Custom Domains for Email Assets
The below guide provides examples for Cloudflare and AWS as hosting providers as a starting point. If you use a different hosting provider and require assistance, please reach out to us at the Messenger in the bottom right.
When you set up your workspace, all email assets (i.e. images, links, unsubscribe links, attachments) in your emails are served from a subdomain of intercom-mail.com
, e.g. your-workspace-name.intercom-mail.com
. We recommend using your own domain to improve the deliverability of your emails and make them more trustworthy.
If you'd like to use your own domain, you can do so by setting up a custom domain for email assets using the following steps:
Create a custom CNAME record
- Go to your DNS provider’s website (e.g. GoDaddy or Cloudflare). If you’re choosing one for the first time, go with one that supports SSL.
- Create a CNAME (‘canonical name’) record for your custom domain.
- Point it at Intercom’s host domain (This is based on your data hosting region, not where you are located geographically):
- Intercom US: your-workspace-name.intercom-mail.com
- Intercom Europe: your-workspace-name.intercom-mail.eu
- Intercom Australia: your-workspace-name.au.intercom-mail.com
You can copy the exact Intercom host domain URL of your workspace from the Link Branding Settings page.
Example: How to create a custom CNAME record with Cloudflare
Some features are only available as part of CloudFlare's Enterprise plan. You will not be able to complete the setup if you do not have access to this plan. See Cloudflare's Enterprise plan page for more information.
These steps will vary, so check with your own DNS provider for support. As an example, here’s how to set up a CNAME record with Cloudflare:
- Go to the ‘DNS’ section for your domain in Cloudflare and add a CNAME record for your email assets custom domain.
- Give the CNAME a Name based on the first part of your custom domain e.g. if you want your custom custom domain to be emails.example.com, use emails.
- Point it at the Intercom host domain. Depending on your data hosting region, it will look like one of these:
- Intercom US: your-workspace.intercom-mail.com
- Intercom Europe: your-workspace.intercom-mail.eu
- Intercom Australia: your-workspace.au.intercom-mail.com
- The proxy status should be turned on.
DNS changes can sometimes take up to 72 hours to take effect, but are typically much faster.
Configure SSL
After you set up a custom domain, you must also add SSL support to your domain.
SSL (or TLS), is the most widely used way to secure the connection between your server and your browser. It ensures the connection between the server and browser is encrypted and safe, and appears as HTTPS.
There are two ways to set up SSL with a custom domain for email assets:
- Use a flexible SSL (using a third-party DNS provider like CloudFlare or AWS CloudFront)
- Use your own SSL certificate (using a TLS Termination Proxy)
Example: How to Configure SSL with Cloudflare
Rewriting host headers is only available as part of CloudFlare's Enterprise plan. You will not be able to take the following steps if you do not have access to this plan. See Cloudflare's Enterprise plan page for more information.
Add SSL support to your domain
Go to the ‘SSL/TLS’ section and change SSL to ‘Full’.
Create a page rule to enforce HTTPS
Go to ‘Rules -> Page Rules’ and create a new page rule with the following settings:
- If the URL matches:
http://emails.example.com/*
, replacing it with your own custom domain - Then the settings are:
Always use HTTPS
Watch out for typos! The protocol in the URL should be HTTP not HTTPS.
Create a page rule to override the host header
Go to ‘Rules -> Page Rules’ again and create a new page rule with the following settings:
- If the URL matches:-
https://emails.example.com/*
- Then the settings are:
Host Header Override
- Value: Intercom host URL e.g.
your-workspace.intercom-mail.com
Watch out for typos! The protocol in the URL should be HTTP not HTTPS.
Disable Cloudflare page speed features
Go to ‘Speed -> Optimization’ and disable Rocket Loader and Mirage for your email assets custom domain.
Example: How to configure SSL with AWS
Create a CloudFront Distribution
- Sign in to the AWS Management Console and open the CloudFront console.
- Choose Create Distribution
- Update the 'Origin' settings.
- Origin domain: Intercom host domain, e.g.
your-workspace.intercom-mail.com
- Protocol:
HTTPS only
. - Minimum origin SSL protocol:
TLSv1.2
.
- Origin domain: Intercom host domain, e.g.
- Update the 'Default cache behavior' settings.
- Update 'Cache key and origin requests':
- Cache policy and origin request policy
- Cache policy:
CachingDisabled
- Origin request policy:
AllViewerExceptHostHeader
- Under origin 'Settings'
- 'Alternate domain name (CNAME)': your subdomain to be used for assets, e.g.
emails.example.com
- You must associate a certificate. You need a certificate that matches your domain.
Create a CNAME record
- Copy your distribution domain name
- Navigate to your domain provider and create a new CNAME record
- For host/name input your subdomain (ex.
emails
) - For value input your CloudFront distribution domain name
How to Use your own SSL certificate with Apache
The SSL certificate used by your email assets is a shared certificate signed by your DNS provider. It uses SNI (Server Name Indication) to secure your site.
If you wish to host your own security certificates, you can do so through a TLS termination proxy. You’ll need to edit the configuration file on your proxy webserver.
Here are the basic instructions to set up your own SSL using Apache webserver:
# Prerequisites: mod_ssl, mod_proxy and mod_proxy_http should be enabled # Step 1: Acquire an SSL certificate and private key (e.g. LetsEncrypt.org) # Step 2: Set up Apache proxy settings, example below. # Step 3: Set custom domain in Intercom Help Center settings # Step 4: Make sure your custom domain's DNS record resolves to your Apache server <IfModule mod_ssl.c> <VirtualHost *:443> ServerName your-help-site.custom-domain.com # specify your custom domain here # Set SSL options for your own domain SSLEngine on SSLCertificateFile /path/to/your/fullchain.pem SSLCertificateKeyFile /path/to/your/privatekey.pem # Proxy SSL options SSLProxyEngine on SSLProxyVerifyDepth 10 SSLProxyCheckPeerCN off SSLProxyCheckPeerName on # Set up the reverse proxy to Intercom ProxyPreserveHost Off ProxyAddHeaders Off ProxyPass / https://your-workspace.intercom-mail.com/ ProxyPassReverse / https://your-workspace.intercom-mail.com/ </VirtualHost> </IfModule>
There are many ways to set up your own SSL certificate - we can’t guarantee that we can support every type of proxy setup. If you have specific needs, we can't support you in configuring it.
Note that you may also need to add redirect from HTTP protocol (port 80) to HTTPS as part of your server configuration.
While most modern browsers support SNI, a few older ones don’t. If you’re supporting those browsers, you should use your own SSL certificate instead. Check with your DNS provider to see if this option is available.
Enter the newly registered custom domain in Intercom Link branding
The last remaining step is specifying your custom domain in Intercom's Link branding page (US, EU and AU links).