Your Domain & Professional Email

Keep it short, memorable, and easy to spell. Check availability on Namecheap, Cloudflare Registrar, or GoDaddy. .comis the standard expectation for most customers — it's what people type by default. .devworks well for tech products. Avoid hyphens and numbers — they're hard to communicate verbally and easy to mistype.

Budget about $12/yearfor a standard .com. Premium domains cost more but rarely justify the price for a new product. If your exact name is taken, try adding "get" or "use" as a prefix (getproductname.com, useproductname.com) before resorting to a different TLD.

Namecheap and Cloudflare Registrar are the cheapest options — both charge at-cost with no markup. GoDaddy works but tends to upsell aggressively during checkout. Whichever registrar you choose, enable WHOIS privacy(usually free) so your personal address and phone number aren't publicly visible in domain lookup databases.

Turn on auto-renewalimmediately so you don't accidentally lose your domain when it expires. Expired domains get snatched by squatters within hours. Save your registrar login credentials somewhere secure — a password manager, not a sticky note. Losing access to your registrar account is one of the hardest problems to recover from.

In your registrar's DNS settings, add two records. An A record with the host set to @ (your root domain) pointing to 76.76.21.21 — this is Vercel's IP address. Then a CNAME record with the host set to www pointing to cname.vercel-dns.com.

Next, go to your Vercel project: Settings > Domains > Add your domain. Vercel will check your DNS records, verify ownership, and provision an SSL certificateautomatically — no extra configuration needed. DNS propagation typically takes 5–60 minutes, but can occasionally take up to 48 hours. You can check propagation status at dnschecker.org.

In Vercel's domain settings, set either www or non-www as your primary domain. Vercel handles the redirect from one to the other automatically. Most people prefer non-www ( yourdomain.com) because it's shorter and cleaner. Pick one and be consistent — having both versions active without a redirect splits your SEO authority between two URLs.

Go to workspace.google.com and sign up for the Business Starter plan ($7/mo). This gives you professional email, Google Drive, Calendar, and Meet under your domain. Enter your domain name during the setup flow — Google will guide you through verifying ownership.

Here's the key insight: you only need one Google Workspace subscription ever. When you launch additional products with different domains later, you add those domains as aliases to your existing account. All mail routes to one inbox. You don't pay for extra seats or extra subscriptions unless you hire people who need their own accounts.

Google provides you with MX recordsto add at your registrar. These tell email servers around the world where to deliver mail addressed to your domain. You'll typically add 5 MX recordswith different priority values — this creates redundancy so email delivery doesn't fail if one server is down.

Google also provides a TXT verification record that proves you own the domain. Add this to your DNS as well. Once the MX records propagate (usually 5–30 minutes), send yourself a test email from a different account to confirm delivery is working. Check both the inbox and spam folder.

In Google Admin > Users > your account > Email aliases, add aliases for the different addresses you want to use: hello@, support@, billing@. All of these route to your single inbox. No extra cost, no extra accounts.

When you reply to an email, Gmail lets you choose which "from" addressto send from. A customer who emails support@yourdomain.com gets a reply from that same address, not your personal account. Later, when you add additional domains, you can add those as aliases too — hello@domain1.com, support@domain2.com, all from one inbox, one subscription.

SPF (Sender Policy Framework) tells receiving email servers which mail servers are authorized to send email on behalf of your domain. Without it, anyone could send email pretending to be you, and legitimate email from your domain gets flagged as suspicious.

Add a TXT record at your registrar with the host set to @ and the value: v=spf1 include:_spf.google.com include:amazonses.com ~all. The include:_spf.google.com part authorizes Google Workspace to send on your behalf. The include:amazonses.com part authorizes Resend (which uses Amazon SES under the hood) for transactional emails. The ~all tells receivers to soft-fail anything not from those servers.

DKIM (DomainKeys Identified Mail) adds a cryptographic signatureto every email you send. Receiving servers use this signature to verify the email hasn't been tampered with in transit and actually came from your domain. It's like a wax seal on a letter.

In Google Workspace, go to Admin > Apps > Google Workspace > Gmail > Authenticate email. Click Generate new record. Google gives you a TXT record with a long string of characters — this is your public DKIM key. Add it to your DNS at the host Google specifies (usually google._domainkey). After DNS propagation, go back to Google Admin and click Start authentication.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) ties SPF and DKIM together. It tells receiving servers what to dowith emails that fail SPF and DKIM checks — let them through, quarantine them, or reject them outright. It also sends you reports so you can monitor who is sending email using your domain.

Add a TXT record with the host set to _dmarc and the value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com. Start with p=none(monitor only) — this collects reports without affecting delivery. After a few weeks of clean reports confirming only your legitimate servers are sending email, change to p=quarantine(suspicious emails go to spam). Once you're fully confident, move to p=reject (unauthorized emails are blocked entirely).