Essential email DNS records and how to set them up
Email is ubiquitous in our communications; we send and receive emails without really thinking about it. But behind the scenes of our email clients and email delivery platforms, there’s a complex ecosystem made up of countless components to ensure each email reaches the inbox.
Part of this lies in the Domain Name System (DNS), a web of interconnected servers that translates user-friendly domain names into machine-friendly IP addresses. But, when it comes to email, DNS records play an even more critical role in ensuring your messages actually reach the intended recipients.
In this article, we’ll explore the different types of email DNS records, how to set them up, and why they’re essential if you want to send emails reliably and securely. Are you ready to master the art of email delivery? Let’s dive in!
What is DNS? A brief overview
You probably already know that the internet is basically a huge network of connected computers and devices. Well, in order for them to communicate with each other, they need to have unique identifiers—these are IP addresses. And because remembering a bunch of numbers to connect to every single server isn’t convenient, DNS steps in. Like a magical Yellow Pages, it translates numerical IP addresses into their corresponding domain names—which are much easier to read and remember.
When a user types a domain name (like google.com) into their web browser, the browser sends a DNS query to a DNS server. The DNS server then looks up the IP address associated with the domain name and returns it to the browser so it can take the user to the desired web page. So how does this all relate to email? To understand this, we first need to understand DNS records.
What are DNS records?
DNS records are pieces of information that are stored in the DNS database. They provide important details about a domain name, such as the IP address and mail server information. Going back to the Yellow Pages analogy (it’s the easiest way to understand, promise!) which contains businesses and individuals along with their contact information, DNS records contain the corresponding information for each domain name.
Why are DNS records important for sending email?
There are several types of DNS records, some of which are crucial for securely and reliably sending emails as they can affect your deliverability. This is because when you send an email, the recipient’s mail server might perform some extra checks to ensure you’re a legitimate sender and the email isn’t spam. This could involve a DNS lookup of your email address domain to authenticate your identity.
If the domain’s DNS records aren’t properly configured, it could result in your emails going straight to spam or worse, being rejected completely. If you want your emails to reach the inbox, proper DNS configuration is a must!
What’s more, not only does this help you to improve and maintain healthy deliverability, but it also makes sending emails via SMTP (Simple Mail Transfer Protocol) more secure. One way it does this is by protecting you and your recipients from potential phishing and spoofing attacks, where a bad actor may attempt to use your domain to mislead recipients.
Essential DNS records for sending and tracking emails
Now for the technical part! Let’s take a look at which DNS records identify mail servers.
1. TXT record
A TXT record is used to store text data in the DNS database. It typically stores readable text, hence the name, but can actually store any type of data. The primary use for TXT records is for email authentication—it’s where you’ll add your SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) records, although DKIM can also be added as a CNAME record.
Both SPF and DKIM contain information about the servers that are authorized to send emails on behalf of a domain. They are used by recipient mail servers to verify that senders really are who they claim to be.
SPF record
An SPF record configured in your DNS TXT record will define which IP addresses are allowed to send emails from your domain. In addition to helping your deliverability, it also helps to prevent unauthorized IPs from sending emails through your domain.
You may need to include multiple SPF values in your DNS, however, you can only have one SPF record. This is where SPF concatenation comes in. Learn how to merge multiple SPF records in our guide.
How to implement an SPF record
Most Email Service Providers (ESPs) will hand over an SPF record when you set up your account with them. If you’re a MailerSend user, we’ll provide this for you when you go to verify your domain.
Here’s an example of an SPF record:
v=spf1 include:_spf.mailersend.net ~all
Once your SPF record is ready, all you need to do is create a TXT record in your DNS and add it.
Add SPF records for all of the domains you own, even if you don’t send emails from all of them. This will help prevent unauthorized use of your domain.
DKIM record
DKIM makes your emails more secure by adding an encrypted digital signature to your emails. A private encrypted key is used to encode your email headers, and a public DKIM key is needed to decode the message header contents. Where is the public key located? You guessed it—in your DKIM record published on the DNS.
How to implement DKIM
Again, the DKIM key is usually provided by your ESP. Keep in mind that you’ll need a separate DKIM key for each domain.
With MailerSend, you'll add DKIM as a CNAME record, here's an example:
Name:
mlsend2._domainkey.test.com
Value:
mlsend2._domainkey.mailersend.io
By adding DKIM as a CNAME record, rather than contain the key, the record contains a pointer to the key. This makes it more secure, scalable and flexible. With many other ESPs, you'll need to add DKIM as a TXT record.
Here’s an example of DKIM as a TXT record:
lbc._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; s=email; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/LjZpwn6buX4VLTbb6QAGst3qLvKj3C98hj6Mg2C5qGiEs52fNklvtcMdBovacaEuSSxScFm+55P1whqRkPUz8StHP4sxV83hpFQ87NZMemeMmkPsfdOo/N2OpypZtULxzGJlS7E593IbaiQVDkOR4FRA+flMnxFSBkKQdcYXTQIDAQAB" ) ; ----- DKIM key lbc for lefkosiabadmintonclub.com
Publish your public DKIM key to your DNS as a TXT record. And save the private key to your SMTP server or MTA—if you’re using an ESP you won’t need to do this.
2. MX record
A DNS MX (Mail Exchange) record directs mail to a mail server by specifying which server is responsible for accepting messages on behalf of a domain. So, when a user sends an email, let’s say to info@mailersend.com, the email client will query the DNS server for the MX record of the domain (mailersend.com) to find which server is responsible for handling mail, and therefore, where the message should be sent to.
How to implement an MX record
An MX record contains information such as the hostname and IP address of the email server, as well as priority values for multiple mail servers, in the case that the primary server is unavailable.
Your ESP will provide your MX record value. All you need to do is head to your DNS records and add a new MX record.
In MailerSend, when you go to verify your domain, toggle on Inbound domain forwarding to reveal your MX record.
3. CNAME record
Canonical name records, more commonly known as CNAME records, map one domain to another. For example, a subdomain to a domain. They aren’t generally used for sending emails, but you can use them if you want to configure a couple of additional options with your ESP. This includes implementing a return-path email address, for failed delivery receipts, or for using custom URLs in your emails that can still track opens and clicks.
How to implement a CNAME record
Once again, your ESP will provide you with the CNAME values to add to your DNS records. In MailerSend, you’ll want to toggle on Custom DNS records for tracking to reveal your CNAME record for custom domain tracking. You’ll then add these values in a CNAME record in your domain’s DNS settings.
A CNAME record will comprise of a record name and a record value. These refer to the alias you’re creating the record for and the domain that the alias should point to, respectively.
Setting up your DNS records with MailerSend
MailerSend provides the values for your SPF, DKIM, MX and CNAME records when you go to verify a domain. All you need to do then is head to your sending domain’s DNS page and create the corresponding records and enter these values. You can also easily share your records and the instructions for implementing them with a colleague by clicking the Share records button.
To add a new domain, click Domains under the Email tab in the left-hand navigation menu, then click Add domain. You'll be prompted to verify the domain before you can use it.
Check out our guide on how to add and verify a sending domain for a more detailed, step-by-step process. The guide also contains information on how to configure DNS settings for several popular domain providers including GoDaddy, NameCheap, Cloudflare, and Google Cloud.
If you'd rather get started later, no worries! When you add your domain in MailerSend, your domain registrar will be automatically detected and the specific steps on how to set up your DNS records will be provided.
If you’re using a third-party service to manage your DNS for example, Cloudflare, you’ll need to edit your DNS records from there, not your domain name registrar.
7 additional DNS records that can affect email sending
These are the other DNS records that can make a difference to your email. However, they are optional (except for the A and AAAA records) and not necessary for email delivery.
1. A and AAAA records
Both of these records hold the IP address of the domain, the difference being that the A record holds the IPv4 address, and the AAAA record the IPv6 address. They don’t really have any effect on your email, but they are two of the most important records, as they link your domain and IP.
2. PTR record
Similar to the A record, a PTR record maps an IP address to a domain, just in reverse. So instead of looking up the IP address of a given domain, the DNS query will be looking up the domain of a given IP address. This is known as reverse DNS lookup. This can affect email delivery because it’s used to verify the authenticity of the sender’s domain name.
Email servers do this by using PTR records to perform a reverse DNS lookup to verify that the corresponding domain name matches the domain name used in the email message’s “From” address. This kind of check is sometimes a part of spam filtering, meaning that if a sender's PTR record is missing or contains values that don’t match, the email may be rejected.
3. SRV record
The SRV (Service) record defines the host and port for specific communications protocols, such as email (SMTP, IMAP and POP) and voice (SIP). When the DNS server is queried by an email client, the SRV record provides the hostname and port number of the email server, which allows the client to establish a connection.
Using SRV records for email delivery is particularly useful for domains that use multiple email servers or email servers located on different networks.
4. SOA record
A DNS SOA (Start Of Authority) record is used to identify the authoritative name server for a domain. It also provides details about the domain’s zone file. SOA is not directly used for email delivery, but it does belong to the DNS infrastructure that underlies it! It helps to ensure that messages are delivered to the correct mail server and ensures consistent DNS information across all of the name servers for a domain.
5. NS record
NS (Name Server) records help identify the DNS server name that is authoritative for a particular domain. In layman’s terms, it identifies the server that contains the domain’s DNS records so that the browser, or whatever is querying the DNS, can find the domain’s IP address. Once again, the NS record is another mechanism that ensures email messages are delivered to the correct server.
6. DMARC record
If SPF is peanut butter and DKIM is jelly, DMARC is the bread bringing them both together for an extra special combination. Domain-based Message Authentication, Reporting & Conformance (phew, quite a mouthful!) is an optional email authentication protocol that binds together SPF and DKIM. It provides further protection against phishing and spoofing attacks.
It also provides a framework for Internet Service Providers (ISPs) to give feedback, allowing senders more control over how their messages are to be handled if they fail authentication. Even better, with DMARC implemented, the reports provided by ISPs allow senders to track their domain activity, troubleshoot potential issues and prevent fraudulent activity.
DMARC records are added as TXT records. You can generate DMARC records and track domain activity with MailerCheck. Check out their DMARC monitoring guide to learn how to protect your sender reputation with reports.
7. BIMI record
BIMI (Brand Indicators for Message Identification) is another optional protocol. BIMI doesn’t do anything to your email infrastructure to improve your email deliverability, but it does help to make you more identifiable and trustworthy as a sender.
It does this by tying your brand logo to your domain so that when your email messages appear in a recipient’s inbox, the logo appears right alongside it. Here’s an example:
To implement BIMI, you also need to have a DMARC record published. You’ll then need to publish your BIMI record as a TXT file in your DNS.
Check out this article to learn more about BIMI and how to set it up.
You’re ready to send!
DNS records topple over into the technical realm of email sending—we get it, it can be intimidating! But with an understanding of the DNS records that are important and relevant for email, you’re well on your way to becoming an email delivery pro! Remember that most DNS records will be provided to you by your ESP; all you need to do is add them to your domain’s DNS page—simple! Plus, by signing up for MailerSend, email delivery is as easy as pie with our SMTP relay and Email API.
Sign up now for free!
Start with MailerSend's forever free plan and get access to our email API, SMTP relay, webhooks and more.