Skip to main content
This guide walks you through adding the required DNS records for Lettr using Google Cloud DNS. Google Cloud DNS is a fast, reliable, and cost-effective domain name system managed through the Google Cloud Console.
This guide is for Google Cloud DNS. If you registered your domain through Google Domains (now part of Squarespace), see the Squarespace guide instead.
You will configure a sending domain (CNAME, DKIM TXT, and DMARC TXT records) and, optionally, an inbound domain (MX records), tracking domain (two CNAME records), and storage domain (CNAME and two TXT records).
Google Cloud DNS requires a trailing period (.) on all FQDN values in the Canonical name and Mail server fields. For example, enter sparkpostmail.com. not sparkpostmail.com. The DNS name field is different — you enter only the subdomain label (e.g. mailing), and the console automatically appends the zone’s domain and the trailing period.
TXT record values must be enclosed in double quotes in Google Cloud DNS. Unlike most other DNS providers, Google Cloud DNS does not add quotes automatically. Always wrap the value in double quotes when entering it into the TXT data field (e.g. "v=DMARC1;p=none;").

Sending Domain Setup

A sending domain authenticates your outgoing emails with DKIM and DMARC, ensuring they are delivered reliably and not marked as spam. This requires a CNAME record for domain verification, a TXT record for DKIM signing, and a TXT record for DMARC policy. To create a sending domain in Lettr:
  1. Select Domains in the navigation panel
  2. Select Sending Domains
  3. Click Create Sending Domain
  4. Enter your desired sending subdomain (e.g. mailing.company.com)
  5. Click Create Domain
Use a subdomain (e.g. mailing.company.com) instead of the root domain (company.com). A subdomain provides proper reputation segmentation and is required if you also plan to receive emails with Lettr.
Click your new domain in the Sending Domains list. This will display a list of DNS records that need to be configured. Keep this page open — you will need these values soon.

Configure Google Cloud DNS

Log in to the Google Cloud Console and navigate to Network ServicesCloud DNS in the left-hand menu. Click the name of the managed zone that corresponds to your domain to open the zone details page.
If your domain was registered through Google Cloud Domains or your nameservers already point to Google Cloud DNS, skip nameserver configuration entirely. Your domain is already using Google Cloud DNS’s nameservers by default — proceed directly to adding the DNS records below.
If you registered your domain elsewhere but want to manage DNS on Google Cloud DNS, you must first create a managed public zone in Google Cloud DNS and then update the nameservers at your registrar to the four nameservers assigned to your managed zone.To find your zone’s nameservers, open the zone details page in Cloud DNS. The four nameservers are listed in the NS record at the top of the records list. They follow the format:
ns-cloud-a1.googledomains.com
ns-cloud-a2.googledomains.com
ns-cloud-a3.googledomains.com
ns-cloud-a4.googledomains.com
The shard letter (ae) is randomly assigned per zone — copy the exact values shown in your zone, not the example above.
Until all four nameservers are updated at your registrar, any records you add in Google Cloud DNS will not resolve. Nameserver propagation can take up to 48 hours.

Add CNAME Record

The CNAME record verifies domain ownership with Lettr’s email infrastructure. Copy the CNAME values from Lettr to Google Cloud DNS:
  1. Click Add standard on the zone details page.
  2. Set DNS name to the Hostname from Lettr, omitting your domain suffix. For example, paste only mailing.
  3. Set Resource record type to CNAME.
  4. Set TTL to 300 and select seconds from the TTL unit dropdown.
  5. Set Canonical name to the Value from Lettr, with a trailing period. For example, sparkpostmail.com.
  6. Click Create.
Google Cloud DNS automatically appends your zone’s domain and a trailing period to the DNS name field. Always paste only the subdomain portion (e.g. mailing, not mailing.company.com). The Canonical name target, however, requires a trailing period that you must add manually.
Do not add a CNAME record at the root of your domain (e.g. company.com). Google Cloud DNS does not support CNAME records at the zone apex — the root already has required SOA and NS records, and a CNAME cannot coexist with any other record type at the same name. Always use a subdomain for your sending domain.

Add TXT Record (DKIM)

The DKIM record adds a cryptographic signature to your outgoing emails, allowing recipients to verify they were sent by an authorized sender. Copy the TXT values from Lettr to Google Cloud DNS:
  1. Click Add standard on the zone details page.
  2. Set DNS name to the Hostname from Lettr, omitting your domain suffix. For example, paste only scph0126._domainkey.mailing.
  3. Set Resource record type to TXT.
  4. Set TTL to 300 and select seconds from the TTL unit dropdown.
  5. Set TXT data to the Value from Lettr, enclosed in double quotes. For example, "v=DKIM1;k=rsa;h=sha256;p=MIGfMA0..."
  6. Click Create.
Google Cloud DNS automatically appends your zone’s domain to the DNS name field. Always paste only the subdomain portion (e.g. scph0126._domainkey.mailing, not scph0126._domainkey.mailing.company.com).
DKIM keys are longer than 255 characters. Google Cloud DNS does NOT automatically split long TXT values — it returns an “Invalid record data” error if you paste a single unquoted string over 255 characters. You must manually split the value into 255-character segments, wrapping each segment in double quotes, and enter them as a single string in the TXT data field:
"first255characters..." "remainingcharacters..."
Do not add separate Add item entries for each segment — all segments must be in one TXT data entry, separated by a space. Google Cloud DNS concatenates the quoted strings automatically when the record is queried.
To split a DKIM key using the gcloud CLI, wrap the full value in single outer quotes and use double-quoted segments:
gcloud dns record-sets create scph0126._domainkey.mailing.example.com. \
  --zone="my-zone" \
  --type="TXT" \
  --ttl="300" \
  --rrdatas='"v=DKIM1;k=rsa;h=sha256;p=first255chars..." "remainingchars..."'

Add TXT Record (DMARC)

The DMARC record tells receiving mail servers how to handle emails that fail authentication checks, protecting your domain from spoofing. Copy the TXT values from Lettr to Google Cloud DNS:
  1. Click Add standard on the zone details page.
  2. Set DNS name to the Hostname from Lettr, omitting your domain suffix. For example, paste only _dmarc.mailing.
  3. Set Resource record type to TXT.
  4. Set TTL to 300 and select seconds from the TTL unit dropdown.
  5. Set TXT data to the Value from Lettr, enclosed in double quotes. For example, "v=DMARC1;p=none;"
  6. Click Create.
Google Cloud DNS automatically appends your zone’s domain to the DNS name field. Always paste only the subdomain portion (e.g. _dmarc.mailing, not _dmarc.mailing.company.com).

Verify Your Sending Domain

After adding all three DNS records, go back to Lettr and click Verify DNS Records. With the default 300-second TTL, record changes propagate globally within minutes. Click Verify DNS Records in Lettr once propagation is complete.

Inbound Domain Setup

An inbound domain allows Lettr to receive emails on your behalf. This requires three MX records that direct incoming mail to Lettr’s mail servers.

Add Inbound Domain to Lettr

To create an Inbound domain in Lettr:
  1. Select Domains in the navigation panel
  2. Select Inbound Domains
  3. Click Create Inbound Domain
  4. Enter your desired inbound subdomain (e.g. inbound.company.com)
  5. Click Create Domain.
Click on your new domain in the Inbound Domains list. This will display the MX records that need to be configured.

Add MX Records

MX records tell other mail servers where to deliver emails addressed to your domain. Copy the MX values from Lettr to Google Cloud DNS:
  1. Click Add standard on the zone details page.
  2. Set DNS name to the Hostname from Lettr, omitting your domain suffix. For example, paste only inbound.
  3. Set Resource record type to MX.
  4. Set TTL to 300 and select seconds from the TTL unit dropdown.
  5. In the first Priority field, enter 10. In the adjacent Mail server field, enter rx1.sparkpostmail.com. (with trailing period).
  6. Click Add item to add a second row. Enter priority 10 and mail server rx2.sparkpostmail.com.
  7. Click Add item again for a third row. Enter priority 10 and mail server rx3.sparkpostmail.com.
  8. Click Create.
Google Cloud DNS automatically appends your zone’s domain to the DNS name field. Always paste only the subdomain portion (e.g. inbound, not inbound.company.com). The Mail server values require a trailing period — add it manually (e.g. rx1.sparkpostmail.com.).
Adding MX records to a domain or subdomain will route all incoming email for that address to Lettr. Use a dedicated subdomain (e.g. inbound.company.com) to avoid affecting your primary email.

Verify Your Inbound Domain

After adding all three MX records, go back to Lettr and click Verify DNS Records. With the default 300-second TTL, changes propagate within minutes.

Tracking Domain Setup

A tracking domain allows Lettr to track email opens and link clicks using your own custom domain instead of the default Lettr tracking domain. This requires two CNAME records: one for the SSL certificate and one for routing tracking traffic to Lettr’s infrastructure.

Add Tracking Domain to Lettr

To create a Tracking domain in Lettr:
  1. Select Domains in the navigation panel
  2. Select Tracking Domains
  3. Click Create Tracking Domain
  4. Enter your desired tracking subdomain (e.g. tracking.company.com)
  5. Click Create Domain
Click on your new domain in the Tracking Domains list. This will display the CNAME records that need to be configured.

Add SSL Certificate CNAME Record

The SSL Certificate CNAME record provisions an SSL certificate for your custom tracking domain, enabling secure HTTPS connections for tracked links. Add the record in Google Cloud DNS:
  1. Click Add standard on the zone details page.
  2. Set DNS name to the Hostname from Lettr, omitting your domain suffix.
  3. Set Resource record type to CNAME.
  4. Set TTL to 300 and select seconds from the TTL unit dropdown.
  5. Set Canonical name to the Value from Lettr, with a trailing period.
  6. Click Create.
Google Cloud DNS automatically appends your zone’s domain to the DNS name field. Always paste only the subdomain portion. The Canonical name requires a trailing period — add it manually.

Add Traffic CNAME Record

The Traffic CNAME record routes click and open tracking requests from your custom domain to Lettr’s tracking servers. Add the record in Google Cloud DNS:
  1. Click Add standard on the zone details page.
  2. Set DNS name to the Hostname from Lettr, omitting your domain suffix.
  3. Set Resource record type to CNAME.
  4. Set TTL to 300 and select seconds from the TTL unit dropdown.
  5. Set Canonical name to the Value from Lettr, with a trailing period.
  6. Click Create.

Verify Your Tracking Domain

After adding both CNAME records, go back to Lettr and click Verify DNS Records.

Storage Domain Setup

A storage domain lets you serve email assets (images, attachments) from your own custom domain instead of the default Lettr storage URL. This requires two TXT records for certificate validation and ownership verification, and a CNAME record for routing asset requests to Lettr’s storage infrastructure.

Add Storage Domain to Lettr

To create a Storage domain in Lettr:
  1. Select Domains in the navigation panel
  2. Select Storage Domains
  3. Click Create Storage Domain
  4. Enter your desired storage subdomain (e.g. assets.company.com)
  5. Click Create Domain
Click on your new domain in the Storage Domains list. This will display the TXT and CNAME records that need to be configured.

Add TXT Record (Certificate Validation)

The Certificate Validation TXT record provisions an SSL certificate for your custom storage domain, enabling secure HTTPS delivery of email assets. Add the record in Google Cloud DNS:
  1. Click Add standard on the zone details page.
  2. Set DNS name to the Hostname from Lettr, omitting your domain suffix.
  3. Set Resource record type to TXT.
  4. Set TTL to 300 and select seconds from the TTL unit dropdown.
  5. Set TXT data to the Value from Lettr, enclosed in double quotes.
  6. Click Create.
Google Cloud DNS automatically appends your zone’s domain to the DNS name field. Always paste only the subdomain portion (e.g. assets, not assets.company.com). Remember to wrap the value in double quotes.

Add TXT Record (Hostname Pre-validation)

The Hostname Pre-validation TXT record verifies ownership of the storage domain before Lettr provisions a custom hostname for it. Add the record in Google Cloud DNS:
  1. Click Add standard on the zone details page.
  2. Set DNS name to the Hostname from Lettr, omitting your domain suffix.
  3. Set Resource record type to TXT.
  4. Set TTL to 300 and select seconds from the TTL unit dropdown.
  5. Set TXT data to the Value from Lettr, enclosed in double quotes.
  6. Click Create.

Add CNAME Record (Domain Routing)

The Domain Routing CNAME record routes asset requests from your custom domain to Lettr’s storage infrastructure. Add the record in Google Cloud DNS:
  1. Click Add standard on the zone details page.
  2. Set DNS name to the Hostname from Lettr, omitting your domain suffix.
  3. Set Resource record type to CNAME.
  4. Set TTL to 300 and select seconds from the TTL unit dropdown.
  5. Set Canonical name to the Value from Lettr, with a trailing period.
  6. Click Create.

Verify Your Storage Domain

After adding all three records, go back to Lettr and click Verify DNS Records.

Using gcloud CLI

If you prefer the command line, you can add records using the gcloud CLI. Replace my-zone with your zone name and example.com with your domain.
CLI management requires the roles/dns.admin role on your Google Cloud project or zone. You can grant it in the IAM section of the Google Cloud Console.
# Add CNAME record for sending domain verification
gcloud dns record-sets create mailing.example.com. \
  --zone="my-zone" \
  --type="CNAME" \
  --ttl="300" \
  --rrdatas="sparkpostmail.com."

# Add TXT record for DKIM (split values at 255 characters)
gcloud dns record-sets create scph0126._domainkey.mailing.example.com. \
  --zone="my-zone" \
  --type="TXT" \
  --ttl="300" \
  --rrdatas='"v=DKIM1;k=rsa;h=sha256;p=first255chars..." "remainingchars..."'

# Add TXT record for DMARC
gcloud dns record-sets create _dmarc.mailing.example.com. \
  --zone="my-zone" \
  --type="TXT" \
  --ttl="300" \
  --rrdatas='"v=DMARC1;p=none;"'

# Add MX records for inbound (all three in one command)
gcloud dns record-sets create inbound.example.com. \
  --zone="my-zone" \
  --type="MX" \
  --ttl="300" \
  --rrdatas="10 rx1.sparkpostmail.com.","10 rx2.sparkpostmail.com.","10 rx3.sparkpostmail.com."

Troubleshooting

Google Cloud DNS requires trailing periods on all FQDN values in the Canonical name and Mail server fields. If a record resolves to the wrong hostname or fails verification, check that each target value ends with a period (e.g. sparkpostmail.com. not sparkpostmail.com). Open the record set, click Edit, and add the trailing period if it is missing.The DNS name field is different — you enter only the subdomain label (e.g. mailing), and the console appends the zone’s domain and trailing period automatically. Do not add a trailing period there.
Google Cloud DNS requires TXT record values to be wrapped in double quotes. Unlike most DNS providers, it does not add quotes automatically.
  • Correct: "v=DMARC1;p=none;"
  • Incorrect: v=DMARC1;p=none;
If you submitted the value without quotes, edit the record set and add double quotes around the value. If the record is not resolving, run dig TXT _dmarc.yourdomain.com +short to confirm how the value is stored — a correctly stored TXT record will include the quotes in the output.
DKIM public keys are typically 256+ characters long. Google Cloud DNS will return an “Invalid record data” error if you paste the full key as a single unquoted string.You must split the key into segments of 255 characters or fewer and wrap each segment in its own double quotes. Enter all quoted segments as a single string in the TXT data field, separated by a space:
"first255characters..." "remainingcharacters..."
Do not use Add item to create separate entries for each segment — all segments must be in one entry. Google Cloud DNS concatenates them automatically when the record is queried.If you use the gcloud CLI:
gcloud dns record-sets create scph0126._domainkey.mailing.example.com. \
  --zone="my-zone" \
  --type="TXT" \
  --ttl="300" \
  --rrdatas='"v=DKIM1;k=rsa;h=sha256;p=first255..." "remaining..."'
If your records are saved in Google Cloud DNS but not resolving, confirm that your domain registrar is pointing to the nameservers assigned to your managed zone. You can check this with:
dig NS yourdomain.com +short
The output should include the four nameservers shown in your zone’s NS record (format: ns-cloud-{a–e}{1–4}.googledomains.com). If it shows a different provider’s nameservers, log in to your registrar and update the nameservers to match the four shown in your Cloud DNS zone.To find your zone’s nameservers in the console, open the zone details page — the NS record at the top of the records list contains all four nameservers for your zone. Nameserver changes can take up to 48 hours to propagate globally.
Google Cloud DNS publishes changes within seconds to its global anycast network. With the default TTL of 300 seconds, record changes become visible to most resolvers within 5 minutes. However, resolvers that cached the previous record will hold it for its full TTL before refreshing.If verification fails after adding records:
  • Wait at least 10–15 minutes before your first verification attempt.
  • Confirm the records exist using command-line tools:
# Check CNAME record
dig CNAME mailing.yourdomain.com +short

# Check DKIM record
dig TXT scph0126._domainkey.mailing.yourdomain.com +short

# Check DMARC record
dig TXT _dmarc.mailing.yourdomain.com +short

# Check MX records (inbound)
dig MX inbound.yourdomain.com +short

# Check tracking domain CNAME
dig CNAME track.yourdomain.com +short

# Check storage domain CNAME
dig CNAME assets.yourdomain.com +short
  • Use a web tool like dnschecker.org to verify propagation across multiple DNS servers worldwide.
  • Verify records in the CLI: gcloud dns record-sets list YOUR_ZONE_NAME to confirm the records are saved correctly.
If nameservers were recently changed at your registrar, propagation can take up to 48 hours regardless of TTL.
If you cannot add or edit records in Google Cloud DNS, your Google account may lack the required permissions on the project or zone.To create, update, or delete DNS records, you need the roles/dns.admin role, which grants:
  • dns.resourceRecordSets.create
  • dns.resourceRecordSets.update
  • dns.resourceRecordSets.delete
  • dns.changes.create
Ask a project owner to grant you the DNS Administrator (roles/dns.admin) role in the IAM section of the Google Cloud Console, scoped to either the project or the specific managed zone.There is no separate roles/dns.resourceRecordSetsEditor predefined role — roles/dns.admin is the correct predefined role for managing records.
Google Cloud DNS does not support CNAME records at the zone apex (the root domain, e.g. company.com). The zone apex is required to hold SOA and NS records, and a CNAME cannot coexist with any other record type at the same name. This is a DNS protocol constraint enforced by Google Cloud DNS.Always use a subdomain for your sending, tracking, and storage domains (e.g. mailing.company.com, tracking.company.com, assets.company.com). If you need a root-domain alias (pointing company.com to another hostname), Google Cloud DNS supports an ALIAS record type at the apex for A/AAAA lookups only.
A common mistake is selecting the wrong record type in the Resource record type dropdown:
RecordCorrect Type
Sending verificationCNAME
DKIMTXT
DMARCTXT
Inbound mailMX
Tracking SSL certificateCNAME
Tracking trafficCNAME
Storage certificate validationTXT
Storage hostname pre-validationTXT
Storage domain routingCNAME
If your DNS records are correctly configured (confirmed with dig or dnschecker.org) and verification still fails after 48 hours, contact Lettr support at support@lettr.com or through the in-app chat. Include your domain name and the output of the dig commands above.

Sending Domains

Learn about sending domain setup, SPF, DKIM, and DMARC.

Inbound Domains

Configure MX records to receive emails with Lettr.

Tracking Domains

Set up a custom tracking domain for click and open tracking.

Storage Domains

Serve email assets from your own custom domain.

Domains Overview

Understand domain types and how they work in Lettr.

Domain Verification Failures

Troubleshoot common DNS configuration and propagation issues.