DNS Records Overview
What are DNS records?
DNS (Domain Name System) records are instructions that live on authoritative DNS servers and provide information about a domain including IP address, mail server, and other domain settings. They act like a phone book for the internet, telling computers where to find your website and how to handle email for your domain.
Why are DNS records important for email?
DNS records are crucial for email because they tell email servers where to deliver messages for your domain (MX records), which servers are authorized to send email from your domain (SPF records), and how to verify email authenticity (DKIM and DMARC records). Without proper DNS configuration, your emails may not be delivered or could be flagged as spam.
How long do DNS changes take to propagate?
DNS changes typically take anywhere from a few minutes to 48 hours to propagate globally. This is because DNS information is cached by various servers around the world. Most changes are visible within 1-4 hours, but it's recommended to wait up to 48 hours for full propagation before testing.
Can I have multiple DNS records for the same domain?
Yes, you can have multiple DNS records for the same domain. For example, you can have multiple MX records with different priorities for redundancy, multiple TXT records for different purposes (SPF, DMARC, verification), and multiple A records for load balancing. Each record type serves a specific purpose.
MX Records
What are MX records?
MX (Mail Exchange) records specify which mail servers are responsible for receiving email messages for your domain. They tell other email servers where to deliver emails sent to addresses at your domain. Without MX records, your domain cannot receive email.
How do MX record priorities work?
MX records have priority values (0-65535) where lower numbers indicate higher priority. The mail server with the lowest priority number receives email first. If that server is unavailable, email is sent to the server with the next lowest priority. This provides redundancy and failover protection.
What happens if my MX records are missing?
If MX records are missing, your domain cannot receive email. All emails sent to addresses at your domain will bounce back to the sender with an error message. This is a critical issue that must be fixed by adding MX records pointing to your email server.
How do I set up MX records for Gmail?
To use Gmail with your domain, add these MX records: Priority 1: aspmx.l.google.com, Priority 5: alt1.aspmx.l.google.com, Priority 5: alt2.aspmx.l.google.com, Priority 10: alt3.aspmx.l.google.com, Priority 10: alt4.aspmx.l.google.com. Contact your domain registrar or DNS provider to add these records.
SPF Records
What is an SPF record?
SPF (Sender Policy Framework) is a DNS TXT record that specifies which mail servers are authorized to send email from your domain. It helps prevent email spoofing and phishing by allowing receiving servers to verify that emails claiming to be from your domain are actually sent from authorized servers.
How do SPF records prevent spam?
SPF records prevent spam by creating a whitelist of authorized sending servers for your domain. When an email server receives a message claiming to be from your domain, it checks the SPF record to verify the sending server is authorized. If not, the email can be rejected or flagged as suspicious.
What's a good SPF record format?
A basic SPF record format is: 'v=spf1 include:_spf.google.com ~all'. This authorizes Google's servers to send email for your domain and marks all other servers as 'soft fail' (~all). For more security, use '-all' for 'hard fail'. Always start with 'v=spf1' and end with an action like '~all' or '-all'.
Can I have multiple SPF records?
No, you should only have one SPF record per domain. Having multiple SPF records can cause authentication failures. If you need to authorize multiple services, combine them in a single SPF record using multiple 'include:' statements, like: 'v=spf1 include:_spf.google.com include:_spf.mailchimp.com ~all'.
DMARC Records
What is a DMARC record?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a DNS TXT record that tells receiving email servers how to handle emails that fail SPF or DKIM authentication. It also provides reporting on authentication results, helping you monitor and improve your email security.
How do DMARC policies work?
DMARC policies specify what action to take when emails fail authentication: 'none' (monitor only), 'quarantine' (treat as suspicious), or 'reject' (reject the email). Start with 'p=none' to monitor without affecting delivery, then gradually increase to 'p=quarantine' and finally 'p=reject' once you're confident in your setup.
What's a basic DMARC record?
A basic DMARC record for monitoring is: 'v=dmarc1; p=none; rua=mailto:dmarc@yourdomain.com'. This tells receiving servers to monitor authentication failures and send reports to the specified email address. Replace 'yourdomain.com' with your actual domain and ensure the email address exists.
Why should I use DMARC?
DMARC provides visibility into how your domain is being used for email, helps prevent email spoofing, improves deliverability by building trust with receiving servers, and provides detailed reports about authentication failures. It's considered a best practice for email security.
DKIM Records
What is DKIM?
DKIM (DomainKeys Identified Mail) adds a digital signature to your emails to prove they weren't altered in transit. The signature is created using a private key and verified using a public key stored in your DNS. This helps receiving servers trust that your emails are authentic and haven't been tampered with.
How does DKIM work?
When you send an email, your email server creates a digital signature using a private key. The receiving server looks up your public key in DNS and uses it to verify the signature. If the signature is valid, it proves the email came from an authorized server and wasn't modified during transmission.
Where are DKIM records stored?
DKIM public keys are stored as DNS TXT records, typically on subdomains like 'selector1._domainkey.yourdomain.com' or 'default._domainkey.yourdomain.com'. The exact subdomain depends on your email service provider. The record contains the public key that receiving servers use to verify your email signatures.
How do I set up DKIM?
DKIM setup varies by email provider. Most providers will generate the DKIM record for you. You'll need to add the provided TXT record to your DNS. Common providers like Gmail, Mailchimp, and SendGrid have specific instructions in their documentation. Contact your email service provider for the exact DKIM record to add.
A and AAAA Records
What are A records?
A records map your domain name to IPv4 addresses (like 192.168.1.1). They tell computers where to find your website when someone types your domain name. While not directly related to email, they're essential for your domain's basic functionality and may be used for webmail interfaces.
What are AAAA records?
AAAA records are similar to A records but map your domain to IPv6 addresses (like 2001:db8::1). IPv6 is the newer version of the internet protocol and provides better performance and more addresses. AAAA records are not required for email but improve overall domain performance.
Do A/AAAA records affect email deliverability?
A and AAAA records don't directly affect email deliverability, but they're important for your domain's overall reputation and functionality. They're mainly used for website hosting and webmail interfaces. Email deliverability is primarily controlled by MX, SPF, DKIM, and DMARC records.
Can I have both A and AAAA records?
Yes, you can and should have both A and AAAA records for your domain. This provides dual-stack support, allowing your domain to work with both IPv4 and IPv6 networks. Having both records improves compatibility and performance across different network configurations.
Troubleshooting DNS Issues
How do I check my DNS records?
You can check your DNS records using our free DNS Record Checker tool, online DNS lookup tools like nslookup or dig, or through your domain registrar's DNS management interface. Our tool provides a comprehensive analysis of MX, SPF, DMARC, DKIM, A, and AAAA records with an email deliverability score. Try checking a domain now by visiting our DNS Record Checker.
What are common DNS configuration mistakes?
Common mistakes include: missing MX records, incorrect SPF record syntax, multiple SPF records, missing DMARC records, incorrect DKIM record format, typos in record values, and not waiting for DNS propagation before testing. Always double-check record syntax and test after making changes.
How do I fix DNS record issues?
To fix DNS issues: 1) Identify the problem using a DNS checker tool, 2) Contact your domain registrar or DNS provider, 3) Use their DNS management tools to add or modify records, 4) Wait for propagation (up to 48 hours), 5) Re-test to verify the fix. Most providers have step-by-step guides for common configurations.
Why are my DNS changes not showing up?
DNS changes can take time to propagate globally. If changes aren't showing up: 1) Wait up to 48 hours for full propagation, 2) Clear your browser cache and DNS cache, 3) Try checking from different locations or using different DNS servers, 4) Verify the records were saved correctly in your DNS management interface.
Email Deliverability and DNS
How do DNS records affect email deliverability?
DNS records are fundamental to email deliverability. MX records ensure emails can reach your domain, SPF records prevent spoofing and improve trust, DKIM records add authentication, and DMARC records provide policy enforcement. Proper DNS configuration significantly improves your sender reputation and inbox placement.
What's a good email deliverability score?
Our DNS checker provides scores from 0-100%: Excellent (90-100%) means all essential records are present, Good (70-89%) means MX and SPF are present but missing DMARC or DKIM, Fair (50-69%) means MX is present but missing SPF, and Poor (0-49%) means missing critical records like MX or authentication records.
Which DNS records are most important for email?
MX records are the most critical - without them, your domain cannot receive email. SPF records are very important for preventing spoofing and spam filtering. DMARC records are important for monitoring and policy enforcement. DKIM records are recommended for additional authentication. A/AAAA records are least important for email.
How often should I check my DNS records?
Check your DNS records: 1) After making any changes, 2) When setting up a new domain, 3) When changing email providers, 4) If you notice deliverability issues, 5) At least quarterly as part of regular maintenance. Regular monitoring helps catch issues before they affect your email delivery.
MailMoxie
Professional email deliverability, accessibility, spam score testing, and consulting services. Make sure your emails reach the inbox, not the spam folder.
Services
Free Tools
© 2025, Krillium LLC. All rights reserved.
Made with ❤️ for better emails.