Proton

How to use a custom domain from Amazon Web Services (AWS) with Proton Mail

Reading
7 mins
Category
Domain setup

If you’ve purchased a custom domain from AWS (such as yourdomain.com), you can use it to send and receive emails with your Proton Mail account (for example, using the email address yourname@yourdomain.com).

To do this, you must have a paid Proton plan(new window). The number of custom domains you can use with Proton Mail depends on your plan.

  • Proton Mail Plus: 1 custom domain
  • Proton Unlimited: 3 custom domains
  • Proton Visionary (legacy users only): 10 custom domains
  • Proton Mail Essentials: 3 custom domains
  • Proton Business: 10 custom domains (by default with the option to add more)

The procedure for setting up your custom domain for use by your Proton Mail account is as follows:

  1. Add your domain to your Proton Mail account.
  2. Verify your domain so that Proton knows it is genuinely yours.
  3. Create new users and add team members to your account.
  4. Configure your domain registrar’s DNS records so that Proton Mail handles the emails sent and received using that domain.
  5. Set up your email address.

Add your domain

1. In your browser, log in to your Proton Mail account and select Settings → All settings → Proton Mail → Domain names → Add domain.

Add domain

2. Enter your domain name and click Next. You might be asked to re-enter your Proton Mail password for security reasons.

Enter domain name

Verify your domain

The first thing you have to do after adding a custom domain name is to show Proton Mail that you control this domain. You can do this by adding a TXT record with a unique code that Proton Mail has generated to your domain’s DNS records in your registrar’s domain management portal.

Proton Mail servers will then look up all the TXT records for your domain and see if any match the verification code. If we find a match, then verification succeeds, and you can move on to the next steps.

Once you click Next, you will be taken to the Verify tab. You can also reach it from Settings → All settings → Proton Mail → Domain Names → Domain by clicking on the Actions Review button and selecting the Verify tab.

In the Verify tab, your Host Name (@) and TXT verification record are shown to the right of your newly added domain.

Click on the small Copy icon to the left of the TXT verification record to copy it to your clipboard, then:

  1. Log in to your account at https://console.aws.amazon.com/route53/home(new window)
  2. Go to the Resources page and click on Hosted Zones.
  3. Under the Domain Name column, click on the name of the domain you’ve selected in Proton Mail.
  4. Select Create Record Set and enter the following information in the Create Record Set window:
  • Name: Enter your domain instead
  • Type: TXT
  • Alias: No
  • TTL (Seconds): 300
  • Value: Paste the unique text string you copied for Value / Data / Point to in the Proton Mail setup wizard.
  • Routing policy: Simple

Click Create when you’re done.

Wait a few minutes, then click Next in the Proton Mail Edit domain console to trigger a DNS check by our servers. If it succeeds, you can now move on to the next step (creating an MX record). If it didn’t succeed, don’t worry; the process can take a while, so try again in an hour. 

Now that you have a domain, you can create an organization(new window) and add users(new window) to it.

Share login information with your team members

Before you change your MX records, we recommend informing your team members of the upcoming change. After you change the MX records, emails will be delivered to their Proton Mail inboxes instead of their old inboxes.

Create MX records in AWS to activate your domain

Once your domain is verified, click Next to go to the MX tab (or come back to this page later and simply go directly to the MX tab). The mail exchanger (MX) record is vital for email operation: It tells the internet which server(s) should receive your domain’s email. 

Add domain

If you are setting up a new domain, go ahead and add the specified MX records in your AWS control panel. To do this, open your AWS portal and:

  1. Go back to the Resources page and click on Hosted Zones.
  2. Under the Domain Name column, click on the name of the domain you’ve selected in Proton Mail.
  3. Click on Create Record Set and enter the following information in the Create Record Set window:
  • Name: Enter your domain name
  • Type: MX – Mail exchange
  • Alias: No
  • TTL (Seconds): 300
  • Value: mail.protonmail.ch
  • Routing policy: Simple

Click Create when you’re done.

If your domain currently has existing mailboxes, we recommend adding all used email addresses before switching your MX records to Proton Mail to ensure a smooth transition. We describe how to do this below. 

This will help you avoid disruption to your email delivery because Proton Mail will only accept mail for addresses that you have added. mail.protonmail.ch points to Proton Mail’s mail servers, so once you have made this change, you are telling the internet to send email for your domain to your Proton Mail account.

If you have MX records for multiple services, the email will be delivered to the service with the highest priority (lowest value). If you have other MX records, you should either delete them or make sure mail.protonmail.ch‘s priority is a smaller number (higher priority) than the other MX records

Again, it may take up to a day for MX changes to propagate, and email may still go to your old MX during this transition. Once we detect your domain’s top MX record is pointing to Proton Mail, the MX tab will show a green tick icon.

Set up your address

If you are changing an existing domain to deliver emails to your Proton Mail inbox, you should set up all existing email addresses before filling in the MX records (as described above).

Select the Address tab → Add address.

Add address

This will take you to the Organization section of your Proton Mail accounts page. Click on Add Address to create a Proton Mail email address using your custom domain. If you have more than one custom domain, you can select which one to use from the dropdown list.

Add address 2

Create SPF, DKIM, and DMARC records

For security reasons, we recommend adding SPF(new window) and DKIM(new window) records. Setting up DMARC(new window) is an optional, advanced feature.

Learn more about SPF, DKIM, and DMARC(new window)

Setting up SPF and DMARC records in the AWS console is similar to setting up TXT records.

  1. In the AWS console, go to the Resources page and click on Hosted Zones.
  2. Under the Domain Name column, click on the name of the domain you’ve selected in Proton Mail.
  3. To add multiple TXT records with the same name, you need to add the values in the same record enclosed in quotation marks on separate lines. Since the SPF record uses the same name as the verification record, you need to edit the TXT Verification record and add the SPF value in a new line.

The final value should look something like this: “protonmail-verification=f10c1ef0b284cf49e2cbf05eb17eeabb21aafa29”
(Note: You need to separate the values with a return/enter.)
“v=spf1 include:_spf.protonmail.ch mx ~all”

  1. For DKIM and, if desired, for DMARC, click on Create Record Set and create the record according to the values shown in the Proton Mail wizard.

You can now send and receive emails using your custom domain from AWS with your Proton Mail account!

Setup guides for other domain registrars are also available for:

If you own a domain from a different registrar, please see our generic guide How to use a custom domain with Proton Mail(new window).

Didn’t find what you were looking for?

Get help
General contactcontact@proton.me
Media contactmedia@proton.me
Legal contactlegal@proton.me
Partnerships contactpartners@proton.me