Some of the links on this page may be "affiliate links". This means if you click on the link and purchase the item, we will receive a commission. To be clear, it does not cost you extra.
One of the most common challenges that site owners face when starting their online journey is to ensure the reliable delivery of emails. Emails, newsletters, or transactional notifications from a website (e.g. order confirmation email) should reach a recipient’s inbox but sometimes, critical communication finds the spam folder. Luckily, the fix is not rocket science. Besides proper content hygiene, such as avoiding spammy subject lines or too many hyperlinks in the email body, all you need is a proper DNS configuration to ensure reliable email delivery.
What’s a DNS and which one to use?
A Domain Name System or DNS translates a human-readable site address such as unakriti.com to its internet address that browsers and websites understand. Similarly, a DNS also translates a human-readable email ID such as [email protected] to an address that email clients and servers understand.
Now, WordPress or no WordPress, DNS servers have standard nomenclature to define address records. So, no matter the name service resolver your site relies upon, you can follow along with this guide. For its simple and intuitive interface, we use and recommend the free Cloudflare DNS.
What DNS records ensure reliable email services and how to generate these?
Irrespective of where you host mailboxes, or which email service provider (ESP) you use to send newsletters or transactional notifications, verify that you have the following DNS records to take care of things like email receipt, delivery into an inbox (and not the spam folder), security, or domain reputation.
If any of these are absent, add them. Do not worry if these records seem weird. Let us just figure what they do, look like, and how to get the respective values.
1. MX Record: Required for Mailboxes
Mail Exchange or MX specifies the mail server that hosts your eMail inboxes. When someone sends you an eMail, this record ensures that it is delivered to you. For a sender, an MX record is like ‘driving directions’, if you may, to reach your inbox.
Example MX record: The sample record above assumes Yandex as the mailbox provider and its published MX value is mx.yandex.net.
Type
Name
Value/Server
Priority
TTL
MX
yourdomain.com
mx.yandex.net
10
Automatic
Note: Some transaction email providers such as Amazon SES may need a separate MX record to specify a ‘mail from’ domain.
2. SPF Record: Avoid Sender’s Domain Forgery
Sender Policy Framework or SPF protects against eMail domain forgery. An SPF record establishes the origin and route of your eMails. An SPF record prevents spammers to send emails from a non-existent email ID of your domain.
There should be only one SPF record per domain and it should specify the origin for all your emails, irrespective of whether these are newsletters, transaction emails, or regular business correspondence.
Example SPF record: The sample hybrid record below assumes Yandex as the mailbox provider and Amazon AWS as the transactional email service provider. The published SPF value for Yandex mail is _spf.yandex.net and for Amazon SES, we use amazonses.com ~all. Using the published values, you may also use an automated SPF record generator tool.
Note: that some transaction email providers such as Amazon SES may need a separate SPF record to specify the ‘mail from’ domain.
3. DKIM Record: Avoid Sender’s Email ID Forgery
DomainKeys Identified Mail or DKIM consists of a set of public and private keys meant to protect against email address forgery. DKIM private key encrypts the sender’s email, which the receiver decrypts using the public key avilable on your DNS. In other words, a DKIM record prevents spammers to send emails from a valid mail ID of your domain.
Example DKIM record: DKIM records have a distinct value for each service provider. That is, even for the same domain name, Amazon SES and Yandex will have separate DKIM values.
Type
Name
Value/Server
TTL
TXT
mail._domainkey
v=DKIM1; k=rsa; t=s; p=a very long alphanumeric string
Automatic
Note: Some transaction email providers such as Amazon SES will require DKIM-specific CNAME records too.
4. DMARC Record: Develop Sender’s Reputation
Domain-based Message Reporting and Conformance or DMARC builds upon SPF and DKIM records to help senders and receivers communicate and develop trust over time.
Example DMARC record: You will need a domain name and a valid email ID to create this DNS record.
Note: Please replace the mail IDs in the DMARC record above with a valid mailbox or an alias for your domain.
How to get the values for MX, SPF, DKIM, and DMARC records?
Except for DMARC, you need to consult your mail service provider’s (e.g. Gmail/GSuite, Mailchimp, etc ) documentation to grab MX, SPF, and DKIM record values. For DMARC, you will need a domain name and a valid email ID to create this using a DMARC record generator tool.
How to verify whether DNS records for emails look good?
Ensuring reliable email delivery requires diligence. So, after all the work, is there a way to test whether the configuration is working or not? Yes, there is a relatively simple technique.
After you have defined the necessary DNS records, send a test newsletter or a test notification (transaction email) from your site. For instance, we sent a test email from Wordfence plugin to a Gmail ID.
Next, head over and log in to your Gmail account. If your site has been configured properly to send emails out, you should see a new email from your site. Click it open and look up the message headers as depicted above. When everything is set right, the email header will show SPF, DKIM, and DMARC with the PASS labels. Please refer to the screengrab below.
It is important to note that defining SPF, DKIM, and DMARC records provide an assurance and not a guarantee of reliable delivery. It is so because, besides these DNS records, email providers may also consider things like message content to decide whether the final destination of an email should be an inbox folder or any other (e.g. promotions, spam, etc). That said, these DNS records set you up for enhanced reliability and online success.
DNS Records for Email Reliability
In conclusion, ensuring reliable email delivery is a critical aspect of maintaining effective communication. By implementing the essential DNS records—MX, SPF, DKIM, and DMARC — you can significantly improve the deliverability of your emails, reduce the chances of your messages being marked as spam, and protect your domain from malicious activities.
These DNS records work together to authenticate your emails, enhance your domain’s reputation, and ensure that your messages reach the intended recipients. Stay proactive and vigilant, and your efforts will be rewarded with more successful and secure email communications.
About Us
Cloudkriti is in business since 2019. We design, develop, host, and maintain your websites. We are a fully managed cloud host, a hybrid service that combines managed cloud and managed WordPress for a seamless experience. If you are looking for a truly dynamic, easy-to-use, high-performance, and a secure website, we are here to help.