You’ve heard DNS email records help you increase email deliverability and avoid spam filters. Indeed, you need to set up DNS records for your email domain to verify your sender identity and meet the requirements of subscribers’ email providers.
Luckily, the process isn’t as complicated as it seems.
In this article, we’ll answer all your questions about DNS management, talk about the main types of DNS email records, and walk you through the easiest way to set up DNS authentication.
What are DNS records in email?
A Domain Name System (DNS) email record lives in a database and provides information about an email-sending domain and IP addresses associated with that domain. It usually includes instructions on how to handle requests for that domain.
There are many types of DNS records:
- A record
- AAAA record
- CNAME record
- DNS MX record
- TXT record
- PTR record
- NS record
But to verify your domain and authenticate your emails you need the TXT type of DNS records. It’s where you enter instructions for email servers such as the name of the protocol to follow, IP addresses to associate with the domain, and so on.
Where do you find your DNS records?
You can review, modify, or create new DNS records in your domain hosting platform. The exact location of DNS records will vary across platforms — below, you’ll find instructions for accessing DNS records within the most popular email hosting services.
If you have a Google Domains account, start by selecting the domain you want to set up DNS records for. In the sidebar, click DNS, and you’re ready to configure your records:
To find your DNS records in GoDaddy, go to the list of domain names and select the domain name you want to configure. Click the three dots icon and select Manage DNS:
If your domain is hosted on Gandi, you just need to select the Domain section in the sidebar and then click DNS Records:
Why do you need DNS records?
DNS records are used in two processes: domain verification and email authentication.
When set up correctly, DNS TXT records secure your sender reputation, keep your emails out of the spam folder, and save you from spoofing attacks.
DNS records for domain verification
To send marketing emails, you need to verify your ownership of the domain you’re associating with the email service. You do that by adding a specific DNS TXT record to your domain hosting account.
Here’s how easy it is to add a DNS TXT record for domain verification in Brevo:
- You add a new domain.
- The DNS records (Brevo code and DKIM records) show up.
- You add the Brevo code to your domain host and generate a TXT record.
- Take the hostname from Brevo and paste it into the corresponding field in your DNS TXT record.
- Copy the code from the Value field and paste it into your domain host too.
- Save the new DNS record.
- Back in Brevo, click Verify. If successful, the Verified label will appear next to your domain name.
Now that you’ve verified your domain ownership, the spam folder is not a threat but it’s still not enough to ensure smooth email delivery. You need to create a few more DNS records to authenticate your emails and meet today’s email security standards.
DNS records for email authentication
Email authentication is the process of verifying the connection between the original domain and emails sent from it. To validate the origin of email messages, mail servers get the information from DNS TXT records.
Why it’s relevant to you: From the first quarter of 2024, Gmail and Yahoo enforce updated requirements for bulk email senders reaching Gmail and Yahoo Mail inboxes apply.
To reinforce spam protection, the email service providers require businesses to send only opt-in messages, enable one-click unsubscription, and authenticate their emails using all three DNS authentication protocols: SPF, DKIM, and DMARC.
A Sender Policy Framework (SPF) is a type of DNS TXT record used for email authentication. It specifies which mail servers are authorized to send emails on behalf of your domain. Email servers check SPF records to prevent email spoofing and ensure the authenticity of incoming mail.
An example of a basic SPF TXT record as you’ll see it in your in your domain’s DNS settings is:
v=spf1 include:_spf.example.com ~all
‘v=spf1’ represents the version of the SPF record, ‘include:_spf.example.com’ stands for all third parties authorized to send emails for the domain, and ‘~all’ indicates all emails from IP addresses or domains that aren’t listed in the SPF record should be rejected.
DomainKeys Identified Mail (DKIM) signatures are also stored as DNS TXT records. This authentication method adds a signature header to every email message sent from an email address.
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is the authentication protocol that gives guidelines to email receivers on how to handle messages that fail SPF or DKIM checks. DMARC records are also stored as DNS TXT records.
Set up your DNS email records with Brevo
Now that email authentication is required by major email providers, setting up proper DNS records is the only way to secure your place in subscribers’ inboxes.
With Brevo, you can set up your DNS records and authenticate your emails quick and easy, without special tech skills or outside help.
Scale your email strategy with Brevo
Free plan includes all core email features, 300 emails/day, 40+ email templates, custom signup forms, and easy DNS setup.