You bought a domain for your website. Now you’d like an email address on it — like
hello@yourdomain.com — instead of using a plain Gmail address. It looks more
put-together, whether it’s for a business, a side project, a club, or just you.
The problem: Google charges about $7 a month for this, the “free” options are confusing, and most guides skip the parts that actually matter — so your email ends up in people’s spam folders.
This guide fixes that. The setup is completely free, takes about 15 minutes, and does it the right way so your mail is trusted. Here’s the short version of how it works:
- Getting email: a free service called forwardemail.net catches mail sent to your domain and drops it straight into your normal Gmail inbox.
- Sending email: you keep using Gmail, but set it up so your replies go out from your new address.
You never check a second inbox. Everything stays in the Gmail you already use.
What you’ll need
- A domain you own, and access to its DNS settings (this is where you add the records below). This guide uses AWS Route 53, but the records are the same on any provider — Cloudflare, Namecheap, GoDaddy, and so on.
- A Gmail account.
- About 15 minutes.
A quick word on why not Google or Zoho
Two paths that look free but aren’t, so you don’t waste time:
- Google has no free version for custom domains anymore. It’s their paid plan (about $7/month) or nothing.
- Zoho advertises a “free forever” plan, but it’s not offered in every country. In India, for example, new sign-ups never see the free option, no matter how far you scroll. If it works where you are, great — but don’t spend an hour hunting for a button that isn’t there.
Forwarding avoids all of that.
First, a plain-English glossary
You’ll add four small settings (“records”) to your domain. Each has a job. Don’t worry about memorizing these — just know roughly what they do:
| Record | In plain words |
|---|---|
| MX | “Send my domain’s mail to this company.” (Here, that’s forwardemail.) |
| forward-email | “And pass it along to this Gmail address.” |
| SPF | “These are the only servers allowed to send mail as me.” (Stops fakers.) |
| DMARC | “Here’s what to do with suspicious mail pretending to be me.” |
Now let’s add them.
Step 1 — Send incoming mail to forwardemail (MX)
Add these two MX records to your domain. Both use priority 0:
Type Name Priority Value
MX yourdomain.com 0 mx1.forwardemail.net
MX yourdomain.com 0 mx2.forwardemail.net
This tells the internet: “mail for my domain goes to forwardemail.”
Step 2 — Tell it where to forward (forward-email)
Now add a TXT record that says which address goes to which inbox. The nice part: you don’t even need to make an account with forwardemail — this record is the setup.
To forward a few specific names to your Gmail:
forward-email=hello:you@gmail.com,me:you@gmail.com,contact:you@gmail.com
That means hello@, me@, and contact@ all land in you@gmail.com.
Or, to forward everything at your domain to one inbox (simpler, but you’ll get a bit more spam over time):
forward-email=you@gmail.com
Step 3 — Prove your mail is really from you (SPF)
Add another TXT record. This one lists who’s allowed to send email as your domain, which is what keeps scammers from faking your address:
v=spf1 include:spf.forwardemail.net include:_spf.google.com ~all
⚠️ Watch out #1 — don’t erase your other TXT records. Your domain can have only one SPF line, and many DNS providers (including Route 53) keep all your TXT records together in one place. If you already have a TXT record — for example, a Google site-verification for Search Console — make sure you keep it when you add this. The Route 53 example below shows how.
Step 4 — Set a safety policy (DMARC)
One more TXT record, this time on a name called _dmarc.yourdomain.com. Start it
in “just watch, don’t block” mode so nothing real gets caught by mistake:
v=DMARC1; p=none; rua=mailto:hello@yourdomain.com; adkim=r; aspf=r; pct=100
Optional shortcut: add them all at once on AWS (Route 53)
🌐 Not on AWS? Skip this section. The four records above are everything you need — add them in your own DNS provider’s control panel (Cloudflare, Namecheap, GoDaddy, etc.) and jump to Test that mail comes through. This part is just a time-saver for people already using Amazon’s Route 53.
If you are on AWS, one command does the whole thing. First, find your zone ID:
aws route53 list-hosted-zones \
--query "HostedZones[?Name=='yourdomain.com.'].Id" --output text
# → /hostedzone/ZXXXXXXXXXXXXX
Then run this. Notice the middle block keeps three TXT values together — your existing site-verification, the forwarding rule, and SPF — so nothing gets wiped:
cat > email-dns.json <<'JSON'
{
"Comment": "forwardemail forwarding + SPF + DMARC",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "yourdomain.com.",
"Type": "MX",
"TTL": 300,
"ResourceRecords": [
{ "Value": "0 mx1.forwardemail.net" },
{ "Value": "0 mx2.forwardemail.net" }
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "yourdomain.com.",
"Type": "TXT",
"TTL": 300,
"ResourceRecords": [
{ "Value": "\"google-site-verification=KEEP_YOUR_EXISTING_VALUE\"" },
{ "Value": "\"forward-email=hello:you@gmail.com,me:you@gmail.com\"" },
{ "Value": "\"v=spf1 include:spf.forwardemail.net include:_spf.google.com ~all\"" }
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "_dmarc.yourdomain.com.",
"Type": "TXT",
"TTL": 300,
"ResourceRecords": [
{ "Value": "\"v=DMARC1; p=none; rua=mailto:hello@yourdomain.com; adkim=r; aspf=r; pct=100\"" }
]
}
}
]
}
JSON
aws route53 change-resource-record-sets \
--hosted-zone-id ZXXXXXXXXXXXXX \
--change-batch file://email-dns.json
UPSERT just means “add it, or update it if it’s already there,” so it’s safe to run
again if you change something.
On any other DNS host: add the same four records by hand — two of them (the forwarding rule and SPF) are separate TXT entries on your main domain, and DMARC is a TXT entry on the
_dmarcname. That’s it.
Step 5 — Test that mail comes through
Wait a minute for the settings to spread, then check them:
dig +short MX yourdomain.com
# 0 mx1.forwardemail.net.
# 0 mx2.forwardemail.net.
dig +short TXT yourdomain.com # your forwarding rule + SPF
dig +short TXT _dmarc.yourdomain.com # your DMARC policy
Now send an email to hello@yourdomain.com from your phone or another account.
In a minute or two, it should show up in your Gmail. That’s the important half done.
Step 6 — Reply from your new address in Gmail
Right now, mail arrives in Gmail but your replies would go out from your old Gmail
address. Let’s fix that so you can send as hello@yourdomain.com.
In Gmail: Settings (⚙️) → See all settings → Accounts and Import → “Send mail as”
→ Add another email address. Type your name and hello@yourdomain.com, then click
Next.
⚠️ Watch out #2 — the easy button is gone. Google removed the simple “Send through Gmail” choice for most accounts, so it jumps straight to a settings form — and it fills in
mx1.forwardemail.net, which is wrong (that’s for receiving mail). Clear it and use Gmail’s own mail server instead:
| Setting | What to enter |
|---|---|
| SMTP Server | smtp.gmail.com |
| Port | 587 |
| Username | your full Gmail (you@gmail.com) — not the new address |
| Password | a Google App Password (steps below) |
| Connection | TLS |
The trick: Gmail logs in as you, but stamps your new address on the “From” line.
Getting a Google App Password
An App Password is a special one-time code Gmail gives you so another app can log in. Here’s how to get one:
1. Turn on 2-Step Verification (if it isn't already):
myaccount.google.com/signinoptions/two-step-verification
2. Open the App Passwords page directly (the link is hidden in the menus):
myaccount.google.com/apppasswords
3. Give it a name like "domain mail", click Create,
and copy the 16-character code it shows.
⚠️ Watch out #3 — App Passwords is hidden. Google took the link out of the menus, so you have to type
myaccount.google.com/apppasswordsinto your browser yourself. And it only shows up after you’ve turned on 2-Step Verification. If it still says “not available,” your account has extra security (Advanced Protection) that blocks it — in that case, skip this step and just reply from your normal Gmail.
Paste that 16-character code into the Password box and finish. Gmail sends a
confirmation code to hello@yourdomain.com, which forwards to your inbox — type it
in, and you’re set. From now on, when you write an email, you can choose to send it
From: hello@yourdomain.com.
Step 7 — Make sure it won’t land in spam
Send a message from your new address to mail-tester.com and aim for a score of 10/10. Or, in any Gmail you send it to, click ⋮ → Show original and check that it says SPF: PASS. That’s your proof the setup is trusted.
The honest downsides of doing it free
Nothing free is perfect. Here’s what you’re giving up, in plain terms:
- No separate inbox. Everything lives in Gmail. Great for most people; not ideal if you wanted a standalone mailbox to log into.
- You can’t fully lock out fakers yet. Because your outgoing mail is signed by
Gmail (not your own domain), you have to leave that DMARC policy on “just watch”
(
p=none). Turning it up to “block” could accidentally bounce your own mail. You still get spam protection and reports — you just can’t flip the switch to full enforcement. - A small “via gmail.com” note may show up for some readers, for the same reason.
When it’s worth paying (it’s cheap)
If you later want the “block all fakers” switch turned on, or a real separate inbox, these are the cheapest steps up:
- forwardemail.net paid (about $3/month) — lets you send through their servers with your own domain’s signature, so you can turn DMARC up to full protection. Smallest upgrade, same setup.
- A real mailbox — Zoho Mail Lite (about ₹75/month) or Google Workspace (about $7/month) if you want a standalone inbox and the best chance of never hitting spam.
For most people, none of that is needed. Four DNS records and a Gmail setting give you a real email address at your own domain — for free.