DNS & Domain Setup
Complete DNS Setup for Email Sending
Overview of Required DNS Records
| Record Type | Name | Purpose |
|---|---|---|
| SPF (TXT) | yourdomain.com | Authorize sending IPs |
| DKIM (CNAME/TXT) | selector._domainkey | Cryptographic signature |
| DMARC (TXT) | _dmarc.yourdomain.com | Authentication policy |
| MX | yourdomain.com | Receive bounce emails |
| PTR | IP address | Reverse DNS |
Full Example Setup
Assuming you use Amazon SES in us-east-1:
; SPF — authorize SES to send for your domain
yourdomain.com. TXT "v=spf1 include:amazonses.com ~all"
; DKIM — three CNAME records from SES console
abc._domainkey.yourdomain.com. CNAME abc.dkim.amazonses.com.
def._domainkey.yourdomain.com. CNAME def.dkim.amazonses.com.
ghi._domainkey.yourdomain.com. CNAME ghi.dkim.amazonses.com.
; DMARC — start with monitoring
_dmarc.yourdomain.com. TXT "v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com"
; MX — for bounce processing (optional, if receiving mail)
yourdomain.com. MX 10 inbound-smtp.us-east-1.amazonaws.com.
; MAIL FROM subdomain (recommended by SES)
mail.yourdomain.com. MX 10 feedback-smtp.us-east-1.amazonses.com.
mail.yourdomain.com. TXT "v=spf1 include:amazonses.com ~all"
Verification Commands
# Check SPF
dig TXT yourdomain.com +short | grep spf
# Check DKIM
dig CNAME abc._domainkey.yourdomain.com +short
# Check DMARC
dig TXT _dmarc.yourdomain.com +short
# Check MX
dig MX yourdomain.com +short
# Full check with mxtoolbox
# https://mxtoolbox.com/SuperTool.aspx
Common Mistakes
- Multiple SPF records — only ONE TXT record starting with
v=spf1per domain - Missing DKIM — each sending service needs its own DKIM
- DMARC too strict too fast — always start with
p=none - Forgetting MAIL FROM — improves alignment and deliverability