DNS configuration for Email
In this article, you’ll learn about DNS configuration for your email and why it is necessary to protect you from spam and avoid your emails being blacklisted by other servers.
If you’re confused about DNS, what it is and how it works, feel free to read our previous article first, where we go through the basics.
Why is it important?
When it comes to emails, as being a protocol from the early days of the Internet, there are not many security mechanisms. This means hackers can pretend to send an email on behalf of someone else and get away with it. The ones that have the job of protecting you from spam are the servers that receive emails, these sort some emails to your spam folder, delete some others without you even knowing and let the rest into your inbox.
As a domain owner you control that domain’s DNS entries, and configuring your public DNS records will not only help other servers trust you to receive your emails, but more importantly it will help to prevent other servers from sending emails to your users on your behalf.
How to configure DNS records
DNS Hosting Provider
You might be using a managed service that runs Domain Name System servers and allows you to publish your hostnames and important DNS records. It usually comes with a web browser based control interface as well as its own API that allows you to modify your DNS records, and provides you technical support when you need it. This option is optimal for many scenarios as the provider has multiple servers in various geographic locations that provide resilience and minimize latency for clients around the world. There are free and paid DNS hosting providers, and you can choose the one that adapts to your needs, allows you to have some control over your DNS records and offers good technical support.
Hosting Your Own DNS
Hosting your own DNS server gives you full control over your network but at the same time requires a lot more work and advanced knowledge of the DNS servers you are managing to ensure a smooth operation.
What are DNS Records
DNS records are a large-scale database system of information that contains the IP addresses, domain names, TTLs, and other information across every site on the Internet. DNS records contain instructions that live in authoritative DNS servers and provide information about which domain names each IP address is associated with. These records consist of a series of text files written in what is known as DNS syntax.
DNS Records Types
A (Address Record)
This is the most fundamental type of DNS record and its job is to point a domain to its corresponding IPv4 IP address enabling a user’s device to connect with a website, without having to type in the actual IP address.
A records only hold IPv4 addresses, for IPv6 addresses “AAAA” records are used.
AAAA (IP Version 6 Address record)
These records are exactly like DNS A records, except that they match a domain name to an IPv6 address instead of its IPv4 address.
IPv6 is the latest version of the Internet Protocol (IP), they are longer than IPv4 addresses and were created mainly because the Internet is running out of IPv4 addresses
CNAME (Canonical Name)
This record is used instead of an “A” record, when a domain or subdomain is an alias of another (canonical/primary) domain name. All CNAME records must point to a domain, never to an IP address.
It is also a common way for mapping multiple subdomains to the same main domain.
PTR (Reverse-lookup Pointer records)
A PTR record provides the domain name associated with an IP address (the opposite of A record).
It is mainly used for anti-spam, troubleshooting email delivery issues and logging. Some servers will not trust mail coming from your server unless they can do a reverse DNS lookup.
MX (Mail Exchange)
An MX record directs email to a mail server, it indicates how email messages should be routed in accordance with the Simple Mail Transfer Protocol (SMTP, the standard protocol for all email) and also which mail servers accept incoming mail for the domain.
DNS Records that teach the Internet about your email (TEXT Records)
TXT (Text Record)
This is an informational DNS record used to associate arbitrary text with a host or other name. These are used to verify domain ownership, SSL verification, and email sender policies, such as SPF records and DMARC policies. Typically carries machine-readable data such as opportunistic encryption, sender policy framework, DKIM, DMARC, etc.
TXT/SPF (sender policy framework)
This is a type of DNS TXT record that lists all the servers authorized to send emails from a particular domain. It tells the internet which servers can send email on behalf of your domain.
The Simple Mail Transfer Protocol (SMTP) does not automatically authenticate the “from” address in an email. SPF records are just one of many DNS-based mechanisms that can help email servers confirm whether an email comes from a trusted source.
These records are mainly used for preventing attacks, improving email deliverability and comply with DMARC.
TXT/DKIM (DomainKeys Identified Mail)
This is an email authentication method that helps prevent anyone from impersonating a legitimate domain.
While SPF determines who can send emails on your behalf, DKIM signs all outgoing mail with a cryptographic key that helps the receiving mail server to verify that the email is actually being sent by that domain.
TXT/DMARC (Domain-based Message Authentication Reporting and Conformance)
While SPF and DKIM determine who can send emails on your behalf, DMARC tells the receiving email server what to do after checking a domain’s Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records.
DMARC will tell you if someone is trying to send emails on your behalf without your authorization.