- 1
Open the mailbox → Technical tab
In Connectors, open a sending mailbox and go to the Technical tab to see SPF, DKIM, and DMARC status.
- 2
Look for “This domain is on Cloudflare”
If your nameservers point to Cloudflare, FirstSales detects it and shows an Add to Cloudflare panel. If you don't see it, your domain isn't on Cloudflare — add the records manually instead.

- 3
Create a scoped Cloudflare API token
In Cloudflare, go to My Profile → API Tokens → Create Token and give it Zone → DNS → Edit permission on the specific zone. Copy the token.
- 4
Open Add Records to Cloudflare
Click Add to Cloudflare. The modal lists the exact records it will create — only the ones still missing.
- 5
Paste the token and Apply
Paste your scoped token — the field is masked and never stored — and click Apply Records. FirstSales writes the records to your Cloudflare zone.
- 6
Handle “zone not found”
If you get a zone-not-found error, the token doesn't cover that domain. Recheck the zone scope and confirm the domain lives on this Cloudflare account.
- 7
Verify
The modal closes and FirstSales re-checks DNS; the SPF/DKIM/DMARC rows move toward OK and your auth score climbs. You can delete the token in Cloudflare afterward — FirstSales doesn't keep it.
Pro tips
Hard-won shortcuts that keep warm-up on track.
Scope the token tightly
Zone → DNS → Edit on just the one zone is all it needs. Don't use a Global API Key — a narrowly scoped token is safer and does the whole job.
The token is never stored
FirstSales uses it for the single apply request and drops it — the field is masked and cleared. You can revoke it in Cloudflare right after.
Only missing records are added
The modal shows exactly what it will create, so it won't clobber records you already have — review the list before applying.
Pair it with Managed DKIM
Enable Managed DKIM first; then this flow can publish the DKIM record along with SPF and DMARC in one pass.
Frequently asked questions
What does the Cloudflare one-click do?
It writes your SPF, DKIM, and DMARC records directly into your Cloudflare zone so you don't paste them by hand.
How does FirstSales get access?
You paste a Cloudflare API token scoped to Zone → DNS → Edit; it's used for the one request only.
Is my token stored?
No — the field is masked, and the token is never stored, logged, or echoed; it's cleared after the request completes.
What permissions does the token need?
Zone → DNS → Edit on the domain's zone. Nothing broader.
I got “zone not found” — what's wrong?
The token doesn't cover that domain. Confirm the zone scope and that the domain is on this Cloudflare account.
Will it overwrite my existing DNS?
It only adds the missing SPF/DKIM/DMARC records shown in the modal; review the list first.
My domain isn't on Cloudflare — can I still use this?
No — this flow is Cloudflare-only. Add the records manually at your DNS host instead.
Should I delete the token after?
You can revoke it in Cloudflare once records are applied; FirstSales doesn't retain it.
Ready to put this into practice?
Start your FirstSales trial and launch a warmed, authenticated mailbox in minutes.
Start for $1