Email DNS Records (Internal)
Overview
This guide covers how to configure DNS records for our email service, both for clients and internal team procedures.
DNS Records Overview
For email to work properly, these DNS records must be configured:
- MX Records - Direct incoming mail to our servers
- SPF Record - Prevent email spoofing
- DKIM Record - Email authentication
- DMARC Record - Email policy and reporting
- A Records - For mail subdomains
For Team: DNS Setup Procedure
Scenario 1: Client Using Our Web Hosting
If client has web hosting with us, we manage their DNS.
We can add all DNS records for them! Just do it via DirectAdmin or our DNS panel.
Action:
- Login to DirectAdmin or DNS management panel
- Navigate to client's domain
- Add all required email DNS records (see below)
- Client doesn't need to do anything
- Let them know it's configured
Scenario 2: Client Domain Hosted Elsewhere
Client manages DNS at their registrar or using Cloudflare.
Action:
- Generate DNS records in SmarterMail (or use standard records below)
- Send records to client via portal ticket
- Provide instructions for adding records
- Verify records after 24-48 hours
Getting Client-Specific DNS Records
From SmarterMail Admin:
- Login to
https://mail.alfieweb.com/admin - Navigate to "Manage" → "Domains"
- Click on client's domain
- Click "Technical Details" tab
- Copy DNS records shown (SPF, DKIM, DMARC)
These are client-specific because DKIM key is unique per domain.
Standard Email DNS Records
MX Records (Mail Exchange)
Purpose: Tell servers where to deliver email for this domain
Type: MX
Name: @ (or domain.com)
Priority: 10
Value: mail.alfieweb.com.
TTL: 3600
The trailing dot (.) after mail.alfieweb.com is important in some DNS panels.
SPF Record (Sender Policy Framework)
Purpose: Authorize our servers to send email for this domain
Type: TXT
Name: @ (or domain.com)
Value: v=spf1 mx ~all
TTL: 3600
What it means: Only servers listed in MX records can send email for this domain.
DKIM Record (DomainKeys Identified Mail)
Purpose: Cryptographic signature to verify email authenticity
Type: TXT
Name: dkim._domainkey (or dkim._domainkey.domain.com)
Value: [GET FROM MAILCOW - unique per domain]
TTL: 3600
DKIM value is unique for each domain! Always get it from SmarterMail admin panel.
DKIM value looks like:
v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQ...
DMARC Record
Purpose: Email policy and reporting for failed authentication
Type: TXT
Name: _dmarc (or _dmarc.domain.com)
Value: v=DMARC1; p=quarantine; rua=mailto:postmaster@domain.com
TTL: 3600
Policy options:
p=none- Monitor only (good for testing)p=quarantine- Send suspicious email to spamp=reject- Reject unauthorized email (strictest)
A Record for Mail Subdomain
Purpose: Allow webmail access via mail.clientdomain.com
Type: A
Name: mail (or mail.domain.com)
Value: [Our Server IP]
TTL: 3600
AutoDiscover/AutoConfig (Optional)
Purpose: Auto-configure email clients (Outlook, Thunderbird)
Type: CNAME
Name: autodiscover
Value: mail.alfieweb.com.
TTL: 3600
Type: CNAME
Name: autoconfig
Value: mail.alfieweb.com.
TTL: 3600
Client Instructions
For Clients Adding DNS Records
Provide these instructions when client needs to add records:
Step 1: Access DNS Management
- Login to domain registrar (Namecheap, GoDaddy, etc.) OR
- Login to Cloudflare if using their DNS
Step 2: Navigate to DNS Settings
- Look for: "DNS Settings", "DNS Management", "Zone File", or "Advanced DNS"
Step 3: Add Each Record
- Add records one by one as provided
- Use exact values (copy-paste to avoid typos)
- Pay attention to record Type (MX, TXT, A, CNAME)
Step 4: Save Changes
- Save after adding all records
- DNS propagation takes 1-24 hours (sometimes up to 48)
Step 5: Verify
- We'll verify records on our end
- Client can also use: mxtoolbox.com or dmarcian.com
Verifying DNS Records
Tools We Use
-
MXToolbox -
mxtoolbox.com/SuperTool.aspx- Check MX records
- Test SPF, DKIM, DMARC
- Check blacklists
-
DMARC Analyzer -
dmarcian.com/dmarc-inspector/- Verify DMARC record
-
Mail Tester -
mail-tester.com- Send test email
- Check spam score
- Verify all authentication
-
Command Line
# Check MX records
nslookup -type=MX domain.com
# Check SPF
nslookup -type=TXT domain.com
# Check DKIM
nslookup -type=TXT dkim._domainkey.domain.com
Verification Checklist
- MX record points to
mail.alfieweb.com - SPF record includes our servers
- DKIM record present and valid
- DMARC policy configured
- A record for mail subdomain (optional)
- Test email sends successfully
- Test email passes spam filters
Common DNS Issues
Emails Not Being Received
Cause: MX record missing or incorrect
Check:
nslookup -type=MX domain.com
Should return: mail.alfieweb.com with priority 10
Solution:
- Verify MX record added correctly
- Wait for DNS propagation (up to 48 hours)
- Check with mxtoolbox.com
Sent Emails Going to Spam
Cause: Missing SPF, DKIM, or DMARC records
Solution:
- Verify all authentication records present
- Test at mail-tester.com
- Check DKIM signature validity
- Ensure SPF includes our servers
DKIM Validation Failing
Causes:
- DKIM record not added
- Typo in DKIM value
- DNS not propagated
- Record split incorrectly (some DNS panels split long TXT records)
Solution:
- Verify DKIM record in DNS
- Compare with value from SmarterMail
- Check record not split across multiple lines
- Wait for propagation
- Test with mxtoolbox.com/dkim.aspx
DMARC Reports Not Received
Cause: Incorrect email in DMARC rua tag
Solution:
- Verify
rua=mailto:points to valid mailbox - Reports sent daily/weekly by email providers
- May take 24-48 hours to start receiving
Registrar-Specific Notes
Cloudflare
Special considerations:
- MX records: Leave cloud icon gray (not orange)
- If orange (proxied), email will fail
- TXT records: Can be proxied (doesn't matter)
Namecheap
- Advanced DNS tab
- Add records one by one
- "@" represents root domain
- Use trailing dot for MX value
GoDaddy
- DNS Management section
- May need to scroll to find TXT records section
- DKIM value may be split if too long
Google Domains / Cloudflare / Other
- Process similar across registrars
- Refer to their documentation if client has issues
- We can provide generic instructions
For Team: Adding DNS Records
In DirectAdmin (if we manage DNS)
- Login to DirectAdmin reseller panel
- Select client account
- Go to "DNS Management"
- Click "MX Records" to add MX
- Click "Add Record" for TXT records (SPF, DKIM, DMARC)
- Save each record
In Cloudflare (if we manage via Cloudflare)
- Login to Cloudflare
- Select domain
- Go to DNS tab
- Click "Add record"
- Enter details
- Important: Keep MX records unproxied (gray cloud)
- Save
Testing Email Delivery
Send Test Email
- Have client send email from their mailbox
- Send to your own email (Gmail, Outlook, etc.)
- Check if received
- Check if in spam folder
- View email headers to verify SPF/DKIM pass
Using Mail-Tester
- Go to mail-tester.com
- Copy the unique email address shown
- Send email from client's mailbox to that address
- Click "Then check your score"
- Review results - aim for 10/10
- Fix any issues highlighted
Reading Email Headers
In Gmail: Open email → 3 dots menu → "Show original"
Look for:
SPF: PASS
DKIM: PASS
DMARC: PASS
All should show PASS for proper authentication.
Quick Reference
| Record Type | Purpose | Common Issue |
|---|---|---|
| MX | Route incoming mail | Not set = emails bounce |
| SPF | Authorize sending servers | Missing = emails marked as spam |
| DKIM | Email signature | Invalid = fails authentication |
| DMARC | Email policy | Not set = less deliverability |
| A (mail) | Webmail access via custom subdomain | Optional, cosmetic |
Support Workflow
When client orders email service:
- ✅ Check if we manage their DNS
- ✅ If yes: Add records ourselves
- ✅ If no: Generate DNS records from SmarterMail
- ✅ Send to client with instructions
- ✅ Wait 24-48 hours
- ✅ Verify records with mxtoolbox.com
- ✅ Test email sending/receiving
- ✅ Confirm setup complete to client
Documentation to send clients:
- This DNS guide
- Link to mxtoolbox.com for verification
- Registrar-specific instructions if available