Search... ⌘ K
Get Started Contact Sales

Managing Email DNS Records

Table of Contents

Email delivery and authentication rely on several DNS record types: MX for routing, SPF for sender authorization, DKIM for message signing, and DMARC for policy enforcement. DNSimple lets you manage all of these in the Record Editor.

Email DNS records overview

Email functionality requires several types of DNS records:

  • MX records: Direct email delivery
  • SPF records: Authorize email senders
  • DKIM records: Cryptographically sign emails
  • DMARC records: Enforce email policies
  • CNAME records: Autodiscover and other services
  • TXT records: Various email-related configurations

MX records

MX (Mail Exchange) records specify which mail servers receive email for your domain. You need MX records when using an email hosting service (Google Workspace, Microsoft 365, etc.) or DNSimple’s email forwarding.

How to configure MX records

For email hosting: Add the MX records provided by your email hosting provider. Most providers require multiple MX records with different priorities.

For email forwarding: MX records are automatically added when you enable email forwarding. Do not manually add MX records for email forwarding.

Note

For detailed MX record setup, see Setting Up MX Records for Email Hosting.

SPF records

SPF (Sender Policy Framework) records authorize which servers can send email from your domain. SPF is stored as a TXT record at the root domain.

How to configure SPF

Add a TXT record at the root domain that includes all authorized email senders and ends with ~all or -all:

v=spf1 include:_spf.google.com include:spf.mtasv.net ~all

Warning

Your domain must have only one SPF record. If you use multiple email services, combine all include: statements into a single record.

Note

For detailed SPF setup, see Setting Up SPF Records.

DKIM records

DKIM (DomainKeys Identified Mail) records publish the public keys that receiving mail servers use to verify your emails were not tampered with in transit.

How to configure DKIM

  1. Get the DKIM selector and public key from each email service provider.
  2. Add a TXT record at selector._domainkey.yourdomain.com with the public key as the value.
  3. If you use multiple email services, each one may require its own selector. Add a separate record for each.

Note

For detailed DKIM setup, see Setting Up DKIM and Managing Multiple DKIM Selectors.

DMARC records

DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receiving servers what to do when SPF or DKIM checks fail, and where to send reports.

How to configure DMARC

Add a TXT record at _dmarc.yourdomain.com. Start with p=none to monitor without affecting delivery, then gradually move to p=quarantine or p=reject once you have confirmed all legitimate senders pass authentication:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

Note

For detailed DMARC setup, see Setting Up DMARC and Implementing a Gradual DMARC Policy.

CNAME records for email services

Some email providers require CNAME records for features like Autodiscover (automatic client configuration) and webmail access.

Autodiscover (Microsoft 365): autodiscover pointing to autodiscover.outlook.com. This lets email clients like Outlook configure themselves automatically.

Webmail: Some providers use a webmail CNAME pointing to their webmail server.

TXT records for email

Beyond SPF, DKIM, and DMARC (which are all stored as TXT records), email providers may require additional TXT records for domain verification or provider-specific settings. Check your provider’s documentation for any extra records they require.

Managing records in DNSimple

Using the Record Editor

Add an email DNS record
  1. Log into DNSimple with your user credentials.
  2. If you have more than one account, select the relevant one.
  3. On the header, click the tab, locate the relevant domain, and click on the name.
  4. Click the tab.
  5. Open the .
  6. Click .
  7. Select the record type.
  8. Enter the record details.
  9. Click .

To edit a record, click the edit icon, modify the details, and click . To delete a record, click the delete icon and confirm the deletion.

Best practices

  • One SPF record: Only one SPF record per domain
  • Document selectors: Keep track of DKIM selectors
  • Monitor DMARC: Review DMARC reports regularly
  • Test changes: Test after making DNS changes
  • Verify records: Use dig to verify records are published

Verifying records

Using dig

MX records:

dig +short yourdomain.com MX

SPF records:

dig +short yourdomain.com TXT | grep "v=spf1"

DKIM records:

dig +short selector._domainkey.yourdomain.com TXT

DMARC records:

dig +short _dmarc.yourdomain.com TXT

Using online tools

Common issues

Multiple SPF records

Problem: Multiple SPF records cause SPF to fail.

Solution: Combine all SPF includes into a single record.

Missing DKIM records

Problem: DKIM authentication failing.

Solution: Verify DKIM records exist and are correct for all email services.

DMARC policy too strict

Problem: Legitimate emails being rejected by DMARC.

Solution: Start with monitoring, gradually increase policy after fixing issues.

Have more questions?

If you have additional questions or need any assistance with managing email DNS records, just contact support, and we’ll be happy to help.