Adding a Custom Email Domain

Last updated: June 1, 2026

A custom email domain lets your organization send messages from a branded address (like donate@yourorganization.org) instead of a default system address. This improves deliverability, builds trust with your supporters, and gives you control over your sender identity.

You manage everything from Settings → Email Settings, which is where you add domains, authenticate them, create sender addresses, set up your sender avatar, and monitor email health.

Setting up a custom email domain has two core parts:

  1. Authenticate your domain so WeGive is authorized to send email on your behalf.

  2. Create one or more sender addresses at that authenticated domain to send from.

Before You Start

You'll need admin access to your DNS provider (GoDaddy, Cloudflare, Namecheap, Google Domains, Bluehost, etc.) to add the verification records. If your DNS is managed by a web team or IT, coordinate with them before making changes.

Email Suppression Headers

At the top of Email Settings is the Email Suppression Headers toggle. Enabling it adds auto-reply suppression headers to your outbound emails, which prevents automated responses (out-of-office replies, bots, etc.) from email clients. This is an org-wide setting and is independent of any individual domain.

Step 1: Add Your Domain

  1. Go to Settings → Email Settings.

  2. Click Add Custom Domain (top right).

  3. Enter your domain only — not a full email address and not the www. prefix:

    • yourorganization.org

    • info@yourorganization.org

    • www.yourorganization.org

  4. Click Save.

You can also send from a subdomain (for example, mail.yourorganization.org) if you prefer to keep your sending domain separate from your main domain.

Your domain appears in the Custom Domains list with a status badge. It will show Unauthenticated until the DNS records are verified, and Authenticated once they pass. Use the Verify button and the arrow on the right of each domain card to expand its setup panel.

Step 2: Authenticate Your Domain

Expand the domain and open the Authenticate Domain section. This is where you give WeGive permission to send email on your behalf by adding DNS records at your provider.

Required records

These three records are required and must show a Valid status before the domain is considered authenticated:

Type

Name (example)

Value (example)

Purpose

TXT

yourdomain.org

v=spf1 include:mailgun.org ~all

SPF — authorizes WeGive's servers to send for your domain

TXT

mx._domainkey.yourdomain.org

k=rsa; p=MIGfMA0GCSq…

DKIM — digital signature proving emails weren't altered

CNAME

email.yourdomain.org

mailgun.org

Tracking & verification on your branded domain

Copy the Name and Value for each record exactly as shown in WeGive into your DNS provider. The exact values are generated for your specific domain — use the copy icons next to each field.

Optional: Receive replies (MX records)

To let supporters' replies route back into WeGive so they appear in Platform Messaging, add both MX records. These are optional and only needed for two-way communication:

Type

Name (example)

Value

MX

yourdomain.org

mxa.mailgun.org

MX

yourdomain.org

mxb.mailgun.org

Optional: DMARC record

Adding a DMARC record tells receiving email servers how to handle messages that fail SPF or DKIM checks. It improves email security and helps prevent spoofing:

Type

Name (example)

Value (example)

TXT

_dmarc.yourdomain.org

v=DMARC1; p=none; pct=100; fo=1; ri=360…

DMARC is optional for sending, but it becomes required if you want to use a Sender Avatar (BIMI) — see below.

Step 3: Add the Records to Your DNS Provider

Log in to your DNS provider and create each record exactly as shown in WeGive:

  1. Create a new DNS record.

  2. Set the Type (TXT, CNAME, or MX).

  3. Copy the Name field exactly as shown in WeGive.

  4. Copy the Value field exactly as shown in WeGive.

  5. Save the record.

Where to find DNS settings by provider:

Provider

Location

GoDaddy

My Products → DNS → Manage

Cloudflare

Select domain → DNS → Records

Namecheap

Domain List → Manage → Advanced DNS

Google Domains

My domains → Manage → DNS

Bluehost

Domains → Zone Editor

Tips:

  • Some providers append your domain to the Name field automatically — check whether you need to enter only the subdomain portion.

  • TTL can be left at the default value.

  • Watch for extra spaces when pasting, and check your provider's handling of trailing periods.

  • If you already have an SPF record from another email service, you may need to merge it rather than create a duplicate.

Step 4: Verify Your Domain

  1. Return to WeGive.

  2. Click Verify on the domain.

WeGive checks each record and shows a per-record status of Valid (or Optional for the MX/DMARC records). When the three required records are Valid, the domain badge flips to Authenticated.

If verification fails, DNS changes can take anywhere from a few minutes up to 24–48 hours to propagate. Wait and click Verify again. (See Troubleshooting below.)

Step 5: Create Your Sender Address

Open the Manage Custom Addresses section under the authenticated domain. Custom addresses can be used as "from" and "reply-to" addresses when you send emails — useful if you want certain outbound emails to appear as coming from a team, or to change how your name appears in email clients.

  1. Click Add Custom Address.

  2. Enter:

    • Display Name — the name recipients see in their inbox (e.g., "Hope Foundation Support").

    • Handle — the username portion before the @ (e.g., donate, info, support).

  3. Click Save.

  4. The address shows a Verified status once it's connected. You can edit or delete any address with the icons on its row.

Both Display Name and Handle are required. If your domain is hopefoundation.org and your handle is donate, your sender address will be donate@hopefoundation.org.

You can create multiple addresses under one domain — for example donate@, info@, events@, and support@ — for different purposes. When you build an email, you'll select your custom address from the From dropdown.

Receiving replies: If you want an address to receive replies, make sure you added the optional MX records in Step 2 and that you own a real inbox at that address in your email platform.

Step 6 (Optional): Set Up a Sender Avatar (BIMI)

The Sender Avatar (BIMI) section lets supported email clients display your logo as the sender avatar. BIMI (Brand Indicators for Message Identification) is supported by Gmail, Yahoo, and Apple Mail.

DMARC enforcement required: BIMI requires a DMARC policy of p=quarantine or p=reject on your sending domain. If your current policy is p=none, you can still set up the logo and DNS record now and enforce DMARC later — but the avatar won't display until enforcement is in place.

Brand Logo (SVG Tiny P/S): Upload your logo as an SVG Tiny Portable/Secure file, 32 KB or smaller. No scripts, animations, or external references are allowed. Use the upload area (or drag and drop).

CMC/VMC Certificate URL: Gmail and Apple Mail require a Verified Mark Certificate (VMC) or Common Mark Certificate (CMC) to display your logo. You procure the certificate externally, host the PEM file, and paste the hosted PEM URL here, then click Save.

Tracking

Email open and click tracking runs through your authenticated domain's CNAME (tracking) record. You can turn enable it per domain with the Enable Tracking button at the bottom of the domain panel.

Once your domain is authenticated and tracking is active, WeGive automatically issues a TLS/SSL certificate for your tracking subdomain so links stay secure. If you use a proxy service like Cloudflare for the tracking CNAME, set the SSL mode to Full (not Flexible) and enable the proxy so links resolve over HTTPS. If tracking links ever appear broken or "insecure," this SSL configuration is the first thing to check.

Removing a Domain

To stop using a domain entirely, expand it and click Remove Domain at the bottom of the panel. This removes the domain and its addresses from WeGive — you can leave or remove the DNS records at your provider afterward.

Monitoring Email Health

The left-hand Email Health menu gives you reports for your sending:

  • Bounces — emails that couldn't be delivered (invalid address, full inbox, server issues).

  • Complaints — recipients who marked your email as spam.

  • Unsubscribes — recipients who opted out.

  • Whitelist — addresses you've manually approved.

WeGive automatically suppresses sending to addresses that have hard bounced, filed a spam complaint, or unsubscribed — this protects your domain's sender reputation.

Troubleshooting

Issue

What to do

Verification fails right away

DNS records may not have propagated. Wait 15–30 minutes and re-verify.

Still failing after several hours

Confirm the Name and Value match WeGive exactly — watch for typos, extra spaces, or missing characters.

"Record not found"

Make sure the records were added to the correct domain in your DNS provider.

Partial authentication

Some records propagate faster than others. Wait and re-verify.

Tracking links broken or "insecure"

Confirm the tracking CNAME points correctly and serves over HTTPS. On Cloudflare, enable the proxy and set SSL to Full.

BIMI avatar not showing

Confirm your DMARC policy is p=quarantine or p=reject (not none), the logo is a valid SVG Tiny P/S file ≤32 KB, and the VMC/CMC certificate URL is reachable.

Conflicts after switching tools

If your domain was previously linked to another sending account, remove duplicate records so there's a single source of authentication.

When to Contact Support

Reach out to help@wegive.com if records appear correct but verification still fails after 48 hours, if deliverability problems persist despite authentication, or if you need help merging records with an existing email service. Include your domain, screenshots of your DNS records, any error messages, and when the issue started.

Setup Checklist

  • (Optional) Toggle Email Suppression Headers if you want to suppress auto-replies

  • Add your domain in Settings → Email Settings (domain only, no prefix)

  • Expand Authenticate Domain to view the DNS records

  • Add the SPF (TXT) record to your DNS provider

  • Add the DKIM (TXT) record to your DNS provider

  • Add the tracking (CNAME) record to your DNS provider

  • (Optional) Add both MX records if you want replies to land in Platform Messaging

  • (Optional) Add the DMARC (TXT) record for security — required for BIMI

  • Wait for DNS propagation, then click Verify until all required records show Valid

  • Confirm the domain shows Authenticated

  • Create your sender address(es) under Manage Custom Addresses and confirm each shows Verified

  • (Optional) Upload your Sender Avatar (BIMI) logo and VMC/CMC certificate URL

  • Send a test email to Gmail, Outlook, and Yahoo to confirm deliverability