How do I set up a custom tracking domain for email?

Email Authentication & DNS · · 8 min read
Written by Komal Nirvan, Head of Customer Success
Quick Answer
Add a DNS CNAME record pointing a subdomain you control (like click.yourdomain.com) to your ESP’s tracking host, enable HTTPS/SSL, and configure the custom domain in your ESP settings. This replaces the shared tracking domain so your open/click links align with your sending domain — preventing inherited reputation damage and improving deliverability.

A custom tracking domain email setup means your open/click tracking links are rewritten to use a subdomain you control (for example, click.yourdomain.com) instead of a shared, default tracking domain—making it a low-effort, high-impact deliverability lever. When you rely on a provider’s shared tracking domain, your messages can inherit someone else’s poor link reputation; if another sender gets flagged, spam filters may distrust the same tracking host and route your campaigns to junk. Filters also scrutinize link domains for consistency, so branded tracking links that align with your From domain look less suspicious and can improve tracking link deliverability.

In this tutorial, you’ll complete a straightforward email tracking domain setup: add a DNS CNAME record for your custom click tracking domain, enable HTTPS/SSL (often required), and confirm everything is working by sending a test email and inspecting the rewritten URLs. The free Email Spam Checker can surface shared tracking-domain risks before you send, and a custom tracking domain fits alongside your authentication stack—see SPF Record Setup, DKIM Setup, and DMARC Monitoring with InboxAlly.

Most ESPs don’t send your original destination URL “as-is.” To measure engagement, they rewrite each link in your email to a tracking URL that points to a redirect service. When a recipient clicks, the redirect service logs the event, then forwards the browser to the final destination.

How open and click tracking works

  • Click tracking: Every hyperlink is replaced with a unique, encoded URL. The tracking domain is the domain recipients and spam filters see in the visible link (and in the underlying HTML).
  • Open tracking: A tiny tracking pixel is loaded from a tracking host when images are displayed. (Opens are a signal, not a guarantee—privacy features can block or prefetch.)

A typical flow looks like this:

  1. ESP default tracking link (shared): https://click.esp.com/abc
  2. Your custom click tracking domain (branded): https://track.yourdomain.com/abc
  3. Final destination: https://yourdomain.com/pricing

With a custom tracking domain email setup, step #2 is what appears in the rewritten link, improving brand consistency and reducing “mismatched domain” risk.

What’s tracked vs. what filters “see”

Tracked (varies by ESP):

  • Total clicks and unique clicks
  • Timestamp, approximate geo/IP, device/client hints
  • User agent and other anti-fraud signals

Seen by recipients and filters:

  • The link domain (your tracking domain), its reputation, and whether it aligns with your brand.

Tracking domain vs. From domain vs. sending domain

  • From domain: What users see (e.g., news@yourdomain.com)
  • Sending domain: The authenticated infrastructure domain used with SPF/DKIM/DMARC
  • Tracking domain: The domain inside rewritten links

Alignment across these domains looks more legitimate to filters and users. Treat your tracking domain as part of your authentication stack alongside SPF record setup, DKIM setup, and DMARC monitoring with InboxAlly. The free Email Spam Checker can also flag shared/default tracking domains that may be dragging down deliverability.

Why Default/Shared Tracking Domains Hurt Deliverability

Default (shared) tracking domains are the “redirect” domains your ESP uses to rewrite links for click tracking. They’re convenient—but they introduce risk you don’t control.

1) Reputation inheritance you can’t opt out of

Shared tracking domains pool many senders under one link domain. If other senders generate spam complaints, hit traps, or get blocklisted, mailbox providers may downgrade the reputation of that tracking domain. Result: your links inherit the penalty, even if your From domain and IP reputation are clean.

2) Spam-filter heuristics flag “generic” redirects

Filters evaluate whether the domains in an email align with expected brand identity. Two common trust reducers:

  • Domain mismatch: your visible From domain is brand.com, but links resolve through a generic redirect domain.
  • Redirect patterns: short, non-branded tracking hosts and multi-hop redirects look like phishing infrastructure.

Even when the message content is fine, these signals can lower trust and push mail to spam or promotions.

3) Common symptoms of shared tracking-domain issues

Watch for patterns like:

  • Strong sender reputation metrics, but unexpectedly poor inbox placement
  • Link-related blocks (clicks fail, security gateways rewrite/quarantine URLs)
  • Sudden spam spikes after switching ESPs or enabling a new tracking feature (because the tracking domain changed)

4) How InboxAlly helps you spot the red flags

The free Email Spam Checker surfaces link-domain and redirect issues before you scale a send—highlighting suspicious tracking hosts, mismatches, and deliverability-impacting URL patterns. Use it alongside your authentication stack—SPF, DKIM, and DMARC—to validate trust end-to-end (see SPF Record Setup(#), DKIM Setup(#), and DMARC Monitoring with InboxAlly(#)).

Prerequisites and Planning: Pick a Branded Tracking Subdomain + Understand DNS/SSL Requirements

Choose a dedicated tracking subdomain (don’t reuse your main host)

Use a purpose-built subdomain such as track.example.com or click.example.com for your custom tracking domain email setup. Avoid pointing tracking to your primary website host (e.g., www.example.com) because:

  • Tracking links generate high-volume redirects that can skew web analytics and caching rules.
  • Reputation risk is isolated: if tracking traffic is flagged, it won’t directly impact your main site’s routing and performance.
  • It keeps branding consistent across “From” domain, landing pages, and branded tracking links, which helps tracking link deliverability.

The free Email Spam Checker can also surface issues caused by shared/default tracking domains—this is a quick win alongside SPF/DKIM/DMARC (see SPF Record Setup, DKIM Setup, and DMARC Monitoring with InboxAlly).

DNS basics: CNAME vs A, TTL, and propagation

Most email tracking domain setup flows require a CNAME record (alias) from your tracking subdomain to your ESP’s tracking hostname. Less commonly, an A record points to a fixed IP (harder to maintain if the provider changes infrastructure).

  • TTL: Set 300–3600 seconds during rollout for faster iteration; increase later for stability.
  • Propagation: Expect minutes to 24 hours depending on resolvers and prior TTL.
  • Who controls DNS: DNS may live at your registrar, hosting provider, or a CDN/DNS platform—update records where authoritative nameservers are managed.

HTTPS/SSL requirements (custom domain SSL)

Many ESPs require HTTPS so tracking redirects aren’t blocked or downgraded by browsers and security filters. “Custom domain SSL” means an SSL certificate is issued for track.example.com and installed/managed by the tracking provider (often automated via ACME/Let’s Encrypt) after your DNS is verified.

Operational considerations

  • Pick a name you’ll keep long-term (click/track) and reuse across brands/environments.
  • Confirm the subdomain won’t conflict with existing app routes, proxies, or HSTS rules.
  • Roll out before major sends; allow time for DNS/SSL issuance and verification.

Email Tracking Domain Setup (General Steps That Work for Most ESPs)

A custom tracking domain email setup is usually a fast, high-impact deliverability win. Most ESPs follow the same pattern:

1) Create a tracking subdomain in your ESP

  1. In your ESP’s tracking/link settings, choose Custom click tracking domain (or similar).
  2. Enter a subdomain you control (common: click.yourdomain.com or track.yourdomain.com).
  3. The ESP will display a target hostname (the destination your CNAME must point to). Copy it exactly.

2) Add the CNAME record in DNS

In your DNS provider, create a CNAME for the tracking subdomain.

Concrete example (typical format):

  • Type: CNAME
  • Host/Name: click (or click.yourdomain.com depending on provider)
  • Points to/Target: your-esp-tracking-host.example.net
  • TTL: 300 seconds (or “Auto”)

Common DNS variations:

  • Some providers want only the subdomain label (click), others require the full hostname (click.yourdomain.com).
  • Some show “Value” instead of “Points to.”
  • If your DNS has a proxy/CDN toggle, set it to DNS-only during verification (proxying often breaks validation/SSL).

3) Enable/issue SSL (HTTPS)

Most ESPs require HTTPS for branded tracking links.

  • ESP-managed certificate (recommended): After the CNAME is detected, enable SSL in the ESP and wait for issuance.
  • Bring-your-own certificate: Upload a cert/key bundle for the tracking subdomain and ensure the full chain is included.

If SSL validation fails, check:

  • CAA records: If you use CAA, allow the certificate authority your ESP uses (or temporarily remove restrictive CAA).
  • Proxy/CDN settings: Disable proxying until the ESP verifies and issues the cert.
  • Mixed content: Ensure your email templates and landing pages don’t force http:// assets that cause browser warnings.

4) Wait for verification, then test

  • DNS propagation can take minutes to hours; verification may lag.
  • Send a test email and confirm links resolve to your branded domain and redirect cleanly.
  • Keep redirects minimal (tracking domain → final URL; avoid extra hops).
  • Don’t stack URL shorteners on top of tracking links.
  • Use consistent branding: align From domain, tracking domain, and visible link text. The free Email Spam Checker can flag shared/default tracking domains and other authentication-stack gaps alongside SPF record setup, DKIM setup, and DMARC monitoring with InboxAlly.

ESP-Specific Notes (Klaviyo, HubSpot, Mailchimp, SendGrid, and Others): What to Look For in Settings

Where the setting typically lives (and what you’ll enter)

Most ESPs place custom tracking under Domains, Tracking, Branded links, or Link branding. Expect fields like:

  • Tracking domain / branded link domain (e.g., click.yourdomain.com)
  • Root domain selection (choose the same domain as your From address when possible)
  • Optional toggles for HTTPS/SSL, open tracking, and click tracking

What the ESP provides (and how to read it safely)

After you enter the subdomain, the ESP usually generates:

  • A CNAME destination (their tracking host/server) you must copy into DNS
  • Sometimes extra records (verification CNAME/TXT, or redirects)

Interpret instructions literally:

  • Create the record exactly as shown (host/name vs full domain varies by DNS provider)
  • Don’t add extra A records or “flatten” unless the ESP explicitly supports it

Common gotchas by platform

  • Multiple workspaces/accounts: each workspace may require its own tracking domain and CNAME.
  • Region-specific hosts: the CNAME target can differ by data center; don’t reuse values from another account.
  • Prerequisites: some ESPs require a verified sending domain first (part of your authentication stack alongside SPF/DKIM/DMARC). See SPF Record Setup, DKIM Setup, and DMARC Monitoring with InboxAlly.

Document it for admins (future-proofing)

Capture:

  • Final DNS records (host, type, value, TTL)
  • ESP screenshots of the tracking-domain page
  • A dated change log (who changed what, and why) for migrations/audits

InboxAlly’s content testing can also flag shared/default tracking domains that quietly hurt deliverability.

Verify It’s Working (and Monitor Ongoing Deliverability)

Verification checklist (fast, high-impact)

  1. Send a test campaign to a seed list (Gmail, Outlook, Yahoo, and your corporate inbox).
  2. Inspect the raw link URLs in the received email:
    • In most clients, right-click a link → Copy link address (or view message source).
    • Confirm the link host matches your branded tracking domain (not a shared/default domain).
  3. Confirm the tracking domain appears consistently across all links (CTA buttons, header/footer links, image links).
  4. Click through and verify HTTPS:
    • The browser should show a lock icon.
    • No certificate warnings, interstitials, or “Not secure” messages.

Technical validation (DNS + SSL + redirects)

  • DNS lookup the CNAME for your tracking subdomain and confirm it resolves to the destination your ESP provided.
    • If you have CLI access: dig CNAME track.yourdomain.com (or nslookup -type=CNAME ...).
  • Confirm the certificate:
    • Visit https://track.yourdomain.com (or a real rewritten link) and check the certificate is valid for that hostname.
  • Confirm redirects resolve quickly:
    • Clicks should land without multiple hops, timeouts, or 4xx/5xx errors.

Troubleshooting common issues

  • CNAME typos: wrong hostname, missing trailing dot, or pointing to the wrong target.
  • DNS not propagated: wait for TTL; re-check from multiple networks.
  • CDN/DNS proxying enabled: some proxies break CNAME-based tracking or SSL issuance—set the record to DNS-only if required.
  • SSL issuance delays: certificates can take time after DNS is correct; retry later.
  • Mixed-domain links in templates: hardcoded links (or old templates) may still use the default tracking domain—update templates and re-test.

Keep it healthy: deliverability stack + monitoring

A custom tracking domain is one piece of your authentication stack alongside SPF, DKIM, and DMARC. See: SPF Record Setup(#), DKIM Setup(#), and DMARC Monitoring with InboxAlly(#). For ongoing performance, pair this with Email Content Best Practices and use the Placement Tester and Email Audit in InboxAlly to catch shared-domain remnants, link mismatches, and placement drops early.

Need help setting up your tracking domain? Open the IA Assistant in the InboxAlly app for step-by-step guidance, or start a free trial to test your deliverability.

Last updated:
Reviewed by Shubhneet Goel, Chief Technology Officer