Skip to content

Communications Stack Setup Runbook

Owner: Solo Operator Last Updated: 2026-02-27 Gate: 5 (Set Up Communications) Domain: research-relay.com (DNS managed on Cloudflare) Estimated Time: 2-3 hours (plus 24-48 hours for DNS propagation)

Prerequisites

Before starting, confirm the following:

  • You have access to Cloudflare dashboard for research-relay.com
  • You have a personal email address available for initial account creation
  • You have a personal mobile phone (carrier-based, not VoIP) for verification codes
  • You have a credit or debit card for paid subscriptions

Step 1: 1Password (Do First)

All credentials created in Steps 2-3 will be stored here. Set this up before anything else.

Since you already have a 1Password subscription, skip account creation and go straight to setting up a dedicated business vault.

1.1 Create a Business Vault

  1. Open 1Password (desktop app or my.1password.com)
  2. Click the vault selector (top left) > New Vault
  3. Name it: Research Relay
  4. Click Create Vault

Store all business credentials in this vault to keep them cleanly separated from personal items.

1.2 Install 1Password Apps

If not already installed on all devices you will use for business:

  • Browser Extension: Install from 1password.com/downloads for your browser (Chrome, Firefox, Safari, etc.)
  • Desktop App: Download for macOS, Windows, or Linux from the same page
  • Mobile App: Install from the App Store (iOS) or Google Play (Android)

Log in to each app with your Master Password and Secret Key.

1.3 Set Up 1Password TOTP Authenticator

1Password replaces the need for a separate authenticator app. When any service asks you to set up 2FA with an authenticator app:

  1. The service will show a QR code and/or a text secret key
  2. In 1Password, open the Login item for that service in the Research Relay vault (or create one)
  3. Click Edit
  4. Click Add more > One-Time Password
  5. Click the QR code icon to scan, or paste the text secret key directly
  6. Click Save
  7. 1Password will now generate rotating 6-digit codes for that service
  8. Enter the current code displayed in 1Password back into the service to confirm 2FA setup
  9. Save the recovery/backup codes the service provides as a Secure Note in 1Password

1.4 Organize the Research Relay Vault with Tags

Use tags to organize items within the vault for quick filtering:

Tag Purpose
banking Mercury, Bluevine, any financial accounts
email Zoho Mail credentials and settings
phone OpenPhone/Quo credentials
hosting Cloudflare, server access, BTCPay
payments Paycron, Easy Pay Direct, Durango, payment processors
vendors Supplier accounts, shipping accounts, ShipStation

To add a tag to an item: open the item > Edit > Tags field > type the tag name.

1.5 Enable 2FA on Your 1Password Account

1Password's Secret Key + Master Password model is already more secure than most password managers. Optionally add TOTP as an additional factor:

  1. Go to my.1password.com > click your name > Manage Account
  2. Under Security, click Turn on Two-Factor Authentication
  3. Since you cannot use 1Password to authenticate 1Password itself, use a separate TOTP app:
  4. Download Authy or use another TOTP app to scan the QR code shown
  5. Enter the 6-digit verification code from the app
  6. Click Enable
  7. Save the backup codes provided. Print them and store physically in a safe place.

1.6 Print Your Emergency Kit

1Password generates an Emergency Kit PDF with your account email, Secret Key, and setup QR code. This is critical for account recovery on a new device:

  1. Go to my.1password.com > Get Emergency Kit
  2. Fill in your Master Password on the printed copy
  3. Print it and store in a physically secure location (safe, filing cabinet)
  4. Never store the Emergency Kit digitally — it contains your Secret Key

Step 2: Zoho Mail Setup

2.1 Sign Up for Zoho Mail Lite

  1. Go to zoho.com/mail/zohomail-pricing.html
  2. Find the Mail Lite column ($1/user/month billed annually = $12/year)
  3. Click Sign Up Now under Mail Lite
  4. On the signup page, fill in:
  5. Name: Your full name
  6. Email or Mobile: Your personal email address
  7. Password: Generate a strong password in 1Password (20+ characters, all character types)
  8. Click Sign Up
  9. Verify your email address by entering the OTP code Zoho sends

Immediately save these credentials in 1Password:

  • Create a new Login item in the Research Relay vault
  • Name: Zoho Mail (Admin)
  • Username: The email you signed up with
  • Password: The password you generated
  • URI: https://mail.zoho.com
  • Tags: email
  • Click Save

2.2 Add Your Domain

  1. After signup, Zoho redirects you to the Admin Console setup wizard
  2. If not redirected, go to mailadmin.zoho.com
  3. Click Add Domain (or you will be prompted automatically)
  4. Enter: research-relay.com
  5. Click Add
  6. Zoho asks you to verify domain ownership (proceed to Step 2.3)

2.3 Verify Domain Ownership via Cloudflare

Zoho offers two verification methods. Use the TXT record method (simpler for Cloudflare):

  1. In the Zoho Admin Console, select TXT Record Verification
  2. Zoho displays a verification code (looks like: zoho-verification=zb12345678.zmverify.zoho.com)
  3. Copy this value
  4. Open a new tab and go to dash.cloudflare.com
  5. Select research-relay.com from your domains list
  6. Click DNS > Records in the left sidebar
  7. Click Add Record
  8. Fill in:
  9. Type: TXT
  10. Name: @
  11. Content: Paste the verification value from Zoho (e.g., zoho-verification=zb12345678.zmverify.zoho.com)
  12. TTL: Auto
  13. Click Save
  14. Go back to the Zoho Admin Console tab
  15. Wait 1-2 minutes for Cloudflare to propagate (Cloudflare is fast)
  16. Click Verify TXT Record in Zoho
  17. If verification fails, wait 5 minutes and try again

2.4 Create Your Admin Email Account

After domain verification, Zoho prompts you to create your first email account:

  1. Username: Choose your primary address. Recommended: brandon@research-relay.com (or your first name)
  2. Password: Generate a new strong password in 1Password (different from your Zoho admin password)
  3. Click Create

Save this in 1Password:

  • Create a new Login item in the Research Relay vault
  • Name: Research Relay Email (Primary)
  • Username: brandon@research-relay.com (or whatever you chose)
  • Password: The password you generated
  • URI: https://mail.zoho.com
  • Tags: email

2.5 Configure DNS Records in Cloudflare

After domain verification, Zoho will walk you through email delivery configuration. You need to add the following records in Cloudflare. Delete any existing MX records first (e.g., if Cloudflare added default ones).

Go to dash.cloudflare.com > research-relay.com > DNS > Records.

Remove Existing MX Records

  1. Look for any existing MX records in the DNS records list
  2. Click the Edit (pencil) icon on each existing MX record
  3. Click Delete and confirm
  4. Repeat until no MX records remain

Add Zoho MX Records

Add these three MX records one at a time. Click Add Record for each:

Type Name Mail Server (Content) Priority TTL Proxy Status
MX @ mx.zoho.com 10 Auto DNS only (gray cloud)
MX @ mx2.zoho.com 20 Auto DNS only (gray cloud)
MX @ mx3.zoho.com 50 Auto DNS only (gray cloud)

MX records cannot be proxied

MX records always show "DNS only" in Cloudflare. This is correct. Do not attempt to proxy them.

Data center note

The MX values above are for the US data center (zoho.com). If Zoho placed your account on a different data center (EU, IN, AU), the Admin Console will show different values (e.g., mx.zoho.eu for EU). Use whatever values Zoho's Admin Console displays.

Add SPF Record

Click Add Record:

Type Name Content TTL Proxy Status
TXT @ v=spf1 include:zohomail.com -all Auto N/A (TXT records are not proxied)

Only one SPF record allowed

Your domain must have exactly one TXT record starting with v=spf1. If you already have an SPF record (e.g., from a previous email provider), edit it to include Zoho rather than adding a second one. Multiple SPF records will cause validation failures.

If you need to add another sender later (e.g., a transactional email service), merge them into one record: v=spf1 include:zohomail.com include:other-service.com -all

Add DKIM Record

The DKIM key is unique to your domain and must be generated in Zoho first:

  1. Go back to the Zoho Admin Console: mailadmin.zoho.com
  2. Navigate to Email Configuration > DKIM
  3. Click on your domain (research-relay.com)
  4. Zoho displays the DKIM selector name and the TXT record value
  5. The selector is typically zoho (making the full record name zoho._domainkey)
  6. Copy the long TXT value (it starts with v=DKIM1; k=rsa; p= followed by a long base64 string)

Now add the DKIM record in Cloudflare. Click Add Record:

Type Name Content TTL Proxy Status
TXT zoho._domainkey v=DKIM1; k=rsa; p=<paste the long key from Zoho> Auto N/A

DKIM propagation

DKIM records can take 4-48 hours to fully propagate. Zoho will show a warning until it detects the record. Do not worry if it does not verify immediately.

After adding the record in Cloudflare, go back to Zoho Admin Console and click Verify next to the DKIM entry.

Add DMARC Record

Click Add Record:

Type Name Content TTL Proxy Status
TXT _dmarc v=DMARC1; p=quarantine; rua=mailto:admin@research-relay.com Auto N/A

DMARC policy explained

  • p=quarantine tells receiving servers to put failed emails in spam rather than delivering them normally. This is a good starting policy.
  • rua=mailto:admin@research-relay.com means you will receive aggregate DMARC reports at this address.
  • After a few weeks of successful operation, you can tighten this to p=reject to tell receivers to completely block emails that fail authentication.

Complete DNS Records Summary

When finished, your Cloudflare DNS should contain these records for email:

Type Name Content Priority TTL
MX @ mx.zoho.com 10 Auto
MX @ mx2.zoho.com 20 Auto
MX @ mx3.zoho.com 50 Auto
TXT @ v=spf1 include:zohomail.com -all Auto
TXT zoho._domainkey v=DKIM1; k=rsa; p=<your key> Auto
TXT _dmarc v=DMARC1; p=quarantine; rua=mailto:admin@research-relay.com Auto

2.6 Verify DNS in Zoho Admin Console

  1. Go to mailadmin.zoho.com
  2. Navigate to Email Configuration (or Tools & Configurations > Email Configuration)
  3. Check each section:
  4. MX Records: Should show a green checkmark
  5. SPF: Should show a green checkmark
  6. DKIM: Should show a green checkmark (may take hours)
  7. If any show red/yellow, wait 15-30 minutes and click Verify again

2.7 Create Email Aliases

All aliases route to your primary inbox. No additional mailboxes or cost.

  1. In Zoho Admin Console, go to Users > click on your user
  2. Click Mail Accounts > Email Aliases
  3. Click Add Alias
  4. Add each alias one at a time:
Alias Purpose
hello@research-relay.com General inquiries, public-facing contact
admin@research-relay.com Administrative, vendor account registrations
orders@research-relay.com Order confirmations, fulfillment notifications
support@research-relay.com Customer support (referenced in all policies)
compliance@research-relay.com Compliance inquiries (RUO disclosure, ToS)
legal@research-relay.com Legal notices (Terms of Service)
privacy@research-relay.com Privacy requests (Privacy Policy, CCPA requirement)

For each alias:

  1. Click Add Alias
  2. Enter the alias name (e.g., hello)
  3. Click Add
  4. Repeat for all 7 aliases

2.8 Enable 2FA on Zoho

  1. Go to accounts.zoho.com
  2. Click Security > Multi-Factor Authentication
  3. Click Set up now
  4. Choose Authenticator App (TOTP)
  5. Zoho displays a QR code and a secret key
  6. Open 1Password, edit your Zoho Mail (Admin) item in the Research Relay vault
  7. Click Edit > Add more > One-Time Password and paste the secret key
  8. Save the item
  9. Enter the current 6-digit code from 1Password into Zoho
  10. Click Verify
  11. Save any recovery/backup codes Zoho provides as a Secure Note in 1Password

2.9 Test Email Sending and Receiving

  1. Go to mail.zoho.com and log in with your primary business email
  2. Test sending: Compose an email from brandon@research-relay.com to your personal email. Verify it arrives, is not in spam, and shows the correct "From" address.
  3. Test receiving: Reply to that email from your personal email. Verify it arrives in your Zoho inbox.
  4. Test aliases: From your personal email, send a message to hello@research-relay.com. Verify it arrives in your Zoho inbox.
  5. Test each alias: Repeat for admin@, orders@, support@, compliance@, legal@, privacy@. All should arrive in the same inbox.
  6. Test sending from alias: In Zoho Mail, compose a new email. Click the "From" dropdown and select hello@research-relay.com. Send to your personal email. Verify the "From" shows the alias, not your primary address.

Step 3: OpenPhone (Quo) Setup

3.1 Sign Up for OpenPhone Starter

OpenPhone rebranded to Quo but the signup and service are the same.

  1. Go to my.openphone.com/signup (or quo.com)
  2. Email: Enter your new business email: admin@research-relay.com
  3. Quo sends a 6-digit verification code to that email
  4. Log in to mail.zoho.com and retrieve the code
  5. Enter the 6-digit code on the Quo signup page
  6. Name: Enter your first and last name
  7. Account type: Select Individual (or "Just me" if prompted)
  8. Mobile verification: Enter your personal carrier mobile number (not a VoIP number -- they reject virtual numbers)
  9. Enter the SMS verification code sent to your personal phone
  10. Choose a phone number:
    • Select a US area code (choose one near your market or a recognizable area code like 415 for San Francisco, 310 for Los Angeles, etc.)
    • Quo shows available numbers -- pick one you like
    • You can also search for numbers containing specific digits
  11. Select plan: Choose Starter ($15/user/month billed annually, or $19/month billed monthly)
  12. Payment: Enter credit or debit card information
    • A temporary $1 authorization hold will appear on your card (removed in a few days)
  13. Complete signup

The 7-day free trial begins immediately.

Save credentials in 1Password:

  • Create a new Login item in the Research Relay vault
  • Name: OpenPhone / Quo
  • Username: admin@research-relay.com
  • Password: The password you created
  • URI: https://my.openphone.com
  • Tags: phone
  • Notes: Include the phone number you selected (e.g., +1-415-555-1234)

3.2 Install the Apps

  1. Desktop: Download from quo.com/downloads (macOS, Windows)
  2. Mobile: Install from App Store (iOS) or Google Play (Android)
  3. Log in with your business email and password

3.3 Set Up Voicemail

  1. Open the Quo app (desktop or mobile)
  2. Go to Settings > Phone Numbers > select your number
  3. Click Voicemail
  4. Choose Record a greeting (or upload an audio file)
  5. Record the following greeting:

"Thank you for calling Research Relay. We are unable to take your call right now. Please leave a message with your name and a brief description of how we can help, and we will return your call within one business day. For immediate assistance, you can email us at hello at research-relay dot com. Thank you."

  1. Save the voicemail greeting
  2. Enable Voicemail Transcription if not already on (included with Starter plan)

3.4 Configure Business Hours

  1. In Quo Settings > Phone Numbers > select your number
  2. Click Business Hours
  3. Set your hours (e.g., Monday-Friday, 9:00 AM - 5:00 PM Pacific)
  4. Outside business hours, calls go directly to voicemail

3.5 Enable 2FA on OpenPhone/Quo

  1. In Quo, go to Settings > Account > Security
  2. Enable Two-Factor Authentication
  3. Choose Authenticator App
  4. Scan the QR code or copy the secret key
  5. Add the TOTP key to your OpenPhone / Quo item in 1Password
  6. Enter the verification code to confirm
  7. Save recovery codes as a Secure Note in 1Password

3.6 Bank 2FA Warning

Do NOT use this number for bank or financial 2FA

OpenPhone/Quo is a VoIP number. Banks increasingly reject VoIP numbers for SMS verification. Even if it works initially, the bank can change their policy at any time and lock you out of your account.

Always use your personal carrier mobile number for:

  • Bank account verification (Mercury, Bluevine)
  • Financial institution 2FA
  • IRS identity verification
  • Any service requiring a "real" phone number

Use TOTP authenticator apps (via 1Password) or hardware security keys wherever possible instead of SMS-based 2FA.

Step 4: Post-Setup Verification

4.1 Verify DNS Propagation

Run these commands from your terminal to confirm all DNS records are live. DNS propagation can take up to 48 hours, but Cloudflare is usually near-instant.

Check MX records:

dig MX research-relay.com +short

Expected output (order may vary):

10 mx.zoho.com.
20 mx2.zoho.com.
50 mx3.zoho.com.

Check SPF record:

dig TXT research-relay.com +short

Look for this line in the output:

"v=spf1 include:zohomail.com -all"

Check DKIM record:

dig TXT zoho._domainkey.research-relay.com +short

Expected output (the key will be long):

"v=DKIM1; k=rsa; p=MIGfMA0GCS..."

Check DMARC record:

dig TXT _dmarc.research-relay.com +short

Expected output:

"v=DMARC1; p=quarantine; rua=mailto:admin@research-relay.com"

Alternative: Use nslookup (if dig is not available):

nslookup -type=MX research-relay.com
nslookup -type=TXT research-relay.com
nslookup -type=TXT zoho._domainkey.research-relay.com
nslookup -type=TXT _dmarc.research-relay.com

Online tools (if you prefer a web interface):

  • MXToolbox -- enter research-relay.com and run MX Lookup, SPF Lookup, DKIM Lookup, DMARC Lookup
  • Google Admin Toolbox -- enter research-relay.com for a comprehensive email config check

4.2 Send Test Emails to Each Alias

From your personal email, send a test message to each of these addresses. Confirm each one arrives in your Zoho inbox:

  • hello@research-relay.com
  • admin@research-relay.com
  • orders@research-relay.com
  • support@research-relay.com
  • compliance@research-relay.com
  • legal@research-relay.com
  • privacy@research-relay.com

From Zoho Mail, send a reply from each alias back to your personal email. Confirm:

  • The "From" address shows the correct alias (not your primary address)
  • The email is not flagged as spam by the recipient

4.3 Test Email Deliverability

Use a deliverability testing service to make sure your emails pass SPF, DKIM, and DMARC checks:

  1. Go to mail-tester.com
  2. The site gives you a temporary email address (e.g., test-abc123@srv1.mail-tester.com)
  3. From Zoho Mail, compose an email from hello@research-relay.com to that temporary address
  4. Write a short subject and body (e.g., "Test email from Research Relay")
  5. Click Send
  6. Go back to mail-tester.com and click Then check your score
  7. Aim for a score of 9/10 or higher
  8. If the score is low, check the detailed report for which checks failed (SPF, DKIM, DMARC, etc.) and fix accordingly

4.4 Update Domain Registrar Contact Email

Update your domain's registrant contact email to use your business address:

  1. Go to dash.cloudflare.com
  2. If your domain was registered through Cloudflare Registrar:
  3. Click your profile icon (top right) > My Profile
  4. Under Communication, update your email to admin@research-relay.com
  5. If your domain was registered elsewhere and transferred to Cloudflare:
  6. Log in to the original registrar
  7. Update the registrant contact email to admin@research-relay.com
  8. Confirm the change via the verification email sent to the old and new addresses

4.5 Store All Credentials in 1Password

Verify that every account created in this runbook has a corresponding entry in the Research Relay vault with the correct credentials, TOTP key, and recovery codes:

1Password Item Tag Has TOTP? Has Recovery Codes?
Zoho Mail (Admin) email Yes Yes (Secure Note)
Research Relay Email (Primary) email N/A (same Zoho account) N/A
OpenPhone / Quo phone Yes Yes (Secure Note)
Cloudflare hosting Verify Verify

4.6 Final Checklist

  • 1Password Research Relay vault is created with all item tags set up
  • 1Password Emergency Kit is printed and stored securely
  • Zoho Mail Lite is active with research-relay.com verified
  • All 3 MX records are in Cloudflare and verified by Zoho
  • SPF TXT record is in Cloudflare and verified by Zoho
  • DKIM TXT record is in Cloudflare and verified by Zoho
  • DMARC TXT record is in Cloudflare
  • All 7 email aliases are created and tested
  • 2FA is enabled on Zoho (TOTP stored in 1Password)
  • OpenPhone/Quo Starter plan is active with a phone number
  • Voicemail greeting is recorded and enabled
  • Business hours are configured in OpenPhone/Quo
  • 2FA is enabled on OpenPhone/Quo (TOTP stored in 1Password)
  • Email deliverability score is 9/10 or higher on mail-tester.com
  • Domain registrar contact email is updated to business email
  • All credentials, TOTP keys, and recovery codes are in 1Password

Monthly Cost After Setup

Service Plan Monthly Annual
1Password Individual (existing)
Zoho Mail Mail Lite $1.00 $12.00
OpenPhone/Quo Starter $15.00 $180.00
Total $16.00 $192.00

Troubleshooting

Zoho says "MX records not found"

  • Wait 15-30 minutes after adding records in Cloudflare, then click Verify again
  • Confirm you deleted any pre-existing MX records that were not Zoho's
  • Check that the MX record Name is @ (not blank, not your full domain)
  • Use dig MX research-relay.com to verify from your machine

Emails going to spam

  • Verify SPF record exists: dig TXT research-relay.com +short
  • Verify DKIM is set up and verified in Zoho Admin Console
  • Verify DMARC record exists: dig TXT _dmarc.research-relay.com +short
  • Run a test at mail-tester.com to identify the specific issue

Cannot receive emails at aliases

  • Confirm aliases are created under the correct user in Zoho Admin
  • Confirm MX records are correctly pointing to Zoho (not a previous provider)
  • Send a test from an external email (not from Zoho to Zoho)

OpenPhone/Quo rejects my phone number for verification

  • You must use a carrier-based mobile number (AT&T, Verizon, T-Mobile, etc.)
  • Google Voice, Skype, and other VoIP numbers are rejected
  • If your carrier number is rejected, contact Quo support

DKIM verification taking too long

  • DKIM records can take up to 48 hours to propagate
  • Double-check the record name is exactly zoho._domainkey (not zoho._domainkey.research-relay.com -- Cloudflare appends the domain automatically)
  • Verify the TXT value matches exactly what Zoho provided (no extra spaces or line breaks)