-1

I know that in order to hit the inbox, the main DNS records need to be properly set up. These are the main DNS records that every mail delivery system should have for their domain:

  • TLS
  • A
  • MX
  • DKIM
  • SPF
  • DMARC
  • rPTR

The ones that I mainly need help with configuring right now are the following records:

MX, DKIM, & SPF.

I have iRedMail installed on my domain at: aaronsnewsletters dot com

What exactly should I set for the MX records if I set my main mail server to mail.aaronsnewsletters dot com?

Am I supposed to set the MX records for the root/apex of the domain or do I set them to aim at the "mail.aaronsnewsletters dot com"?

Also, what about the DKIM & SPF?

Am I supposed to try pointing at the root/apex or the subdomain with the "mail."?

Any support is greatly appreciated.

Aaron Esteban
  • 1
  • Nitpick: DKIM, DMARC and now SPF are not really DNS record types. They are all just (ab)using TXT records. – Patrick Mevzek Oct 18 '20 at 19:11
  • You have to set them in your DNS records zone though. – Aaron Esteban Oct 18 '20 at 19:40
  • No. they don't exist in the DNS protocol. Various UI, CLI or API can abstract them and show you things as if they exist, but if you look at DNS traffic you will never see them. See https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4 which is the standard list of DNS record types. Note how DKIM and DMARC are not there. SPF is , but is deprecated now in favor of TXT. – Patrick Mevzek Oct 18 '20 at 19:47

1 Answers1

1

Generally:

MX records tell people how to reach your email server. You need to point your MX record to wherever you want people's email servers to send email to.

SPF records tell people who is allowed to send email as you. You need to include any mail servers that are allowed to send email on your behalf.

DKIM records tell people what your signature looks like and let them verify someone signed your emails with your signature. You need to create a public/private keypair, take the PUBLIC key and create DNS records for it, and how to find the key, and then setup DKIM signing on your mail server. This can be tricky, and the method of getting your mail server to sign messages is very dependent on how you're sending email.

If you are setting up DKIM, you should also be setting up DMARC, which tells people what to expect from messages claiming to be from you, and what to do if that's not the case.

RobbieCrash
  • 1,181
  • 9
  • 26
  • Okay, so I've done the configurations for the following domain: aaronsnewsletters.com . According to mxtoolbox, mail-tester, and several other sites, my domain has all proper configurations, but I'm still going straight to spam box. – Aaron Esteban Oct 18 '20 at 22:01
  • @AaronEsteban Correct DNS settings are necessary, but not sufficient. If you want to get out of the spam box, your subscribers need to click "Not Spam". – Michael Hampton Oct 18 '20 at 22:57
  • @AaronEsteban are messages you're sending going out as SOMETHING@aaronsnewsletters.com, or as SOMETHING@somewhereelse.com – RobbieCrash Oct 19 '20 at 01:33
  • @RobbieCrash they are going out from user1@aaronsnewsletters.com – Aaron Esteban Oct 19 '20 at 01:40
  • Check mxtoolbox's reputation checker to see if you've been blacklisted. If you're on any blacklists it will significantly reduce your deliverability to most major email providers (IE Gmail, Microsoft, etc). Otherwise, you'll also need to get your users to mark your mail as Not Spam, as @MichaelHampton suggested. – RobbieCrash Oct 19 '20 at 01:56