Mail Server DNS Records Cheat-SheetĀ¶
If you want to run a mail serverĀ on the public internet, you need to set upĀ your DNS Records correctly. While some DNS Records are necessary to send and receive emails, others are recommended to build a good reputation.
Required Mail Server DNS RecordsĀ¶
A RecordĀ¶
DNS A Record that will resolve to the public IP address of your mail server. This is also needed when your webĀ server has a different IP address than your mail server.
Recommended Settings Example:
| Type | Host | Points to | TTL |
|---|---|---|---|
A |
mail |
your-mail-servers-ipv4 |
1 hour |
MX RecordĀ¶
The MX record is important when you want to receiveĀ emails. This tells everyone which IP address to contact.
If you have multiple Mail Servers that need to be load-balanced use the same priority. Lower numbers are prioritized. Higher numbers can be used as backup servers.
Recommended Settings:
| Type | Host | Points to | Priority | TTL |
|---|---|---|---|---|
MX |
@ |
mail.your-domain |
0 |
1 hour |
RDNS or PTR RecordĀ¶
The reverse DNS recordĀ or also called PTRĀ (Pointer Resource Record)Ā is important when you want to send mails. Almost all mail servers check theĀ RDNS record to perform simple anti-spam checks. RDNS isĀ just like a DNS query, just backward.
Your RDNS record is not configured on your DNS server, instead,Ā itāsĀ configured on your hosting provider where you got your public IP address from.
(Optional but recommended) DNS RecordsĀ¶
SPF RecordĀ¶
The SPF (Sender Policy Framework)Ā is a TXT record on yourĀ DNS server that specifiesĀ which hostsĀ are allowed toĀ send mailsĀ forĀ a given domain.Ā When a mail server receives a mailĀ that seems to comeĀ from your domain it can checkĀ ifĀ itāsĀ a valid message. Some mail serversĀ reject mailsĀ if theyĀ canātĀ validate that the message comes from an authorized mail server.
Recommended Settings:
| Type | Host | TXT Value | TTL |
|---|---|---|---|
TXT |
@ |
v=spf1 ip4:your-mail-servers-ipv4 -all |
1 hour |
DKIM RecordĀ¶
DKIM (Domain Keys Identified Mail) allows the receiving mail server to check that an email was indeed sent by the owner of that domain. The sending mail server adds a digital signature to every mail that is sent. This signature is added as a header and secured with encryption. These signatures are not visible to the end-user.
If you want to add DKIM to your mailĀ serverĀ you first need to createĀ aĀ private and a public keypair
We use the tool OpenSSL to generate a DKIM private and public keypair.
Recommended Settings:
| Type | Host | TXT Value | TTL |
|---|---|---|---|
TXT |
dkim._domainkey |
v=DKIM1;k=rsa;p=public-dkim-key |
1 hour |
DMARC RecordĀ¶
DMARCĀ (Domain-based Message Authentication, Reporting,Ā and Conformance)Ā extends your existing SPF and DKIMĀ records.Ā It makes sure thatĀ the sender's emails are protected by SPF and DKIM and tells the receiving mail server what to do ifĀ theseĀ checksĀ fail. Ā Recommended Settings:
| Type | Host | TXT Value | TTL |
|---|---|---|---|
TXT |
_dmarc |
v=DMARC1;p=quarantine |
1 hour |
(Optional) DNS RecordsĀ¶
Autoconfiguration DNS RecordsĀ¶
IfĀ youāreĀ using mail clients like Outlook, ThunderbirdĀ on your Computer,Ā or Mobile devices they offer the ability to do an āautoconfigurationāĀ also called āAutodiscoverā. That means you just need to enter your email address and password and the mail client tries to resolve the mail serverĀ IP addresses, used ports, and encryption settings for IMAP and SMTP.Ā You can achieve this byĀ adding SRV DNS records that are defined in theĀ RFC 6186 standardĀ and some specificĀ records that are used in Outlook clients.