DNS for email send

The 3 DNS Records you should use for good email delivery are:

  • Reverse DNS (PTR)
  • SPF (Sender Policy Framework)
  • DKIM (DomainKeys Identified Mail)

Reverse DNS (PTR)

Aparently the most important one to use, BUT You can only have 1 domain assigned to a PTR record. This creates a problem if you have multiple domains on a single server.

Reverse DNS does the reverse of what a normal DNS A record does, it maps IP addresses back into host names.

Generally, you want the forward (mail.yourdoman.com) and reverse DNS (xxx.xxx.xxx.xxx) lookups to match as while this is not an official requirement it helps avoid rejection.

SPF (Sender Policy Framework)

Even if an email service provider does not hard block your email, an absent or incorrect SPF record may trigger additional email filtering and this secondary filtering can often causes the email to fail.

DKIM (DomainKeys Identified Mail)

DKIM adds a digital signature to each message as it is sent. This signature is based on a private key known only to your server. You then publish a public key in your domain’s DNS record. The recipient server can then use the public key to decode the signature and be sure the message came from a server with the private key as well as knowing that it has not been altered.

Cloudflare and similar services

If you are using a service like Cloudflare then you obviously don’t want to use any DNS record that provides the IP address of your server. Doing so will make the Cloudflare protections worthless

This means you can’t use Reverse DNS or SPF records.

Feel free to comment if you can add help to this page or point out issues and solutions you have found. I do not provide support on this site, if you need help with a problem head over to stack overflow.

Comments

Your email address will not be published. Required fields are marked *