Ottieni AcelleMail — $80
DNS & Domain Setup

Custom Tracking Domain for Click URLs — AcelleMail Setup

By default every link in your emails routes through acellemail.com's tracking redirect. Replace with click.yourdomain.com — same redirect mechanics, your own brand. This guide walks the setup + the CNAME + the link-report verification.

5 min read Intermediate

Why a custom tracking domain matters

Every link in your AcelleMail campaign is auto-rewritten at send time to route through a tracking redirect. The default redirect lives at acellemail.com/c/abc/... — AcelleMail records the click, then forwards to your real URL.

Two problems with the default:

  1. Brand inconsistency — recipient sees acellemail.com in the hover preview before clicking. For B2B audiences, that breaks trust ("why is this routing through a third party?").
  2. Deliverability signal — Gmail's "show original" pane displays the rewritten URL. Some receivers cross-check sender domain vs link domain; mismatched values can downgrade reputation.

Custom tracking domain = click.yourdomain.com (or any subdomain you pick) handles the redirect instead. Same mechanics, your brand throughout.

The setup in 4 steps

Step 1: Pick your subdomain

Convention: click.brand.com or track.brand.com or links.brand.com. Pick a subdomain you don't already use for anything else (it'll be reserved for tracking redirects).

Step 2: Publish the CNAME at your DNS host

At your DNS provider (Cloudflare, Route 53, Namecheap, etc.), add:

Type:  CNAME
Name:  click.yourdomain.com   (or whatever subdomain you picked)
Value: track.acellemail.com   (the AcelleMail tracking endpoint — varies per install)
TTL:   3600 (or default)

Wait for DNS propagation (typically 5-60 minutes; can take up to 24h for stubborn caches).

Step 3: Register the tracking domain in AcelleMail

In AcelleMail, Sending → Tracking domains → Add tracking domain. Enter click.yourdomain.com + click Verify. AcelleMail dig-checks the CNAME, flips to Verified when propagation is complete.

Step 4: Attach to your sending server

Open the sending-server detail → Configuration → Tracking domain dropdown → pick the newly verified domain. Save.

Sending server detail — tracking domain field in Configuration

From the next campaign send onwards, every link uses your custom tracking domain.

Verify it's working

After a send, open the campaign report's Links tab:

Links report — click destinations

Hover over any link — the rewritten URL should now show click.yourdomain.com/... not the AcelleMail default. If still showing the default, the sending server config didn't pick up the change (re-save the server config + send a fresh test).

The Click map visualization shows where clicks land — independent of which tracking domain rewrites them:

Click map

Common UI signals + fixes

Symptom Likely cause UI fix
Tracking domain stays Pending after 1 hour CNAME not propagated Wait up to 24h; if still pending, verify CNAME at your DNS host points to the correct target
Tracking domain Verified but new campaigns still use acellemail.com Sending server's tracking-domain field not updated Sending server detail → Configuration → Tracking domain → re-pick + save
Hover preview shows weird URL (mix of yours + acellemail) Cached email body from before the change Send a fresh test; old campaigns retain their snapshot of tracking URLs
Click reports show clicks but tracking domain says 0 traffic DNS resolving differently for some recipients Test with dig click.yourdomain.com from multiple regions
CNAME conflicts with existing record at subdomain Duplicate subdomain reservation Pick a different subdomain name; can't have CNAME + A record on same name

Common conventions

Pattern Used by
click.brand.com Most common; explicit "this is a click-tracker" signal
track.brand.com Same intent, slightly more technical wording
links.brand.com Friendly; works for marketing-facing audiences
t.brand.com Short for higher-engagement industries (e-commerce flash sales) — saves URL chars in SMS-too

Stick with one convention across your account — don't have some campaigns route via click. and others via track. (recipients learn to trust the pattern; switching mid-stream creates confusion).

Advanced: HTTPS-only redirects, multi-region tracking, and security headers

HTTPS-only redirects:

By default AcelleMail's tracking domain serves the redirect over both HTTP + HTTPS. To enforce HTTPS-only (recipients clicking via HTTP get auto-upgraded to HTTPS first):

  1. AcelleMail admin → Sending → Tracking domains → [your domain] → Settings
  2. Toggle "Force HTTPS"
  3. Ensure your DNS host's TLS certificate covers the subdomain (Let's Encrypt + Caddy on the AcelleMail host is the common setup)

For Cloudflare-fronted setups, the redirect honors Cloudflare's TLS settings — set Full/Strict mode to prevent downgrade attacks.

Multi-region tracking:

If your audience is global, latency on the redirect matters. A US-hosted AcelleMail receiving Asia-side clicks adds ~200ms per hop. Two patterns:

  1. CloudFront / Cloudflare CDN in front of your tracking domain — most installs route via Cloudflare for free; the CDN's POP nearest the user handles the redirect
  2. Multi-region AcelleMail clusters — separate AcelleMail instance per region, each with its own tracking subdomain (click-us.brand.com, click-eu.brand.com). Per-campaign router selects the right tracking subdomain based on recipient region

For most senders, Cloudflare front-end is sufficient + free.

Security headers on the tracker:

The tracking endpoint redirects external URLs. Best practices:

HTTP Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin

Configure at your nginx / web-server layer. The AcelleMail tracking endpoint doesn't set these by default — you add them via your reverse-proxy config.

Programmatic verification:

# Check tracking domain is rewriting links
campaign_uid="..."
acelle_token="..."

# Fetch a campaign's links report
curl -sH "Authorization: Bearer $acelle_token" \
  "https://acellemail.com/api/v1/campaigns/$campaign_uid/links" \
  | jq '.data[0].url'

# Should show click.yourdomain.com/..., not acellemail.com/...

Run as a daily cron after sends — catches misconfiguration before customer complaints.

Rotating tracking domains:

For very large operations, multiple tracking domains can isolate reputation per campaign type:

click-marketing.brand.com  — marketing emails
click-txn.brand.com        — transactional (password resets)
click-ann.brand.com        — announcements

Different sending servers route through different tracking domains. If click-marketing ever gets blocked (rare), transactional is unaffected.

Related articles

Tagged

18 commenti

8 commenti

  1. akira.tnk88
    Our DKIM rotation broke for 2 days because we updated the active selector first, then waited to delete the old. Should be the other way — publish new, wait 48h for cache, switch sending, THEN remove old.
    1. admin
      Thanks for the breakdown. Saving for our customer-success team's reference library
  2. i.rossi.mil
    If you use Vercel or Netlify for the apex, watch out — they sometimes override TXT records via their auto-DNS feature. Bit us once with a stripped SPF record. anyway
  3. sobrien.kw
    Easy win: set up dmarcian.com (free tier) to receive your DMARC RUA reports. The first 2 weeks of reports tell you everything you didn't know about who's sending as you.
  4. bos.devops
    Hit the 10-lookup SPF limit when we tried to layer SES on top of an existing Google Workspace setup. Flattened with a tool (spfwizard.com) and it's been fine since. That tool's worth a mention.
    1. admin
      Solid case study material here. If you're open to it, we'd love to write this up as a blog post — happy to credit you anonymously or otherwise.
    2. admin (modificato)
      Worth noting — your config diverges from the recommended one in one place that often bites people. We'll send a separate note with the suggested change.
  5. linhvu.dev
    Worth noting: our DNS provider (Cloudflare) caches negative responses for 1 hour. We added a TXT record, dig showed it, but mail-tester said missing for another 40 minutes. Almost lost our minds. TTL was set to 300 but the parent zone NS cache held.
    1. admin
      Thanks for the numbers. Worth pulling into a follow-up post on volume-tier sizing.
    2. admin (modificato)
      Thanks for the detail — adding the kernel-reboot edge case to the article on the next update.
  6. nadia.r.cl
    The SPF flattening explanation finally made it click for me. I'd been hitting the 10-lookup limit and didn't understand why nesting includes counted...
  7. cw.dev.sh
    DNS setup is one of those things where you don't know what you don't know. This article should be required reading for anyone running their own mail
    1. admin (modificato)
      Thanks for the kind words. We try to keep these source-grounded so they age well.
  8. ahmed.hassan.c…
    Quick question: do receivers actually enforce the SPF -all hard fail, or do most just downrate? I've heard mixed things and I'm hesitant to switch from ~all
    1. admin
      good question — and one that comes up often enough we should add an faq section. short answer: yes for the common case; the exception is when youre running custom plugins that override the default behavior.
    2. admin (modificato)
      Honest answer: it depends on your provider. SES handles it gracefully; Mailgun is stricter. We'll add a provider-by-provider table in the next revision fwiw
    3. admin (modificato)
      There's no built-in way today. Two workarounds: (1) cron + custom script polling the API every N minutes, (2) webhook-driven if your event source supports it. Most operators go with #2.
    4. admin (modificato)
      Were aware of the silent-bail-out on deleted customers — there's an open issue for it. Workaround for now: monitor the campaign:rerun log for absence of expected log lines, alert when silent for > 20 min.

Related reading

More in DNS & Domain Setup

Gestisci il tuo email marketing sul tuo server, alle tue condizioni

Unisciti alle migliaia di aziende che hanno preso il controllo del loro email marketing con codice sorgente completo, nessun canone ricorrente e invii illimitati. Licenza una tantum $80, aggiornamenti a vita.

Ottieni AcelleMail — $80 una tantum

Get the AcelleMail newsletter

Monthly issue with new releases, deliverability tips, and self-hosting playbooks. No spam.