Various types of DNS records are essential for a mail server. To ensure the smooth exchange of emails and keep the good reputation of your mail server, this article will guide you through how to set up each type of DNS record.
For smooth email communication, it's essential to configure the DNS A and MX records so that other mail servers can reach your server over the Internet. There are also DNS records such as SPF, DKIM and DMARC, which help protect against spam and identity theft.
A record
An A record or address record maps a domain or a subdomain to its IP address. It allows end users to type in a human-readable domain name while the computer can process the IP address behind it.
Please point the A record to the IP address of Green Website:
- Name: webmail.example.com.
- TTL: 14400
- Type: A
- Record: 107.6.164.82
MX record
An MX record or mail exchanger record tells which mail servers accept emails on behalf of a domain and where emails sent to your domain should be routed through SMTP (Simple Mail Transfer Protocol).
Each MX record contains a hostname and a priority. The hostname indicates where emails should be delivered, while the priority number indicates the order in which mail servers should be used. A lower number indicates a higher priority.
- Name: example.com.
- TTL: 14400
- Type: MX
- Priority: 0
- Destination: example.com
SPF record
An SPF record or sender policy framework record helps prevent email spoofing by specifying the servers that are allowed to send emails on behalf of a domain. For more information on SPF record syntax, please visit this website.
- Name: example.com.
- TTL: 14400
- Type: TXT
- Record: v=spf1 +a +mx +ip4:107.6.164.82 ~all
DKIM record
DKIM stands for DomainKeys Identified Email. By affixing a digital signature to each outgoing email, DKIM provides a way to validate that an email is indeed authorized by the domain owner.
Before configuring DKIM, generate a public key for your mail server at the following locations in the cPanel (Email / Email Deliverability/Manage/View a DKIM Private Key).
- Name: default._domainkey.example.com.
- TTL: 14400
- Type: TXT
- Record: v=DKIM1; k=rsa; p=your looong DKIM public key
DMARC record
DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance, determines what happens to an email that fails SPF and DKIM check. With the reporting feature of DMARC, a domain owner can gain insight into the mail traffic to better detect spoofing attacks.
A DMARC record is a TXT record that includes the following tags and values:
- Name: _dmarc.example.com.
- TTL: 14400
- Type: TXT
- Record: v=DMARC1; p=none; pct=100; rua=mailto:postmaster@example.com
Tag | Value | Example |
v | DMARC version. For now, please use version "DMARC1". | v=DMARC1 |
p | Policy enforced on unauthenticated emails. p=none is a good starting point for analyzing email flows, but it is a loose policy that will not block any suspicious messages. We recommend changing to p=quarantine to better guard against domain spoofing after SPF, DKIM, and DMARC have been enabled for a while. | p=none: Monitors only. p=quarantine: Sends to a quarantine mailbox. p=reject: Rejects and blocks. |
pct | Percentage of emails to be enforced by the specified policy. | pct=100 (i.e., 100% of emails will be monitored, quarantined, or rejected.) |
rua=mailto | Email address where to receive reports. | rua=mailto:your email address |