Subnet Mask Cheat SheetRecords Cheat SheetGeoDNS ExplainedFree Network TroubleshooterKnowledge BasePricing CalculatorLive CDN PerformanceVideo Demos
BlogsNewsPress ReleasesIT NewsTutorials
Give us your email and we'll send you the good stuff.
Heather Oliver is a Technical Writer for Constellix and DNS Made Easy, subsidiaries of Tiggee LLC. She’s fascinated by technology and loves adding a little spark to complex topics. Want to connect? Find her on LinkedIn.
One of the most overlooked and least discussed DNS topics is how the domain name system affects email and online communication. Considering that email is a leading factor in customer acquisition and retention and a critical component for internal communication, it should be the opposite. In this resource, we’ll cover how DNS and email work together.
Any device that connects to the web uses the domain name system (DNS)—this includes computers, phones, gaming systems, smart appliances, cars—you name it. Without DNS, no one could find your website or application on the internet.
The main function of DNS is to convert domain names into IP addresses. This is how your device knows “where to go.” So in a sense, DNS is like GPS for the internet. Any time a user enters a website into their browser, a DNS lookup is initiated and the query journey begins. This involves several DNS servers that are positioned around the globe.
There are numerous factors that affect a query journey, but in most cases, the lookup process begins with a recursive resolver and ends with the authoritative nameserver for the requested website or application. The authoritative server always holds the most up-to-date DNS information, and thus, provides the final answer for web requests.
Tip: Check out our Authoritative and Recursive DNS: What’s the Difference blog for a deeper dive into the DNS process.
In the above crash course, you learned the basics of DNS. Now let’s add email to the mix. Every email sent also generates a DNS lookup. And just like a domain name, each email address needs to map to an IP address. Otherwise, mail servers wouldn’t know where to deliver the “package.”
Emails follow the same format regardless of the email host. They always include a user name or ID and a domain name:
User ID at domain name = firstname.lastname@example.org
This format tells mail servers who and where the email should be delivered to. Without DNS, email couldn’t function properly, which would be catastrophic for organizations that rely heavily on online correspondence.
But that’s not all.
Technologies that help with email security also rely on DNS, such as DomainKeys Identified Mail (DKIM) and sender policy frameworks (SPF). But before we get deeper into the DNS side of things, let’s take a quick look at mail servers.
All emails are sent via mail servers, which are the equivalent of postal mail carriers. The only difference is that the mail is delivered to electronic addresses rather than physical ones. Email runs on the following server types:
Mail servers work in conjunction with DNS servers. When an end user sends an email, they are actually querying a server. In order for a mail server to deliver the message, it needs to know where to send it—that’s where DNS comes in. The DNS records configured for the domain the email is attached to hold the destination address.
Now that you know more about how mail and DNS servers work together, let’s take a look at the record types commonly used for domain emails.
An A record is the most commonly used record type. Most DNS servers require that domains have an A record to function, as without one, your domain couldn’t be resolved properly.
An MX record tells mail servers where to deliver messages. These DNS records always map to an A record and it’s best practice to configure multiple ones for redundancy. If no MX record is found for a domain, a server will attempt to send messages to the IP address of your A record. While MX records aren’t a hard requirement for emails, they are highly recommended
The Pointer Record (PTR) is used for reverse DNS and is a security measure that is critical to emails and email marketing. Mail servers use reverse DNS to perform anti-spam checks by matching an IP address to a domain name—literally, a DNS lookup reversed. With a PTR record, mail servers can ensure the forward and reverse DNS lookup matches the fully qualified domain name (FQDN) of an email header.
An SPF record is a text (TXT) record that defines domain policies. For emails, it helps mail servers identify are allowed to send an email for your domain. SPFs assist in preventing criminals from sending forged “from” messages from your domain address.
DomainKeys Identified Mail (DKIM) records validate ownership of emails and confirm a message hasn’t been altered. This is done via a pair of private and public keys that add encrypt and decrypt signatures in an email header.
Domain-based Message Authentication, Reporting, and Conformance (DMARC) are used to define a domain’s email authentication policies. It shields both recipients and senders from phishing, spoofing, and spam.
Of course, with popularity also comes drama. In the case of emails, it’s cybercriminals who want to crash your party. The most common types of email threats are:
These attacks are designed to lure your unsuspecting customers into providing sensitive information about themselves or to infect their system with malware or a virus. Unfortunately, emails are a great opportunity to achieve this.
Luckily, there are several ways you can secure your emails on the DNS level, which involve some of the records mentioned above:
These records provide security measures that can protect your domain and your customers. Without a PTR record, there’s a good chance your email will be rejected or sent to spam, so that’s a no-brainer for organizations that rely heavily on email. But it’s also best practice to use PTR, SPF, DKIM, and DMARC records together because combined, they greatly enhance email security.
Even the best-laid plans can snag. And one of the most frustrating issues that can arise is email-related errors. If they aren’t stemming from your email client or email marketing software, these errors can seem especially daunting.
While DNS doesn’t affect your mail too much once everything is configured, there are a few things that can happen. For instance, if you make a change to a record relating to your domain’s email, you will likely be affected by propagation time. At Constellix, any DNS record change you make is instantly propagated across all of our global nameservers. However, depending on the time to live (TTL) settings of your DNS records, it may take other servers some time to catch up. This means some of your emails may be sent to an old address or become undeliverable for a short period of time. Planning ahead and adjusting TTL in advance can go a long way in helping with propagation issues.
Now let’s take a look at some common email errors.
Any time you get an email error related to DNS, always confirm the spellings in your records are correct. You would be surprised how often a tiny typo can create huge problems on the DNS front.
While emails run on mail servers, DNS is still very much a part of how messages are delivered. Just like when you enter a website into a browser, each email sent generates a query and must resolve to an IP address. DNS records are what tell mail servers where to deliver messages. Records also play a large role in email security. When properly configured, they can help protect your emails from spamming, phishing, and spoofing.
What is a Mail Server?
Sign up for news and offers from Constellix and DNS Made Easy