DNS Records required for custom Domain Email
Guide to DNS Records needed for Custom Domain Emails!
DNS Records required for custom Domain Email
MX Record
MX Records resolve to Machine Hostnames that operate as Mail Servers.
If you have multiple Mail Servers (Highly Available setups), you can specify a priority for which Mail Server should be attempted first.
A Name or CNAME
You will need to ensure you have either an A, AAAA, or CNAME records properly pointing to your Mail Servers to ensure the mail server specified in the MX record is resolvable to an IP address.
SPF - Sender Policy Framework
SPF is a TXT record specify which servers are authorized to send email messages from your domain. It’s essential to validate SPF syntax using a tool to avoid misconfigurations.
Here is an example of a basic SPF record… This record will allow emails coming from email.example.com and the -all will cause a rejection for all other domains.
v=spf1 include:email.example.com -all
DKIM - DomainKeys Identified Mail
DKIM records allow the receiving Mail server validate an email is from a specific domain and was authorized by the owner of that domain. This is done using public key infrastructure and is not exposed to the end users. DKIM involves a private key used by the sender to sign emails and a corresponding public key published in the DNS record. DKIM signatures can be obtained by your Email Service Provider.
DMARC - Domain-based Message Authentication Reporting and Conformance
A DMARC policy will inform Mail servers what to do with your email after it is checked against the Sender Policy Framework and DomainKeys Identified Mail records.
Basic DMARC Rule - v=DMARC1; p=quarantine;
Alignment Modes
Strict = (s) Exact DKIM Match required.
Relaxed = (r) - Subdomain Emails allowed.
Secured DMARC Rule - v=DMARC1; p=reject; adkim=s; aspf=s;
Note that adkim and aspf are optional, and relaxed is the default if unspecified.
p=quarantine: Ask the recipient platform to mark the unauthorized email as spam or quarantine the email.
p=reject: Ask the recipient platform to reject the unauthorized emails. These will not be delivered at all!
p=none: Do not quarantine or reject unauthorized emails. Usually, people only use this policy to troubleshoot or test.
References
2024
Passwords and Secrets - Best Practices Guide
BlueBotPC’s official guide to Passwords and Secrets Management.
2024 Holiday Hours
BlueBotPC 2024 Holiday Business Hours
Where to Purchase a Domain in 2024
BlueBotPCs preffered Domain Registrars in 2024!
CVE-2024-3094 XZ Vulnerability Report
BlueBotPCs responding to the XZ vulnerability.
6 Software Tools for IT Techs in 2024
6 Software Tools BlueBotPC uses everyday!
Home Network Troubleshooting
Home Networking 101
New Discord!
Announcing Official Discord Server
Non-Bot Pledge
Nonbot. Our Commitment to Human-made Content
2023
2023 Holiday Hours
BlueBotPC 2023 Holiday Business Hours
2023 New Datacenters!
New Data Centers in Chicago and Washington DC