Set up DMARC and see who's sending email using your brand's domain.

Adding DKIM and Return-Path Records to Cloudflare

View the following video or take a look at the instructions below to learn how to add DKIM and Return-Path records to your Cloudflare hosted domain.

Obtain the DKIM and Return-Path records from Postmark

The first step is to obtain the DNS records to add to your domain’s DNS from the DNS Settings page for your Domain in Postmark. Go to the Sender Signatures page and click DNS Settings for the Domain you are adding DNS records for.

Link to DNS Settings page

Once there, you will see the two records for DKIM and Return-Path that need to be added to your DNS.

Records for DKIM and Return-Path

Later we’ll go through adding the Return-Path record, so be sure to leave this window open in your browser.

Adding DNS Records to Cloudflare

  1. Log in to Cloudflare and select the domain you want to add records to.
    Select domain in Cloudflare
  2. At the top of the page, click on the DNS tab.
    DNS tab
  3. Select “TXT” from the dropdown. For the Name, enter the Hostname shown for the DKIM record in your DNS Settings page in Postmark. The select “Click to configure” and populate the Text field with the DKIM record’s value from the DNS Settings page in Postmark.
    Add DNS record in Cloudflare
  4. Click Save and then Add Record to complete the process.

Adding the Return-Path record

  1. From the dropdown select CNAME. For the Name, copy the Hostname shown for the Return-Path record in your DNS Settings page in Postmark. Then, populate the Domain name field with
  2. Before selecting “Add Record”, click on the orange cloud to disable Cloudflare on the CNAME record as sometimes it can get in the way of us being able to verify your Return-Path record.
    Disable Cloudflare for CNAME record

Once the records have fully propagated, you’ll see a green checkmark next to your DKIM and Return-Path records in your Sender Signatures page.


What if it does not verify? There are some common reasons why this might not happen.

  1. DNS takes some time to propagate. You may have to wait a few hours.
  2. Try using the DKIM keycheck tool. Insert TIMESTAMPpm as the selector (where TIMESTAMP is your unique selector value) and your domain.
Last updated November 17th, 2022

Still need some help?

Our customer success team has your back!