Ücretsiz Bulut Danışmanlığı
+90 850 346 4821
Bana Ulaşın
Bana Ulaşın
  • Home
  • Alan Adı
  • Set Up Professional Email on Your Domain with MX, SPF, DKIM and DMARC
set-up-professional-email-on-your-domain-with-mx-spf-dkim-and-dmarc

Set Up Professional Email on Your Domain with MX, SPF, DKIM and DMARC

by Berkay Bulut
Alan Adı Hosting
Kasım 22, 2025
12:18 am

Sharing is caring!

Why Professional Email on Your Own Domain Matters

Using an address like name@yourcompany.com instead of a free webmail account is one of the simplest ways to look professional online. It builds trust with customers, reduces confusion, and gives you full control over your brand. But professional email is not just about changing what comes after the @ sign. To make sure your messages are delivered reliably and don’t end up in spam, you need to configure your DNS records correctly: MX, SPF, DKIM and DMARC.

In infrastructure planning workshops with small businesses, I often see the same pattern: the website is live, the domain is active, but email is still running on a personal account. Once we move email to their own domain and properly configure DNS, support tickets drop, invoices stop disappearing into spam, and the team finally has consistent addresses. In this guide, I’ll walk you through each step, from pointing your MX records to securing your domain with SPF, DKIM and DMARC, using the same practical approach I use when deploying systems in data centers.

Prerequisites: What You Need Before Configuring Email DNS Records

Before you touch MX, SPF, DKIM or DMARC, make sure a few basics are in place. Skipping these is one of the most common reasons people get stuck.

  • A registered domain name that you control.
  • Access to your DNS management panel (this is usually provided by your domain registrar or hosting provider).
  • An email service for your domain: either a hosted email service or your own mail server running on a VPS or dedicated server.
  • Basic understanding of DNS (what records are and how they work).

If the concepts of A, CNAME, MX and TXT records are still a bit fuzzy, I strongly recommend reading this overview first: What Are DNS Records? A, AAAA, CNAME, MX, TXT and SPF Explained. It will give you the foundation you need before working with email-specific records.

If you’re still deciding where to host your website and email, you can start with a solid, general hosting overview here: what web hosting actually is and how it works. Providers like DCHost can give you both hosting and DNS management in one place, which simplifies email setup significantly.

Understanding MX, SPF, DKIM and DMARC in Plain Language

You will see these four acronyms everywhere when dealing with professional email. Here is what they actually do, without the marketing buzzwords.

MX Records: Where Your Email Should Be Delivered

MX (Mail Exchanger) records tell the internet which server is responsible for receiving email for your domain. When someone sends a mail to you@yourdomain.com, their mail server looks up the MX record of yourdomain.com to know where to deliver it.

  • They do not store your emails.
  • They just point to the mail server that will handle them.
  • They always point to a hostname, not directly to an IP.

SPF: Who Is Allowed to Send Email for Your Domain

SPF (Sender Policy Framework) is a TXT record that lists which servers are allowed to send email claiming to be from your domain. Think of it as a public “allowed senders” list.

  • If an email comes from a server not listed in your SPF record, many providers will treat it as suspicious.
  • SPF is one of the first checks spam filters run.

DKIM: Digital Signatures for Your Emails

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every email sent from your domain. The recipient’s server checks that signature against a public key you publish in DNS.

  • If the signature is valid, it proves that the message was authorised and not modified in transit.
  • DKIM is critical for passing modern spam filters, especially for transactional and marketing emails.

DMARC: Your Policy for Failed SPF/DKIM Checks

DMARC (Domain-based Message Authentication, Reporting and Conformance) tells receiving servers what they should do when an email using your domain fails SPF and/or DKIM checks.

  • You can choose to just monitor (no enforcement), quarantine (treat as spam) or reject (block) such emails.
  • DMARC can also send you reports, so you see who is sending email on behalf of your domain.

If you want a broader DNS management perspective, including how these record types interact, have a look at this guide on managing A, CNAME, MX, TXT and more.

Step-by-Step: Configure MX Records for Your Domain

Let’s start with MX records, because without them, your domain simply cannot receive email.

1. Get MX Information from Your Email Provider

If you use a hosted email service or hosting provider, they will give you one or more MX records like:

  • Priority: 10, Host: mail.yourprovider.com
  • Priority: 20, Host: backup.yourprovider.com

If you run your own mail server on a VPS or physical server, you’ll typically create an A record such as mail.yourdomain.com → your mail server IP, then set your MX record to mail.yourdomain.com.

2. Add MX Records in Your DNS Panel

  1. Log in to your DNS management panel (at your registrar, DCHost, or wherever your nameservers are hosted).
  2. Find the section for MX records.
  3. Add a new MX record for your root domain (often written as @).
  4. Set the priority and mail server hostname exactly as provided by your email service.
  5. Set a reasonable TTL (e.g., 3600 seconds = 1 hour).

Remember: MX records must point to a hostname, not directly to an IP address.

3. Wait for DNS Propagation and Test

DNS changes are not instant. They usually propagate within minutes to a few hours. After updating your MX records, test them with:

  • Command-line tools like dig or nslookup.
  • Online MX lookup tools that show which records are active globally.

Once MX is confirmed, send a test email both ways (to and from your new address) and verify delivery.

Setting Up an Effective SPF Record

Without SPF, almost anyone can send email pretending to be your domain. With a sloppy SPF configuration, your own legitimate messages may land in spam. Here’s how to do it correctly.

1. List All Services That Send Email for Your Domain

Think carefully about every place emails can originate from using @yourdomain.com:

  • Your main email service or mail server.
  • Your website or CMS (for contact forms, order confirmations, password resets).
  • Marketing platforms or newsletter tools.
  • CRM or support systems that send emails with your domain in the From address.

Missing even one of these can cause SPF failures and spam issues.

2. Build Your SPF Record

SPF is stored as a TXT record on your domain. A basic example might look like:

v=spf1 mx a ip4:203.0.113.24 include:mailservice.example -all

Breaking this down:

  • v=spf1 – SPF version.
  • mx – Allow servers listed in your MX records.
  • a – Allow the server pointed to by your main A record (often your web server).
  • ip4:203.0.113.24 – Allow a specific IPv4 address (e.g., your mail server).
  • include:mailservice.example – Allow servers listed in another provider’s SPF record (e.g., marketing platform).
  • -all – Reject anything not matching the rules above.

In the early stages, you may choose ~all (soft fail) instead of -all (hard fail) while you verify that nothing legitimate is being blocked.

3. Add the SPF TXT Record to DNS

  1. In your DNS panel, add a new TXT record for your root domain (@).
  2. Paste your SPF string (starting with v=spf1).
  3. Save and wait for propagation.

You should only have one SPF record per domain. If your provider suggests “just add this second SPF record”, merge it into your existing one instead.

4. Test SPF Alignment

Send an email from your domain to a mailbox where you can view message headers (for example, a personal test account). Check the headers for lines like Received-SPF or spf=pass. This shows whether your SPF record is working as expected.

Securing Outgoing Mail with DKIM

DKIM significantly improves your reputation and makes it much harder for attackers to tamper with messages or impersonate your domain.

1. Generate DKIM Keys

Most hosted email providers generate DKIM keys for you and simply ask you to add a TXT record. If you run your own mail server, you’ll generate a key pair (public and private keys) using tools like opendkim-genkey or equivalent.

  • The private key stays on your mail server and is used to sign outgoing emails.
  • The public key goes into your DNS as a TXT record.

2. Understand the DKIM Selector

DKIM uses a selector to allow multiple keys per domain. The selector is part of the DNS record name, like:

selector1._domainkey.yourdomain.com

Your email provider (or your own configuration) will tell you which selector to use. This makes it easy to rotate keys later without downtime.

3. Publish the DKIM TXT Record

  1. In your DNS panel, create a TXT record with the name given, typically something like selector1._domainkey.
  2. Paste the DKIM public key string your provider gave you (it will start with v=DKIM1;).
  3. Save and wait for propagation.

Make sure there are no extra spaces or line breaks when you copy-paste; a malformed DKIM record is a common mistake.

4. Test DKIM Signatures

Once DNS has updated, send a test email and inspect the message headers. You should see a header like:

DKIM-Signature: v=1; a=rsa-sha256; d=yourdomain.com; s=selector1; ...

Look for dkim=pass in the receiving system’s authentication results. Many online tools also let you paste raw headers to confirm DKIM status.

Protecting Your Brand with DMARC

DMARC ties SPF and DKIM together and gives you policy control and visibility. It’s the final piece that turns your email setup from “working” into “professionally managed”.

1. Start in Monitoring Mode

Your first DMARC record should almost always be monitoring-only. This lets you see who is sending email using your domain before you enforce any blocking.

A typical starting DMARC record looks like this:

v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com; fo=1

  • v=DMARC1 – DMARC version.
  • p=none – Monitor only, do not quarantine or reject.
  • rua – Address where aggregate reports are sent.
  • fo=1 – Request detailed failure reports.

Create a mailbox like dmarc-reports@yourdomain.com to receive these reports. They are XML files that show which IPs and services are sending email on behalf of your domain.

2. Add the DMARC TXT Record

  1. In DNS, create a TXT record for the name _dmarc (so the full name becomes _dmarc.yourdomain.com).
  2. Paste your DMARC policy string starting with v=DMARC1.
  3. Save and wait for propagation.

3. Analyse Reports and Tighten Policy

For a few weeks, review incoming DMARC reports. You want to see:

  • Your legitimate servers passing SPF and/or DKIM.
  • Unknown sources, which might be misconfigured services or malicious senders.

Once you’re confident everything legitimate passes, you can move to stricter policies:

  • p=quarantine – Tell receivers to treat failed messages as spam.
  • p=reject – Tell receivers to reject failed messages outright.

Move gradually: from none to quarantine, and finally to reject, monitoring the impact at each step.

Testing, Troubleshooting and Ongoing Maintenance

Once everything is configured, don’t just forget about it. Email ecosystems, providers and your own infrastructure change over time.

1. Use Multiple Testing Tools

To validate MX, SPF, DKIM and DMARC, use a combination of:

  • Online checkers that analyse your domain’s DNS records.
  • Test inboxes on different providers to see real-world spam behaviour.
  • Command-line tools (dig, nslookup) for precise DNS debugging.

If you’re managing more complex DNS environments, the techniques from this in-depth DNS management guide can save you a lot of time when troubleshooting.

2. Common Problems and Fixes

  • Emails not delivered at all: Check MX records are correctly set and that they point to a valid hostname with a working A/AAAA record.
  • Emails going to spam: Verify SPF and DKIM alignment; ensure the sending IPs are in SPF and that DKIM signatures pass.
  • Multiple SPF records: Merge all SPF details into one record; having more than one breaks SPF.
  • DKIM fails randomly: Check for key rotation issues or DNS TTLs causing mismatched keys.

3. Self-Hosted Mail Server? Secure It Properly

If you run your own mail server on a VPS or dedicated server, security is absolutely critical. Open relays or compromised servers will destroy your reputation and get your domain blacklisted quickly. I strongly recommend following a thorough security baseline such as the practices in this step-by-step VPS security guide before you expose any mail services to the internet.

4. Review DNS and Policies Regularly

As your stack evolves, you might add new tools (marketing, CRM, help desk) that send email on your behalf. Each time this happens, you must update:

  • SPF – to include new sending IPs or provider includes.
  • DKIM – to add new selectors for new services.
  • DMARC – to keep reports flowing and adjust enforcement if needed.

If you prefer a Turkish-language walkthrough of basic email setup, you can also check this article on setting up professional email with your domain name and then use this guide to deepen the DNS security side.

Conclusion: Turn Your Domain into a Reliable, Trusted Email Identity

Setting up professional email on your own domain is more than a cosmetic upgrade. Done properly, with correctly configured MX, SPF, DKIM and DMARC, it becomes a core part of your infrastructure: reliable, secure and aligned with your brand. Once everything is in place, you should see fewer lost messages, fewer spam issues and a much stronger impression on customers and partners.

The process might seem detailed the first time, but each step is straightforward when you break it down: point MX records to the right server, define who can send (SPF), sign your messages (DKIM) and tell the world how to treat failures (DMARC). Whether you host on a provider like DCHost or run your own mail server, investing a couple of hours into this configuration will pay off for years in terms of deliverability and trust.

If you are planning broader changes to your hosting or DNS environment, such as moving providers or restructuring servers, it is worth aligning your email changes with that work. For example, when you migrate your website to new hosting with zero downtime, you can plan DNS updates for email at the same time. The key is treating email as a first-class citizen in your architecture, not an afterthought.

Berkay Bulut

More posts by Berkay Bulut
Yeni Paylaşılanlar
Clear Filters
Featured image for How to Choose Data Center Location and Server Region for Better SEO and Website Speed article
How to Choose Data Center Location and Server Region for Better SEO and Website Speed
Alan Adı Hosting WordPress
By Berkay Bulut
 - 
23 Kasım 2025
How to Choose Data Center Location and Server Region for Better SEO and Website Speed

Choosing the right data center location and server region is one of those decisions that quietly shapes everything about your…

Read More
Veri Merkezi Lokasyonu ve Sunucu Bölgesi Seçimi konusunu açıklayan infografik
Veri Merkezi Lokasyonu ve Sunucu Bölgesi Seçimi
Alan Adı Hosting WordPress
By Berkay Bulut
 - 
23 Kasım 2025
Veri Merkezi Lokasyonu ve Sunucu Bölgesi Seçimi

Veri Merkezi Lokasyonu ve Sunucu Bölgesi Seçimi Neden Bu Kadar Önemli? Bir web projesi planlarken genelde alan adı, tema, SEO…

Read More

Yorum Yapın

Bağlantılı Makaleler