Configuring DNS for email: A nontechnical beginner’s guide

Share this post

This article was written to help non-developers understand some of the technologies we use to help emails you send reach their intended recipients.

Did you know I can send you an email from or

Yep. This is why there is so much spam in the world. Anyone can pretend to be anyone and spoof their email. There is no security on sending. It’s the servers that receive emails that have to do all the work to protect people’s inboxes from spam.

Every email received is processed. Maybe it’s deleted before the recipient ever sees it. Maybe it’s shoved into the spam folder, never to see the light of day. Or, if everything goes well, it could make its way into the inbox of the intended recipient. We click, we send, we score!  

Amazing soccer goal

As the owner of a domain, you want emails you send to have the best possible chance of making it to the inbox of whoever you send it to. Maybe you sent a single email or maybe you sent a thousand marketing emails through MailChimp. DNS configuration can help both of these situations.

It comes down to educating the receiving server. All emails are received by an email server. And these servers WANT to know what emails are spam and which aren’t. They usually get it right too. You can help teach these servers about your domain with your DNS.

When you own a domain, you can control its DNS.  DNS is information about your domain. Where the website lives, where to send emails ending in, who owns the domain, etc.

DNS records that teach the internet about your email

  • SPF – this tells the internet which servers can send email on behalf of your domain. Maybe you only send email through, Mailchimp, and from a contact form on your website. Well, with the power of SPF, you can tell the world exactly that. Really… there’s an EXACT way to tell every email server on the planet this exact knowledge. 
  • DKIM – Web security specialists are a suspicious lot. And they don’t trust nothing from nobody. SPF tells the world who can send emails on your behalf. But those places could be a fake, a spoof, a forgery I tell you. But IT security people don’t fret. DKIM is a way for a server to prove it is the server it says it is. Combined with SPF, an email server receiving an email can know if the sender is authorized AND that the sending server is not spoofed. 
  • DMARC – So SPF and DKIM are you shouting to the world who can send on your behalf. DMARC gives the world the ability to shout back. By setting this up, Gmail, Outlook, Yahoo, Comcast, and so many others will notify you how they view emails from If someone is spoofing your domain and pretending to be you, this will tell you. Did Bob in marketing start sending emails through MailChimp and not tell anyone? DMARC will tell you. Domains that have this setup can see a huge decrease in fraud and increase in reputation. It’s important to understand that DMARC isn’t just a setting to turn on. It’s a process that takes hours across many weeks.

What I tell CUstomers

I haven’t lost you yet? Awesome! While all these technologies above have their purpose, not every customer needs them all immediately.

I tell customers that they should definitely have SPF. It’s been around for more than a decade. It’s simple and safe to set use. Most customers are happy once SFP is configured and we don’t need to do more.

DKIM is generally not too hard to set up, but can sometimes be a pain. It also needs to be configured for each location sending email.

DMARC is a process, not a setting. It can take a week to see an effect from this. But in some situations, it’s the only recourse to fix the issue. I normally spend the time on this only for customers that are experiencing certain issues or have certain volumes and types of emails that they send out. 

How quickly do these tools work

We live in a world of instantaneous technology. Sometimes that instantaneous aspect can take about a week to happen.

SPF and DKIM’s benefits can often be seen within minutes to a couple of hours with major email providers like Outlook and Gmail.

DMARC, however, usually takes about a week to see the benefits.

What to do next

This is going to sound a little salespitchy. OK, it’s going to sound REALLY salespitchy.

The answer is to contact CommonPlaces. We’ve dealt with all these technologies for hundreds of domains over the years. We’ve encountered just about every fluke and edge-case you can imagine. Plus we understand how these technologies interact with other technologies to help you even more with email deliverability.

Let us handle the technical while you focus on your business.

CTA Website Security Checklist

Related Posts

The Dilemma of Estimates

The Dilemma of Estimates

Estimates serve as the cornerstone of any website project, providing clients with a roadmap for budgeting, planning, and expectation management. They offer a glimpse into the intricate tapestry of tasks, timelines, and resources needed to bring a website to life.

Config Sync Overview

Config Sync Overview

When Drupal 8 was released, it came with Configuration Syncing functionality. This has been a staple ever since for Drupal 9, Drupal 10, and beyond. Configuration Syncing was a game changer and one of my favorite features in Drupal Core.The days before config sync...