DNS Entries required for Email Servers

If your email server is connected to the Internet and if it sends and receive emails through Internet, you need to have multiple DNS entries added in the name server . Some of them are mandatory and others are optional but highly recommended for a smooth email delivery.

The following are the mandatory DNS entries for a Email Server.

1. Address (A) Record.

Address record mainly indicates the name to IP address mapping required.

Example:
mail.example.com. IN A 1.2.3.4

2. Mail Exchange(MX) Record
If your emails server need to receive emails from the Internet,then you need to have the MX server entry available.
MX entry mainly indicate the mail server for the domain.So after getting these details from the DNS server, source email server can find out on which server the mails to be delivered.
The following are the optional entries for the Emails server.
Example:
example.com IN MX 0 mail.example.com
where 0 indicates the priority of the mails server.It can be and integer equal or higher than zero(0)

3.PTR Record.

PTR record indicates the reverse address(IP address to name) of the servers. Most of the antispam programs do the
reverse lookup of your email servers IP address. If it is not able to find the IP address of the server then it increases the spam level of the mail and increases the chances of your emails going to SPAM folder.

Example:
4.3.2.1.in-addr.arpa. IN PTR mail.example.com

Here as you see the IP Address is reversed and added with in-addr.arpa and this has come to the left side while the actual domain name has gone to right side of IN PTR

4.SPF Record.

This Sendor policy framework (SPF) record publish the details of authorized mails servers who can send mails on behalf
of this domain.If a domain publishes an SPF record, spammers and phishers are less likely to forge e-mails pretending to be from that domain, since the forged e-mails are more likely to be caught in spam filters which check the SPF record. Therefore, an SPF-protected domain is less attractive to spammers and phishers. Since an SPF-protected domain is less attractive as a spoofed address, it is less likely to be blacklisted by spam filters and so ultimately the legitimate e-mail from the domain is more likely to get through

Example:
example.com. IN TXT “v=spf1 a mx -all”

5.DKIM Record.

DKIM records are a spam and phishing scam fighting method which works by signing outbound e-mails with a cryptographic signature which can be verified by the recipient emails server to determine if the messages originates from an authorized system.The process of signing outbound messages and verifying this signature is typically done by the e-mail servers at each end – not by end-users email-client softwares.

Example:

default._domainkey.example.com IN TXT “v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2VgCD6LufrqelSh4K9o9re5X/uN5DDlgBH+tzfdIFG+bOolH0hEphEHKFyJwu6Zi06WJILjZtY7TnNEk5wgD9AX9z9CFVTEKrQKa+aRu/lNWXjf7Hk8rhrbD95yVhXEfV/CoOQcine9gwoKTxYiA+wTRcOGxt8RUO3cZLLug6JwIDAQAB; t=s”

Here
default is the domain key selector.After p= comes the public key

Leave a Reply