Overview
If your domain’s DNS is managed on Cloudflare, you have three options for configuring DNS — from easiest to most manual.Option 1: Sign in to Cloudflare (One-Click)
The fastest option. Migma auto-detects that your domain uses Cloudflare DNS and handles everything for you — no API token needed.Click Sign in to Cloudflare
On the domain detail page, Migma detects Cloudflare DNS and shows a Sign in to Cloudflare button. Click it.
Authorize in Cloudflare
You’re redirected to Cloudflare to authorize Migma. Review the permissions and click Authorize.
How this works: Migma uses the Domain Connect protocol to configure DNS. No API token is created or stored — you simply authorize one-time access through Cloudflare’s standard OAuth flow.Prerequisite: Your domain must be hosted on Cloudflare nameservers (not just using Cloudflare as a proxy).
Option 2: API Token Setup
If you prefer to use an API token (or the one-click flow isn’t available for your setup), you can create a Cloudflare API token that lets Migma manage DNS records.Step 1: Add Your Domain to Migma
Step 2: Create a Cloudflare API Token
You need to create an API token that allows Migma to add DNS records.Open Cloudflare API Tokens
Set Zone Resources
Under Zone Resources, choose one of:
| Option | When to Use |
|---|---|
| Include → Specific zone → [your domain] | You only want Migma to access this one domain |
| Include → All zones | You want Migma to manage DNS for any domain in your account |
Step 3: Connect Cloudflare to Migma
Step 4: Auto-Configure DNS
Review Records Added
Migma adds all required records to Cloudflare:
- 3 DKIM CNAME records
- 1 SPF TXT record
- 1 DMARC TXT record
- 2 MAIL FROM records (MX + TXT)
Option 3: Manual Setup
If you prefer to add DNS records manually in Cloudflare, follow these steps.Step 1: Log in to Cloudflare
Go to Cloudflare Dashboard
Navigate to dash.cloudflare.com
Step 2: Add DKIM Records
Add 3 CNAME records for DKIM authentication.Configure First DKIM Record
| Field | What to Enter |
|---|---|
| Type | Select CNAME |
| Name | Copy the first _domainkey name from Migma (e.g., abc123._domainkey) |
| Target | Copy the corresponding value from Migma |
| Proxy status | Click to set to DNS only (gray cloud) |
| TTL | Leave as Auto |
Step 3: Add SPF Record
Add or Modify SPF
If you don’t have an SPF record:Click Add record and enter:
Click Save.
If you already have an SPF record:Click Edit on your existing SPF record and add
| Field | What to Enter |
|---|---|
| Type | Select TXT |
| Name | Enter @ |
| Content | v=spf1 include:spf.migma.ai ~all |
| TTL | Leave as Auto |
If you already have an SPF record:Click Edit on your existing SPF record and add
include:spf.migma.ai before the ~all.Example:Step 4: Add DMARC Record
Step 5: Add MAIL FROM Records
Add both an MX record and a TXT record for thesend subdomain.
Add MX Record
Click Add record and enter:
Click Save.
| Field | What to Enter |
|---|---|
| Type | Select MX |
| Name | Enter send |
| Mail server | Copy the value from Migma |
| Priority | Enter 10 |
| TTL | Leave as Auto |
Step 6: Verify in Migma
Managing Cloudflare Connection
Disconnect Cloudflare
To remove the Cloudflare connection:- Go to Settings → Sending Domains
- Click on your domain
- Click Disconnect Cloudflare
- Your DNS records remain in Cloudflare (they’re not deleted)
Delete DNS Records When Removing Domain
When you delete a domain from Migma:- If Cloudflare is connected, you’ll see an option: Also delete DNS records from Cloudflare
- Check this option to remove all email-related DNS records
- Leave unchecked to keep the records (useful if migrating to another service)
Troubleshooting
Domain not found in your Cloudflare account
Domain not found in your Cloudflare account
Possible causes:
- Your domain’s DNS is not managed on Cloudflare
- The API token doesn’t have access to this zone
- Verify your domain is on Cloudflare:
- Log in to Cloudflare dashboard
- Check if your domain appears in the account
- Verify the domain status is “Active”
- Check your API token permissions:
- Go to Cloudflare → Profile → API Tokens
- Click “View” on your token to see which zones it can access
- If using “Specific zone”, ensure your domain is included
- Create a new token with correct permissions:
- Create a new token with “All zones” to test
- If that works, the original token was zone-restricted
Invalid API token
Invalid API token
Possible causes:
- Token was copied incorrectly
- Token was revoked or expired
- Token doesn’t have required permissions
-
Create a new token with the correct permissions:
- Zone → Zone → Read
- Zone → DNS → Edit
- Copy the token immediately after creation (it’s only shown once)
- In Migma, click Disconnect Cloudflare and reconnect with the new token
DNS records not propagating
DNS records not propagating
What’s happening:
Cloudflare updates are usually instant, but global DNS propagation takes time.Timeline:
- Cloudflare: Instant
- Global DNS: 5-60 minutes
- DKIM verification: Up to 72 hours (rare cases)
- Wait at least 15 minutes before retrying verification
- Use DNS Checker to see if your records have propagated
Proxy status warning
Proxy status warning
Issue:
CNAME records have orange cloud (proxied) instead of gray cloud (DNS only).Why it matters:
Email authentication records cannot be proxied through Cloudflare. They must resolve directly.Solution:
- Go to Cloudflare DNS settings
- Find the DKIM CNAME records
- Click the orange cloud to turn it gray
Record already exists
Record already exists
What happens:
If a DNS record with the same name and type already exists, Migma updates it instead of creating a duplicate.This is normal and expected. Your existing record is modified to include the correct values.
Next Steps
Domain Settings
Configure open and click tracking
Send to Audience
Send your first email campaign