For emails we will need A records, CNAME records, MX Records and SPF/DKIM records. For all domain examples I will use as a domain.

CNAME and A records are the most basic records and most common. ‘A’ record tells you where the default domain is. Often the domain is represented by the @ symbol, the symbol just means CNAME record is an alias for something for example the www part of is on the same server which is being represented as @. Here is an example of a CNAME and A record.

Mail exchange (MX) records in the DNS server allow you to specify where email should be delivered. MX records specify and prioritize the incoming mail servers that receive email messages sent to your domain name. Adding MX records are the easiest part of email DNS. An example of this is below, using G suite.

Spam filters are designed to detect illegitimate email and they use these technologies: SPF (Sender policy framework), DKIM (DomainKeys identified Mail) and DMARC (Domain-based Message authentication, Reporting and Conformance). The spam filters all have corresponding DNS records that must be configured. The SPF filter asks if the IP address is allowed to send mail on behalf of Example Company, there are three responses Accept, reject and accept but send to spam. You need a record for any service that sends email on your domains behalf.

DKIM works by asking for a digital signature and will check the digital signature on the sending server. A sender creates DKIM by “signing” the email with a digital signature. The “signature” is located in the message’s header. The sending mail transfer agent (MTA) generates the signature by using an algorithm applied to the content of the signed fields. This algorithm creates a unique string of characters, or a “hash value”.

DMARC works by asking if SPF and DKIM passed then goes through a policy that tells it what to do if the email is accepted or rejected.

To setup an MX record you will need to ask your email provider for the records or find them yourself. Unlike A records and MX records, DKIM and SPF do not have their own prefix or type of record. They use TXT records. When adding a spam filter record, you will select TXT and then within the value you will specify which type.

If you set the TXT record value to “v=spf1 mx –all” it will allows the domain to send mail from the specified MX records for the domain only, prohibit all others.

If you need to send email through your CRM, AWS SES, SendGrid, or some other service that you use you will have to add those records, Your SPF Record could look like this: v=spf1 a mx ~all

Was this article helpful to you?