How we set up email routing in 20 minutes via Cloudflare and Mailgun APIs

We launched askbaily.com with a functioning eight-address email stack about 20 minutes after deciding what the addresses should be. That sounds like a product demo, but it is really a statement about what has happened to the email-infrastructure category since 2019. It is, today, the easiest part of running a consumer internet company, if you know which two APIs to use.

This is the runbook. No dashboard screenshots, no vendor pitch. The post is here so contractors thinking about upgrading their own ops, other founders looking at a similar decision, and our own ops team six months from now all have the same written reference.

The addresses

Eight addresses live at askbaily.com, plus one sending-only subdomain (mg.askbaily.com). The addresses are: [email protected] (general homeowner intake), [email protected] (onboarding and first-touch), [email protected] (open-project support), [email protected] (invoicing and payments), [email protected] (CCPA, terms, regulatory), [email protected] (contractor-side intake), [email protected] (review-collection), and [email protected] (form confirmations, transactional). All inbound mail is fan-out-routed to the ops team; all outbound mail flows through mg.askbaily.com with DKIM alignment so it lands in the inbox instead of spam.

The architecture

Inbound routing is on Cloudflare Email Routing. Outbound sending is on Mailgun Foundation. DNS is on Cloudflare. That is the full stack. There is no MX-hosted mailbox, no Google Workspace, no Microsoft 365 subscription, no third-party inbox rules. A homeowner who emails [email protected] hits a Cloudflare receive-only worker, which forwards the message to the ops team's shared Gmail label. A homeowner who replies to a Mailgun-sent message hits the same rail in reverse. The cost is Mailgun's Foundation tier (at the volume we are sending today, approximately $35/month) plus zero for Cloudflare routing.

The reason we chose this over a hosted mailbox is accountability and scriptability. Every configuration — every route, every DKIM record, every sending domain — is set through an API call we can re-run. If the infrastructure drifts, we can re-apply state from a config file. We do not rely on any dashboard-click to remain set as intended.

The runbook, step by step

First, verify the sending subdomain on Mailgun. POST to the Mailgun Domains API with the subdomain mg.askbaily.com and the region US. Mailgun returns three DNS records to add: a TXT for SPF, a TXT for DKIM, and a CNAME for tracking. Commit those to the Cloudflare DNS config via Cloudflare's API, using the records/batch endpoint if available to atomic-apply. Ask Mailgun to verify; verification usually completes in under two minutes.

Second, configure inbound routes on Cloudflare Email Routing. This is the step that used to require a full MX-hosted mailbox. As of 2023, Cloudflare Email Routing is free and supports rule-based forwarding. For each of the eight addresses, POST to the Cloudflare email/routing/rules endpoint with the matcher (the local-part) and the action (forward to the ops team's Gmail). The MX record for askbaily.com needs to point at Cloudflare's routing endpoints, which the API also configures.

Third, configure the sending credentials in the application. Mautic is the marketing platform on the NPLD side and is reused here. The SMTP DSN is smtp://postmaster%40mg.askbaily.com:<password>@smtp.mailgun.org:587. Test by sending a single message to the ops team and confirming it arrives in under 60 seconds with DKIM passing.

Fourth, set reply-to on all outbound mail to the askbaily.com address (not the mg.askbaily.com subdomain). The sending domain is aligned for deliverability; the reply-to is on the primary domain so homeowners see the expected brand in their reply field. Mailgun handles this with a simple header override.

Fifth, update the DMARC record. Start with p=none so we can monitor reports without bouncing legitimate mail. After a week of clean reports, escalate to p=quarantine; pct=25, then p=quarantine; pct=50, then p=reject. The NPLD DMARC escalation ran on the same cadence and is documented in the root repo's scheduled-todos file.

What this buys us

The operational surface is small. No inbox-merger tool, no third-party mailbox subscription, no vendor lock-in beyond a commodity transactional-mail provider we can swap in an afternoon. When a contractor emails [email protected], the message is in the ops team's queue inside of a minute. When a homeowner asks for their data via [email protected], the CCPA timeline starts the moment the message lands, and the routing is auditable end-to-end from SMTP handshake through Gmail label to the ops team's response.

The competitive angle

This is not an Angi-proof feature. It is not differentiated. It is infrastructure. The reason it belongs on the blog is that when a prospective contractor or a journalist asks "how many people does AskBaily have," the answer is intentionally small, and the answer is credible only because the infrastructure runs the way it does. A small ops team with disciplined scripted configuration serves a contractor pool that would embarrass a 50-person competitor. The email stack is the least-glamorous brick in that wall, and documenting it matters because the discipline shows up everywhere else in the product.

Caveats

Two. First, Cloudflare Email Routing has rate limits we have not hit but could at scale. Second, Mailgun's Foundation tier has a monthly send limit that works for homeowner transactional mail but would not work for bulk marketing without an upgrade. Both are documented in the ops team's runbook alongside the escalation paths.

The 20-minute figure is real. The audit trail, the scripted configuration, and the disciplined choice to keep the stack narrow are why 20 minutes was enough.