Initial Customer Portal Setup
DNS Records required for custom Domain Email
Setting up custom domain email for your business elevates your professional image, but navigating the technical DNS records required can be daunting for those unfamiliar with the process. Each DNS record type serves a specific purpose in the email delivery ecosystem, from verifying domain ownership to preventing email spoofing and ensuring messages reach their intended destinations. In this comprehensive guide, I’ll walk through each essential DNS record required for proper custom domain email configuration, helping you establish reliable business email that strengthens your brand identity and communication capabilities.
MX Record (Mail Exchange)
Purpose: MX Records identify the mail servers responsible for receiving email messages sent to your domain. They direct email to the proper server for processing. Without proper MX records, emails sent to your domain will have nowhere to go.
example.com. IN MX 10 mail.example.com.
example.com. IN MX 20 backup-mail.example.com.
If you have multiple Mail Servers, you can specify a priority for which Mail Server should be attempted first. The numbers “10” and “20” indicate priority - lower numbers are attempted first.
A, AAAA, or CNAME
Purpose: These records map hostnames to IP addresses or another hostname (CNAME). These ensure the mail server specified in the MX record is reachable.
mail.example.com. IN A 192.0.2.10
mail.example.com. IN AAAA 2001:db8::1
webmail.example.com. IN CNAME mail.example.com.
Using CNAME records for hosts specified directly in MX records violates DNS standards and may cause email delivery problems with certain mail servers. Always use A or AAAA records for direct mail server hostnames.
SPF Record (Sender Policy Framework)
Purpose: SPF is implemented as a TXT record that specifies which servers are authorized to send email on behalf of your domain. SPF helps prevent email spoofing by allowing receiving mail servers to verify whether a mail server is authorized to send email from your domain.
example.com. IN TXT "v=spf1 include:email.example.com ip4:192.0.2.0/24 ~all"
DKIM Record (DomainKeys Identified Mail)
Purpose: DKIM records allow the receiving Mail server validate an email is from a specific domain and was authorized by the owner of that domain. This is done using public key infrastructure and is not exposed to the end users. DKIM involves a private key used by the sender to sign emails and a corresponding public key published in the DNS record. DKIM signatures can be obtained by your Email Service Provider.
selector._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3QEKyU1fSma0axspqYK5iAj+54lsAg51vNI2l4JvRT3lFTX3aYDEXIPGLgXqlXUUWY0gSVpjOG8vA5x0aIyvc7rSLnpGdnrQAvQGaLekgJ/VQqHwJUzwAe+HkS5tJfyWAHljJ4weUY7W5bYk2TUKXWEnQWQA/yNS29sB4S0vdVQIDAQAB;"
DKIM keys should be rotated periodically (typically every 6-12 months) for security. THIS IS LIKELY DONE BY YOUR EMAIL PROVIDER! When rotating keys, add the new key before removing the old one to ensure email continuity. Keys that are too short (less than 1024 bits) may be rejected by receiving mail servers.
DMARC Record (Domain-based Message Authentication, Reporting and Conformance)
Purpose: DMARC is a TXT record that tells receiving mail servers how to handle emails that fail SPF and DKIM checks. DMARC builds on SPF and DKIM to improve domain security, provides a feedback mechanism for authentication results, and specifies how to handle failed authentication.
_dmarc.example.com. IN TXT "v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; adkim=s; aspf=s;"
Alignment Modes
Strict = (s) Exact DKIM Match required.
Relaxed = (r) - Subdomain Emails allowed.
Note that adkim and aspf are optional, and relaxed is the default if unspecified.
p=quarantine: Ask the recipient platform to mark the unauthorized email as spam or quarantine the email.
p=reject: Ask the recipient platform to reject the unauthorized emails. These will not be delivered at all!
p=none: Do not quarantine or reject unauthorized emails. Usually, people only use this policy to troubleshoot or test.
Start with “none” for monitoring, move to “quarantine” with a percentage, then finally to “reject” once you’re confident in your setup.
Testing your Custom Email Delivery
References
2025
Helpdesk Abuse Identified
Helpdesk Form Abuse Incident Report
Microsoft O365 vs Google Workspace for North Dakota Small Businesses
Learn about the differences between Microsoft Office365 and Google Workspace. Aimed at Small Business Owners.
2025 Holiday Plans
BlueBotPC’s 2025 Planned Holiday Business Hours
2024
DNS Records required for custom Domain Email
Learn how to setup DNS to enable email for your domain!
Passwords and Secrets - Best Practices Guide
BlueBotPC’s official guide to Passwords and Secrets Management.
2024 Holiday Hours
BlueBotPC 2024 Holiday Business Hours
Where to Purchase a Domain in 2024
BlueBotPCs preffered Domain Registrars in 2024!
CVE-2024-3094 XZ Vulnerability Report
BlueBotPCs responding to the XZ vulnerability.
6 Software Tools for IT Techs in 2024
6 Software Tools BlueBotPC uses everyday!
Home Network Troubleshooting
Home Networking 101 - A Basic Network Troubleshooting Guide
New Discord!
Announcing Official Discord Server
Non-Bot Pledge
Nonbot. Our Commitment to Human-made Content
2023
2023 Holiday Hours
BlueBotPC 2023 Holiday Business Hours
2023 New Datacenters!
New Data Centers in Chicago and Washington DC