S1NK

S1NK Domain Setup

# S1NK.help Domain Setup Guide

## 1. Ownership Verification (TXT)

| Hostname | Type | Value | TTL |
| --- | --- | --- | --- |
| `@` | TXT | `vercel={PROJECT_ID}` (provided by Vercel dashboard) | 300s |
| `@` | TXT | `v=spf1 include:spf.privateemail.com include:spf.resend.com ~all` | 300s |

> Keep TXT entries lean; merge SPF statements into a single record to avoid conflicts.

## 2. MX Records (PrivateEmail)

| Hostname | Priority | Destination | TTL |
| --- | --- | --- | --- |
| `@` | 10 | `mx1.privateemail.com` | 300s |
| `@` | 20 | `mx2.privateemail.com` | 300s |

Add the following optional records for autodiscover compatibility:

```
autodiscover  CNAME  privateemail.com
mail          CNAME  privateemail.com
```

## 3. SPF / DKIM / DMARC

**SPF:** Already handled inside verification TXT.

**DKIM for Resend**

| Hostname | Type | Value |
| --- | --- | --- |
| `resend._domainkey` | CNAME | `dkim.resend.com` |

**DKIM for PrivateEmail**

| Hostname | Type | Value |
| --- | --- | --- |
| `default._domainkey` | CNAME | `dkim.privateemail.com` |

**DMARC Template**

```
_dmarc   TXT   v=DMARC1; p=quarantine; rua=mailto:dmarc@s1nk.help; pct=100
```

Tighten to `p=reject` once warm-up metrics look healthy.

## 4. Web + App Routing

| Hostname | Type | Value | Notes |
| --- | --- | --- | --- |
| `@` | A | `76.76.21.21` | Vercel bare-domain A record |
| `www` | CNAME | `cname.vercel-dns.com` | Primary marketing site |
| `app` | CNAME | `cname.vercel-dns.com` | Authenticated app on Vercel |
| `api` | CNAME | `cname.vercel-dns.com` | Optional dedicated API domain |

## 5. Domain Warming Best Practices

1. **Week 1:** Send < 50 emails/day using Resend with high-signal recipients (internal inboxes, friends).
2. **Week 2:** Double sending volume only if bounce rate < 2% and complaint rate < 0.1%.
3. **Authentication:** Monitor SPF/DKIM/DMARC via Google Postmaster + Postmark trackers.
4. **Consistency:** Use a single sender like `ops@s1nk.help`. Avoid switching between multiple subdomains during warm-up.
5. **Landing Pages:** Keep `www` and `app` served via HTTPS with auto-renewed certs (Vercel handles ACME automatically). Keep `Strict-Transport-Security` header enabled.

Document changes in `/docs/domain-setup.md` whenever DNS is adjusted so the whole team has one source of truth.