TXT)
In the Name field, enter
sp-dkim._domainkeyIn the Content field, paste the DKIM value you copied from SendX (starts with
v=DKIM1;k=rsa;...)Leave TTL as Auto
Click Save
Step 6: Add the Return Path record (CNAME)
Click "Add record" again. Then:
Set Type to CNAME
In the Name field, enter
sp-bounceIn the Target field, enter
sp.sendpost.infoImportant: Make sure Proxy status is set to "DNS only" (gray cloud icon). If it shows an orange cloud with "Proxied," click the toggle to switch it off.
Leave TTL as Auto
Click Save
Why "DNS only" matters: Cloudflare's proxy routes web traffic through their network. That's great for websites, but email authentication records need to resolve directly to the actual destination. If you leave the proxy on, inbox providers won't be able to verify your records and authentication will fail.
Step 7: Add the Track record (CNAME)
Click "Add record" again. Then:
Set Type to CNAME
In the Name field, enter
sp-trackIn the Target field, enter
track.sx30.emailImportant: Set Proxy status to "DNS only" (gray cloud), just like the previous step
Leave TTL as Auto
Click Save
Step 8: Add the DMARC record (TXT)
Click "Add record" one more time. Then:
Set Type to TXT
In the Name field, enter
_dmarcIn the Content field, enter
v=DMARC1; p=none;Leave TTL as Auto
Click Save
Step 9: Verify your records in SendX
Go back to SendX and check your domain status. The status badges next to each record (DKIM, RETURN PATH, TRACK, DMARC) should turn green once SendX detects them. This can take a few minutes, though Cloudflare DNS changes usually propagate very quickly.
If any record still shows as unverified after 15-20 minutes, click the three-dot menu next to your domain and select Verify to trigger a manual check.
Cloudflare-specific: Proxy status explained
This is the most common mistake Cloudflare users make with email authentication. Here's the quick reference:
Proxy status | Icon | When to use |
Proxied | Orange cloud | Website traffic (HTTP/HTTPS) only |
DNS only | Gray cloud | Email records, CNAME records for authentication, anything non-web |
Both of your CNAME records (sp-bounce and sp-track) must be set to DNS only. TXT records don't have a proxy toggle, so DKIM and DMARC are unaffected.
Common questions
My records aren't verifying. What should I check first?
In Cloudflare, the number one issue is proxy status. Go to DNS > Records and make sure both CNAME records show a gray cloud icon, not orange. If they show orange, click Edit on each record and toggle the proxy off.
I accidentally left the proxy on. Can I fix it without deleting the record?
Yes. Click Edit next to the record, click the orange cloud icon to switch it to gray ("DNS only"), and click Save. The change takes effect within a few minutes.
How long does Cloudflare DNS propagation take?
Cloudflare is one of the fastest DNS providers. Changes usually propagate within a few minutes. If your records aren't verifying after 30 minutes, double-check the record names and values for typos.
My Cloudflare account is managed by someone else. What do I do?
You can send them the DNS records directly from SendX. In the domain details, use the "Send Instructions" option to email the records to whoever manages your Cloudflare account. Make sure to tell them that CNAME records must have the proxy disabled.
Do I need to change any Cloudflare SSL/TLS settings?
No. Your email authentication records are independent of Cloudflare's SSL/TLS configuration. You don't need to change any SSL settings.