Configuring and sending emails from a custom domain is a forthcoming feature for Risk Cloud which is scheduled to be included in our 2026.6.1 release.
By default, Risk Cloud sends automated emails, such as workflow notifications, reminders, and alerts, from no-reply@logicgate.com. This presents two potential challenges:
- Recipients who aren't familiar with LogicGate, particularly external third parties like vendors who receive requests from your team, may be confused by this.
- Your organization may have spam filters that result in legitimate Risk Cloud emails being prevented from reaching your users inboxes.
With the Custom Email Domain feature, administrators can configure Risk Cloud to send emails from an address your organization owns, for example no-reply@yourcompany.com. This keeps communications on-brand, increases recipient trust, and improves email deliverability.
Only Power Users with the Admin entitlement can configure a custom email domain for your Risk Cloud environment.
Before you begin
You'll need:
- A specific email address you want Risk Cloud to send from (e.g., `no-reply@yourcompany.com`)
- Access to your organization's DNS settings, or a contact on your IT team who can add DNS records
- A few minutes for DNS changes to propagate — most providers update within minutes to a few hours, though it can occasionally take up to 48 hours
Email Verification Method
To send email on behalf of your domain reliably and securely, Risk Cloud uses two standard email authentication protocols:
- DKIM (DomainKeys Identified Mail)
This adds a cryptographic signature to outgoing emails that receiving mail servers can validate against a record published in your DNS. This proves the email was authorized by your organization. - SPF (Sender Policy Framework)
This publishes a list of servers authorized to send email from your domain. Adding Risk Cloud's sending infrastructure to your SPF record prevents receiving servers from treating your Risk Cloud emails as unauthorized.
Both records are required for your custom domain to work reliably. Risk Cloud generates both for you and they both need to be added to your DNS.
Custom Email Domain Setup
- Navigate to Admin > Integrations
- Open the Custom Email Domain card menu and select Configure
- Enter the full email address you want Risk Cloud to send from (e.g., no-reply@yourcompany.com) which will appear as the "From" address on all Risk Cloud emails once the feature is enabled
- Click Generate Records to generate DKIM and SPF records specific to your domain
- Copy your DNS records exactly as shown
Note: You can return to the Integrations page at any time to view them again - Add the records to your DNS provider and wait for verification
After you've added the DNS records, Risk Cloud will automatically begin checking your domain for verification. Once your DNS changes have propagated, your Custom Email Domain status will update to Enabled and Risk Cloud will begin sending from the address you configured.
Common DNS provider configuration areas:
- Cloudflare: DNS → Records → Add record → Type: TXT
- GoDaddy: My Products → DNS → Add → Type: TXT
- AWS Route 53: Hosted zones → your domain → Create record → Type: TXT
- Google Domains / Squarespace: DNS → Custom records → Type: TXT
Paste the Host value into the "Name" or "Host" field, and the Value into the "Value" or "Content" field. TTL can be left at the default.
Some DNS providers automatically append your root domain to the host value. If yours does, enter only the subdomain portion, for example, [token]._domainkey instead of [token]._domainkey.yourcompany.com.
Troubleshooting your Custom Email Domain
The integration card in Risk Cloud will always show one of the following statuses:
- Disabled: Custom email domain is not configured or has been turned off
- Pending: Records have been generated but DNS verification hasn't completed yet
- Enabled: Domain is verified; Risk Cloud is sending emails from your address
- Error: Verification was lost after being enabled; see below
Status is stuck on Pending
DNS propagation can take time. To check whether your records are publicly visible before the next daily verification cycle:
- Use a tool like MXToolbox TXT Lookup and enter your DKIM host value
- Or run dig TXT [token]._domainkey.yourcompany.com in a terminal
If the record appears in the lookup results, Risk Cloud will pick it up on the next check.
Status shows Error
Risk Cloud continues to check your DNS daily after verification. If your DNS records are ever removed or expire:
- Email sending will automatically revert to no-reply@logicgate.com
- The integration card will switch to an Error state
- Any emails that failed to send from your configured email during that window will be marked as failed and retried via no-reply@logicgate.com
If you see this status, your DNS records were valid at some point but are no longer resolving. Check that the TXT records are still present in your DNS provider as they may have been accidentally removed or expired. Re-add the records and the integration will re-enable automatically.
Emails are still coming from no-reply@logicgate.com
Confirm the integration card shows the Enabled status. If it shows Pending or Error, the domain hasn't been verified yet (see above) or has become unverifiable.
Emails going to spam
Confirm both your DKIM and SPF records are correctly published. If your organization uses DMARC, check with your IT team to ensure your DMARC policy doesn't block third-party senders otherwise you may need to update it to authorize Risk Cloud's sending infrastructure.
Disabling custom email domain
To stop using your custom domain and revert to no-reply@logicgate.com, open the Custom Email Domain card on the Integrations page and disable the feature. All subsequent emails will be sent from the default LogicGate address.