DNS and Authentication
Email providers use DNS records to decide whether your domain is authorized to send mail.
PING8 helps you configure and verify these records before sending.
Records at a glance
| Record | Purpose |
|---|---|
| A | Points mail.yourdomain.com or another mail host to your server IP. |
| MX | Tells the internet where inbound mail for your domain should go. |
| SPF | Lists systems allowed to send mail for the domain. |
| DKIM | Publishes a public key used to verify message signatures. |
| DMARC | Tells providers what to do when SPF or DKIM alignment fails. |
| PTR / rDNS | Maps an outbound IP back to a hostname. This is set at the server or IP provider. |
Recommended setup order
- Add the domain in PING8.
- Copy DNS values from the DNS Records modal.
- Add A and MX records.
- Add one SPF TXT record.
- Add DKIM TXT record.
- Add one DMARC TXT record.
- Configure PTR/rDNS with the server provider.
- Click Records set, verify DNS resolution.
DMARC rollout
Start with monitoring while testing:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.comMove to quarantine or reject only after you know all legitimate senders pass authentication.
Common mistakes
- Creating more than one SPF record at the same host.
- Creating more than one DMARC record at
_dmarc. - Proxing mail records through Cloudflare instead of using DNS-only.
- Using the wrong DKIM host name, such as duplicating the domain.
- Expecting PTR/rDNS to be edited in DNS. PTR is usually controlled by the IP provider.