How to Correctly Set Email DNS Records for a Domain

Published on February 21, 2025

How to Correctly Set Email DNS Records for a Domain

Setting up email DNS records correctly is crucial to ensure reliable email delivery, prevent spoofing, and enhance security. Below are the essential DNS records required for proper email functionality and authentication.

1. MX (Mail Exchange) Records

MX records direct incoming emails to your mail server. To set them up:

  • Log in to your domain registrar's DNS management panel.

  • Create an MX record pointing to your mail provider's mail server.

  • Ensure the priority value is correctly set (lower values indicate higher priority).

Example:

yourdomain.com.  3600  IN  MX  10  mail.yourmailprovider.com.

2. SPF (Sender Policy Framework) Record

SPF records define which mail servers are authorized to send emails on behalf of your domain.

  • Create a TXT record for your domain.

  • Define allowed mail servers and services.

Example:

yourdomain.com.  3600  IN  TXT  "v=spf1 include:mailprovider.com -all"

This record specifies that only mailprovider.com is allowed to send emails. The -all directive means emails from unauthorized servers should be rejected.

3. DKIM (DomainKeys Identified Mail) Record

DKIM adds a digital signature to emails, allowing recipients to verify they were sent from an authorized server.

  • Obtain the DKIM key from your email provider.

  • Create a TXT record with the provided DKIM key.

Example:

dkim._domainkey.yourdomain.com. 3600  IN  TXT  "v=DKIM1; k=rsa; p=MIIBIjANBgkqh..."

4. DMARC (Domain-based Message Authentication, Reporting & Conformance) Record

DMARC instructs recipient mail servers on how to handle emails that fail SPF or DKIM checks.

  • Create a TXT record with DMARC policies.

Example:

_dmarc.yourdomain.com. 3600  IN  TXT  "v=DMARC1; p=reject; rua=mailto:[email protected]; pct=100"

This configuration:

  • Rejects emails failing SPF and DKIM (p=reject).

  • Sends reports to [email protected] (rua=).

  • Applies to 100% of emails (pct=100).

5. PTR (Reverse DNS) Record

PTR records map an IP address to a domain name, crucial for outbound email authentication.

  • Configure this via your hosting or email provider.

6. Additional Security Considerations

  • Ensure all records have the correct TTL (Time To Live), usually set to 3600 seconds.

  • Use email monitoring tools to verify record propagation and performance.

Final Verification

Use online tools such as:

By properly setting up these DNS records, you can improve email deliverability, enhance security, and prevent email spoofing for your domain.