
How to Correctly Set Email DNS Records for a Domain
Published on February 21, 2025
How to Correctly Set Email DNS Records for a Domain
Setting up email DNS records correctly is crucial to ensure reliable email delivery, prevent spoofing, and enhance security. Below are the essential DNS records required for proper email functionality and authentication.
1. MX (Mail Exchange) Records
MX records direct incoming emails to your mail server. To set them up:
-
Log in to your domain registrar's DNS management panel.
-
Create an MX record pointing to your mail provider's mail server.
-
Ensure the priority value is correctly set (lower values indicate higher priority).
Example:
yourdomain.com. 3600 IN MX 10 mail.yourmailprovider.com.
2. SPF (Sender Policy Framework) Record
SPF records define which mail servers are authorized to send emails on behalf of your domain.
-
Create a TXT record for your domain.
-
Define allowed mail servers and services.
Example:
yourdomain.com. 3600 IN TXT "v=spf1 include:mailprovider.com -all"
This record specifies that only mailprovider.com
is allowed to send emails. The -all
directive means emails from unauthorized servers should be rejected.
3. DKIM (DomainKeys Identified Mail) Record
DKIM adds a digital signature to emails, allowing recipients to verify they were sent from an authorized server.
-
Obtain the DKIM key from your email provider.
-
Create a TXT record with the provided DKIM key.
Example:
dkim._domainkey.yourdomain.com. 3600 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqh..."
4. DMARC (Domain-based Message Authentication, Reporting & Conformance) Record
DMARC instructs recipient mail servers on how to handle emails that fail SPF or DKIM checks.
-
Create a TXT record with DMARC policies.
Example:
_dmarc.yourdomain.com. 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:[email protected]; pct=100"
This configuration:
-
Rejects emails failing SPF and DKIM (
p=reject
). -
Sends reports to
[email protected]
(rua=
). -
Applies to 100% of emails (
pct=100
).
5. PTR (Reverse DNS) Record
PTR records map an IP address to a domain name, crucial for outbound email authentication.
-
Configure this via your hosting or email provider.
6. Additional Security Considerations
-
Ensure all records have the correct TTL (Time To Live), usually set to
3600
seconds. -
Use email monitoring tools to verify record propagation and performance.
Final Verification
Use online tools such as:
-
MXToolBox to verify DNS records.
-
Google's G Suite Toolbox for email authentication checks.
By properly setting up these DNS records, you can improve email deliverability, enhance security, and prevent email spoofing for your domain.