Cloudflare Automatic DNS Setup

TrekMail can automatically create all email DNS records (MX, SPF, DKIM, DMARC) plus recommended records (TLSRPT, MTA-STS) for domains managed by Cloudflare. There are two methods:

Method 1: One-Click Setup (Single Domain)

The fastest way to set up DNS for a single Cloudflare domain — no API token needed.

1. Go to your domain's DNS & Health tab.
2. Click Set up DNS automatically.
3. You'll be redirected to Cloudflare, where you'll see exactly which records will be created.
4. Click Authorize on Cloudflare.
5. You're redirected back to TrekMail — DNS records are created instantly, and verification runs automatically.

This uses the Domain Connect protocol. Your domain must use Cloudflare DNS (nameservers).

Method 2: API Token Setup (Single or Bulk)

Use this method to set up many domains at once, or if Domain Connect isn't available for your domain.

How it works

1. You create an API token on Cloudflare (takes about 30 seconds).
2. TrekMail finds your domains in Cloudflare and shows which ones you can add.
3. You review and apply — TrekMail adds the domains and creates DNS records automatically.

Step-by-step

Step 1: Connect to Cloudflare

1. In TrekMail, go to Domains and click the Cloudflare tab in the "Add a domain" card. You can also go directly to /app/domains?add=cloudflare.
2. Click Open Cloudflare to open the token creation page.
3. On Cloudflare:
   • Click "Create Token".
   • Find the "Edit zone DNS" template and click "Use template".
   • Under Permissions, click "+ Add more" and select: Zone → DNS → Edit.
   • Under Zone Resources, select "All zones" (for all your domains) or "Specific zone" → pick your domain.
   • Skip IP Filtering and TTL — leave as default.
   • Click "Continue to summary" → "Create Token".
   • Copy the token (you'll only see it once).
4. Paste the token back in TrekMail. A green checkmark confirms it's valid.

Step 2: Select domains

TrekMail will show all domains from your Cloudflare account. All compatible domains are selected automatically — deselect any you don't want, then click Connect & Continue.

• Setup DNS — domain already exists in TrekMail; DNS records will be configured.
• Add + DNS — domain is new; it will be added to TrekMail and DNS will be configured automatically.

Domains not managed by Cloudflare won't appear in this list.

Step 3: Apply DNS records

TrekMail previews what changes will be made for each domain:

• Will be added — new DNS record will be created.
• Will be merged — your existing SPF record will be updated to include TrekMail.
• Already set up — no changes needed.
• Will be replaced — an existing record conflicts and will be automatically replaced.

Click Apply DNS to all domains to create the records. All conflicts are resolved automatically.

Bulk setup

If you have many domains on Cloudflare, the wizard handles them all at once:

1. When creating the API token on Cloudflare, select "All zones" under Zone Resources.
2. In Step 2, all compatible domains are selected automatically.
3. TrekMail will add new domains and apply DNS records to each domain sequentially.

Plan limits

Your plan's domain limit applies:

• Nano: up to 10 domains total
• Starter: up to 50 domains total
• Pro: up to 100 domains total
• Agency: up to 1,000 domains total

You can connect up to 50 domains per batch. New domains count toward your plan limit.

Security

• Your API token is encrypted at rest and never logged.
• TrekMail only creates or updates email DNS records (MX, SPF, DKIM, DMARC). We never touch your website, A records, or other DNS settings.
• You can disconnect Cloudflare from any domain at any time.

Troubleshooting

"This API token is invalid or expired" Create a new token on Cloudflare. Make sure you copy the full token — you only see it once.

"Domain wasn't found in your Cloudflare account" Make sure the domain is added to Cloudflare and shows as "Active" status.

"Doesn't have permission to edit DNS records" Your token needs DNS editing permissions. Create a new token: Permissions → + Add more → Zone → DNS → Edit.

DNS still showing as pending after setup DNS changes can take up to 48 hours to propagate. TrekMail automatically checks after applying changes. You can also click "Verify DNS" on the domain's DNS page.