Domain Name System (DNS) Records
Setting up DNS records is essential to ensure your domain can send and receive authenticated emails, improve email deliverability, and prevent your emails from landing in spam.
What You'll Need:
1. Verify Your Domain (TXT Record)
Your ESP will first ask you to prove domain ownership using a TXT verification record.
Steps:
Type: TXT
Host/Name: @
Value: google-site-verification=abc123xyz456
TTL: 3600
Navigate to your ESP dashboard and verify the domain. Once verified, you can delete this record, though it's often helpful to retain it temporarily in case re-verification is required or unless your ESP specifically tells you to keep it.
2. Add MX Records (Mail Exchange)
These records direct where to deliver emails sent to your domain.
Example (Google Workspace):
Type: MX
Host/Name: @
Value: ASPMX.L.GOOGLE.COM
Priority: 1
TTL: 3600
You can add multiple MX records with different priorities.
3. Add SPF Record (Sender Policy Framework)
SPF tells mail servers which IPs or services are authorized to send email from your domain.
Example (Google Workspace):
Type: TXT
Host/Name: @
Value: v=spf1 include:_spf.google.com ~all
TTL: 3600
If you use multiple ESPs (e.g., SendGrid , Gmail), combine them:
v=spf1 include:sendgrid.net include:_spf.google.com ~all
Note:
DKIM adds a digital signature to your emails, confirming authenticity.
DKIM adds a digital signature to your emails, confirming authenticity.
Example (SendGrid):
Type: CNAME
Host/Name: s1._domainkey
Value: s1.domainkey.u1234567.wl123.sendgrid.net
TTL: 3600
Your ESP may provide 1-3 DKIM entries (e.g., s1, s2, etc.).
5. Add DMARC Record (Domain-based Message Authentication, Reporting & Conformance)
DMARC works with SPF and DKIM to tell inbox providers what to do with unauthenticated emails.
Basic Setup:
Type: TXT
Host/Name: _dmarc
Value: v=DMARC1; p=none; rua=mailto:you@yourdomain.com;
TTL: 3600
Policy Options if the authentication fails:
For cold emailing or marketing, ESPs like SendGrid or Mailgun may ask you to set up a branded tracking domain.
Example (SendGrid):
Type: CNAME
Host/Name: em
Value: u1234567.wl123.sendgrid.net
TTL: 3600
This changes your email tracking links from sendgrid.net to em.yourdomain.com.
Final Checklist & Notes:
Setting up DNS records is essential to ensure your domain can send and receive authenticated emails, improve email deliverability, and prevent your emails from landing in spam.
What You'll Need:
- Access to your domain registrar’s DNS panel (e.g., Namecheap) or your DNS hosting platform (e.g., Cloudflare)
- DNS record values provided by your Email Service Provider (ESP), like Zoho Mail, Google Workspace, SendGrid, Mailgun, etc
1. Verify Your Domain (TXT Record)
Your ESP will first ask you to prove domain ownership using a TXT verification record.
Steps:
- Log in to your DNS management panel.
- Go to the domain you want to configure.
- Add a TXT record with the values your ESP provides.
Type: TXT
Host/Name: @
Value: google-site-verification=abc123xyz456
TTL: 3600
Navigate to your ESP dashboard and verify the domain. Once verified, you can delete this record, though it's often helpful to retain it temporarily in case re-verification is required or unless your ESP specifically tells you to keep it.
2. Add MX Records (Mail Exchange)
These records direct where to deliver emails sent to your domain.
Example (Google Workspace):
Type: MX
Host/Name: @
Value: ASPMX.L.GOOGLE.COM
Priority: 1
TTL: 3600
You can add multiple MX records with different priorities.
3. Add SPF Record (Sender Policy Framework)
SPF tells mail servers which IPs or services are authorized to send email from your domain.
Example (Google Workspace):
Type: TXT
Host/Name: @
Value: v=spf1 include:_spf.google.com ~all
TTL: 3600
If you use multiple ESPs (e.g., SendGrid , Gmail), combine them:
v=spf1 include:sendgrid.net include:_spf.google.com ~all
Note:
- You can have only one SPF record per domain. (TXT records starting with "v=spf1")
- SPF allows only 10 DNS lookups, so limit the number of include: directives.
DKIM adds a digital signature to your emails, confirming authenticity.
DKIM adds a digital signature to your emails, confirming authenticity.
Example (SendGrid):
Type: CNAME
Host/Name: s1._domainkey
Value: s1.domainkey.u1234567.wl123.sendgrid.net
TTL: 3600
Your ESP may provide 1-3 DKIM entries (e.g., s1, s2, etc.).
5. Add DMARC Record (Domain-based Message Authentication, Reporting & Conformance)
DMARC works with SPF and DKIM to tell inbox providers what to do with unauthenticated emails.
Basic Setup:
Type: TXT
Host/Name: _dmarc
Value: v=DMARC1; p=none; rua=mailto:you@yourdomain.com;
TTL: 3600
Policy Options if the authentication fails:
- p=none: Monitor only
- p=quarantine: Move to spam
- p=reject: Reject unauthenticated emails
For cold emailing or marketing, ESPs like SendGrid or Mailgun may ask you to set up a branded tracking domain.
Example (SendGrid):
Type: CNAME
Host/Name: em
Value: u1234567.wl123.sendgrid.net
TTL: 3600
This changes your email tracking links from sendgrid.net to em.yourdomain.com.
Final Checklist & Notes:
- DNS Propagation can take up to 24 hours, though most updates are reflected within 15–30 minutes.
- Never create multiple SPF records. Merge all into one.
- SPF records allow only 10 DNS lookups. Be careful when including multiple ESPs.
- DKIM records must match your domain and ESP. Don't reuse from another setup.
- Keep your DNS zone clean: delete unused records to avoid clutter or slowdowns.