Email is a primary communication method one of the most important customer retention and acquisition channels for many companies getting. At the same time, it is oftentimes a primary source of the attacks. Because of this, the success of your marketing campaigns is very dependent on deliverability rates and proper configuration of the mail server and domain name servers. This article will explain the basic configuration and best practices for email DNS settings.
DNS settings can be pretty complex and confusing for many people, especially those on the marketing or customer engagement side. This article will cover the basic steps and settings that will protect you from spam and avoid your emails being blacklisted by other servers.
Essential email DNS records explained
A (Address Record) – points a domain to a corresponding IPv4 IP address
AAAA (IP Version 6 Address record) — points a domain to a corresponding IPv6 IP address
Usage: DNS lookup of the fully qualified domain name returns the IP address
CNAME (Canonical Name) – maps one domain name (alias name) to another (canonical/primary) domain name. The major difference from the A record is that CNAME is basically an alias from one name to another. It can’t directly point to an IP address (only a domain name or a URL address). It is also a common way for mapping multiple subdomains to the same main domain.
Usage: DNS lookup for the CNAME record associated to a domain name returns the canonical/primary domain name
PTR (Reverse-lookup Pointer records) – resolves an IP address to a domain or a host name (the opposite of A record)
Usage: DNS lookup of the IP address returns a fully qualified domain name
MX (Mail Exchanger) – links domain names to FQDN (fully qualified domain name) of domain’s Mail host(s). This record indicates which mail servers accept incoming mail for the domain and where emails sent to the domain should be routed to.
Usage: DNS lookup of the domain name for a type MX record returns a list of hosts that will accept email for the domain and a number, which indicates the preferred server
TXT records:
TXT (Text Record) – is an informational DNS record used to associate arbitrary text with a host or other name. Such records are most commonly used to verify domain ownership, SSL verification, and email sender policies, such as SPF records and DMARC policies. Typically carries machine-readable data such as opportunistic encryption, sender policy framework, DKIM, DMARC, etc.
TXT/SPF (Sender Policy Framework – email authentication technique that is used against email spoofing) – Security and spam prevention measure. It links domain names to FQDN of THE domain’s mail host(s). Indicates to mail exchanges which hosts are authorized to send mail for a domain.
Usage: DNS lookup of the domain name for a type TXT record typically returns and SPF record if one exists
TXT/DKIM (Domain key) – Security and spam prevention measure. Signs all outgoing mail with a cryptographic key which helps the receiving mail server to verify that the email is actually being sent by that domain.
TXT/DMARC (Domain-based Message Authentication, Reporting, and Conformance) – Security and spam prevention measure. It is used by receiving mail servers to determine what to do if a message fails authentication. The messages can be monitored (and delivered), moved to the junk folder or rejected. Allows logging any fraudulent attempts to the domain to send an email.
Role of DNS settings in spam prevention
With all the cyber threats and phishing attacks happening these days, having a spam filter that is trained to detect spam and illegitimate email, is a must. These pam filters use SPF, DKIM and DMARC records to verify the origin of the email and the identity of the sender. So, if those records aren’t there or are not properly configured, email from such a sender is far less likely to make it through to the recipients’ inbox.
Note that that the process of configuring SPF, DKIM and DMARC records may vary for different domain registrars and DNS hosting providers. Most of them provide UI, guidelines, and technical support for DNS configuration. Mail delivery services such as Mailchimp, AWS SES, Mailgun, etc. will also provide the DNS records and guidance on how to properly set up and test those.