Overview
If your domain’s DNS is managed on Cloudflare, you have three options for configuring DNS — from easiest to most manual.Option 1: Sign in to Cloudflare (One-Click)
The fastest option. Migma auto-detects that your domain uses Cloudflare DNS and handles everything for you — no API token needed.Click Sign in to Cloudflare
On the domain detail page, Migma detects Cloudflare DNS and shows a Sign in to Cloudflare button. Click it.
Authorize in Cloudflare
You’re redirected to Cloudflare to authorize Migma. Review the permissions and click Authorize.
How this works: Migma uses the Domain Connect protocol to configure DNS. No API token is created or stored — you simply authorize one-time access through Cloudflare’s standard OAuth flow.Prerequisite: Your domain must be hosted on Cloudflare nameservers (not just using Cloudflare as a proxy).
Option 2: API Token Setup
If you prefer to use an API token (or the one-click flow isn’t available for your setup), you can create a Cloudflare API token that lets Migma manage DNS records.Step 1: Add Your Domain to Migma
Step 2: Create a Cloudflare API Token
You need to create an API token that allows Migma to add DNS records.Open Cloudflare API Tokens
Set Zone Resources
Under Zone Resources, choose one of:
| Option | When to Use |
|---|---|
| Include → Specific zone → [your domain] | You only want Migma to access this one domain |
| Include → All zones | You want Migma to manage DNS for any domain in your account |
Step 3: Connect Cloudflare to Migma
Step 4: Auto-Configure DNS
Review Records Added
Migma adds all required records to Cloudflare:
- 3 DKIM CNAME records
- 1 SPF TXT record
- 1 DMARC TXT record
- 2 MAIL FROM records (MX + TXT)
Option 3: Manual Setup
If you prefer to add DNS records manually in Cloudflare, follow these steps.Step 1: Log in to Cloudflare
Go to Cloudflare Dashboard
Navigate to dash.cloudflare.com
Step 2: Add DKIM Records
Add 3 CNAME records for DKIM authentication.Configure First DKIM Record
| Field | What to Enter |
|---|---|
| Type | Select CNAME |
| Name | Copy the first _domainkey name from Migma (e.g., abc123._domainkey) |
| Target | Copy the corresponding value from Migma |
| Proxy status | Click to set to DNS only (gray cloud) |
| TTL | Leave as Auto |
Step 3: Add SPF Record
Add or Modify SPF
If you don’t have an SPF record:Click Add record and enter:
Click Save.
If you already have an SPF record:Click Edit on your existing SPF record and add
| Field | What to Enter |
|---|---|
| Type | Select TXT |
| Name | Enter @ |
| Content | v=spf1 include:spf.migma.ai ~all |
| TTL | Leave as Auto |
If you already have an SPF record:Click Edit on your existing SPF record and add
include:spf.migma.ai before the ~all.Example:Step 4: Add DMARC Record
Add DMARC TXT Record
Click Add record and enter:
Click Save.
| Field | What to Enter |
|---|---|
| Type | Select TXT |
| Name | Enter _dmarc |
| Content | v=DMARC1; p=quarantine; rua=mailto:[email protected] |
| TTL | Leave as Auto |
Step 5: Add MAIL FROM Records
Add both an MX record and a TXT record for thesend subdomain.
Add MX Record
Click Add record and enter:
Click Save.
| Field | What to Enter |
|---|---|
| Type | Select MX |
| Name | Enter send |
| Mail server | Copy the value from Migma |
| Priority | Enter 10 |
| TTL | Leave as Auto |
Step 6: Verify in Migma
Managing Cloudflare Connection
Disconnect Cloudflare
To remove the Cloudflare connection:- Go to Settings → Sending Domains
- Click on your domain
- Click Disconnect Cloudflare
- Your DNS records remain in Cloudflare (they’re not deleted)
Delete DNS Records When Removing Domain
When you delete a domain from Migma:- If Cloudflare is connected, you’ll see an option: Also delete DNS records from Cloudflare
- Check this option to remove all email-related DNS records
- Leave unchecked to keep the records (useful if migrating to another service)
Troubleshooting
Domain not found in your Cloudflare account
Domain not found in your Cloudflare account
Possible causes:
- Your domain’s DNS is not managed on Cloudflare
- The API token doesn’t have access to this zone
- Verify your domain is on Cloudflare:
- Log in to Cloudflare dashboard
- Check if your domain appears in the account
- Verify the domain status is “Active”
- Check your API token permissions:
- Go to Cloudflare → Profile → API Tokens
- Click “View” on your token to see which zones it can access
- If using “Specific zone”, ensure your domain is included
- Create a new token with correct permissions:
- Create a new token with “All zones” to test
- If that works, the original token was zone-restricted
Invalid API token
Invalid API token
Possible causes:
- Token was copied incorrectly
- Token was revoked or expired
- Token doesn’t have required permissions
-
Create a new token with the correct permissions:
- Zone → Zone → Read
- Zone → DNS → Edit
- Copy the token immediately after creation (it’s only shown once)
- In Migma, click Disconnect Cloudflare and reconnect with the new token
DNS records not propagating
DNS records not propagating
What’s happening:
Cloudflare updates are usually instant, but global DNS propagation takes time.Timeline:
- Cloudflare: Instant
- Global DNS: 5-60 minutes
- DKIM verification: Up to 72 hours (rare cases)
- Wait at least 15 minutes before retrying verification
- Use DNS Checker to see if your records have propagated
Proxy status warning
Proxy status warning
Issue:
CNAME records have orange cloud (proxied) instead of gray cloud (DNS only).Why it matters:
Email authentication records cannot be proxied through Cloudflare. They must resolve directly.Solution:
- Go to Cloudflare DNS settings
- Find the DKIM CNAME records
- Click the orange cloud to turn it gray
Record already exists
Record already exists
What happens:
If a DNS record with the same name and type already exists, Migma updates it instead of creating a duplicate.This is normal and expected. Your existing record is modified to include the correct values.