How DNS and Email Work Together

One of the most overlooked and least discussed DNS topics is how the domain name system affects email and online communication. Considering that email is a leading factor in customer acquisition and retention and a critical component for internal communication, it should be the opposite. In this resource, we’ll cover how DNS and email work together.

DNS Crash Course: What Is It and How Does It Work

Any device that connects to the web uses the domain name system (DNS)—this includes computers, phones, gaming systems, smart appliances, cars—you name it. Without DNS, no one could find your website or application on the internet. 

The main function of DNS is to convert domain names into IP addresses. This is how your device knows “where to go.” So in a sense, DNS is like GPS for the internet. Any time a user enters a website into their browser, a DNS lookup is initiated and the query journey begins.  This involves several DNS servers that are positioned around the globe.

• Recursive/Resolver
• Root 
• Top level Domain (TLD) 
• Authoritative 
  

There are numerous factors that affect a query journey, but in most cases,  the lookup process begins with a recursive resolver and ends with the authoritative nameserver for the requested website or application. The authoritative server always holds the most up-to-date DNS information, and thus, provides the final answer for web requests.

Tip: Check out our Authoritative and Recursive DNS: What’s the Difference blog for a deeper dive into the DNS process.

How Email Requires DNS

In the above crash course, you learned the basics of DNS. Now let’s add email to the mix. Every email sent also generates a DNS lookup. And just like a domain name, each email address needs to map to an IP address. Otherwise, mail servers wouldn’t know where to deliver the “package.”

Emails follow the same format regardless of the email host. They always include a user name or ID and a domain name:

User ID at domain name = info@example.com

This format tells mail servers who and where the email should be delivered to. Without DNS, email couldn’t function properly, which would be catastrophic for organizations that rely heavily on online correspondence.

But that’s not all.

Technologies that help with email security also rely on DNS, such as DomainKeys Identified Mail (DKIM) and sender policy frameworks (SPF). But before we get deeper into the DNS side of things, let’s take a quick look at mail servers. 

Types of Mail Servers

All emails are sent via mail servers, which are the equivalent of postal mail carriers. The only difference is that the mail is delivered to electronic addresses rather than physical ones. Email runs on the following server types:

1. SMPT
   Simple Mail Transfer Protocol (SMPT) is used for outgoing mail and is part of the TCP/IP application layer. This protocol works with the Mail Transfer Agent (MTA) running on your mail server to ensure messages are sent to the proper address.
2. POP3
   Post Office Protocol, version 3 (POP3) is most commonly used for storing sent and received mail on local drives and/or servers. Once a user downloads the mail message, it is removed from the server.
3. IMAP
   Internet Message Access Protocol (IMAP) stores copies of messages on the server, rather than on a computer or device. This lets a user access files from emails from any device, as well as lets them organize mail without downloading beforehand.
   

Mail servers work in conjunction with DNS servers. When an end user sends an email, they are actually querying a server. In order for a mail server to deliver the message, it needs to know where to send it—that’s where DNS comes in. The DNS records configured for the domain the email is attached to hold the destination address.

Common Record Types for Email Marketers and Online Communication

Now that you know more about how mail and DNS servers work together, let’s take a look at the record types commonly used for domain emails.

A Record (or AAAA)

‍An A record is the most commonly used record type. Most DNS servers require that domains have an A record to function, as without one, your domain couldn’t be resolved properly.

MX Record

An MX record tells mail servers where to deliver messages. These DNS records always map to an A record and it’s best practice to configure multiple ones for redundancy. If no MX record is found for a domain, a server will attempt to send messages to the IP address of your A record. While MX records aren’t a hard requirement for emails, they are highly recommended

Reverse DNS (PTR Record)

The Pointer Record (PTR) is used for reverse DNS and is a security measure that is critical to emails and email marketing. Mail servers use reverse DNS to perform anti-spam checks by matching an IP address to a domain name—literally, a DNS lookup reversed. With a PTR record, mail servers can ensure the forward and reverse DNS lookup matches the fully qualified domain name (FQDN) of an email header.

SPF (TXT record)

An SPF record is a text (TXT) record that defines domain policies. For emails, it helps mail servers identify are allowed to send an email for your domain. SPFs assist in preventing criminals from sending forged “from” messages from your domain address.

DKIM Record

DomainKeys Identified Mail (DKIM) records validate ownership of emails and confirm a message hasn’t been altered. This is done via a pair of private and public keys that add encrypt and decrypt signatures in an email header. 

DMARC Record

Domain-based Message Authentication, Reporting, and Conformance (DMARC) are used to define a domain’s email authentication policies. It shields both recipients and senders from phishing, spoofing, and spam. 

Common Email Security Threats and How to Avoid Them With DNS

Of course, with popularity also comes drama. In the case of emails, it’s cybercriminals who want to crash your party. The most common types of email threats are:

• Spamming
• Spoofing
• Phishing
  

These attacks are designed to lure your unsuspecting customers into providing sensitive information about themselves or to infect their system with malware or a virus. Unfortunately, emails are a great opportunity to achieve this. 

Luckily, there are several ways you can secure your emails on the DNS level, which involve some of the records mentioned above:

• PTR records (reverse DNS)
• SPF records
• DKIM records
• DMARC records
  

These records provide security measures that can protect your domain and your customers. Without a PTR record, there’s a good chance your email will be rejected or sent to spam, so that’s a no-brainer for organizations that rely heavily on email. But it’s also best practice to use PTR, SPF, DKIM, and DMARC records together because combined, they greatly enhance email security.

Common Email Errors and How You Can Fix Them 

Even the best-laid plans can snag. And one of the most frustrating issues that can arise is email-related errors. If they aren’t stemming from your email client or email marketing software, these errors can seem especially daunting. 

While DNS doesn’t affect your mail too much once everything is configured, there are a few things that can happen. For instance, if you make a change to a record relating to your domain’s email, you will likely be affected by propagation time. At Constellix, any DNS record change you make is instantly propagated across all of our global nameservers. However, depending on the time to live (TTL) settings of your DNS records, it may take other servers some time to catch up. This means some of your emails may be sent to an old address or become undeliverable for a short period of time. Planning ahead and adjusting TTL in advance can go a long way in helping with propagation issues.

Now let’s take a look at some common email errors.

• SMTP Error 421: Reverse DNS for IP Failed
  Fix: Verify reverse DNS has been set up for the sending IP address
• SMTP Error 554: Reverse DNS doesn’t exist
  This error means that mail servers think your email is spam or that you’re operating from a blacklisted IP address.
  Fix: Create a PTR record
• SMTP 550: Suspect invalid mailer domain - No A or MX record (or invalid)
  Fix:  Validate existing records and check the configurations of your SPF and DKIM records
  

Any time you get an email error related to DNS, always confirm the spellings in your records are correct. You would be surprised how often a tiny typo can create huge problems on the DNS front.

The TL;DR of Email and DNS

While emails run on mail servers, DNS is still very much a part of how messages are delivered. Just like when you enter a website into a browser, each email sent generates a query and must resolve to an IP address. DNS records are what tell mail servers where to deliver messages. Records also play a large role in email security. When properly configured, they can help protect your emails from spamming, phishing, and spoofing.

Related Topics:
What is a Mail Server?

Common Email Bouncebacks

Reverse DNS: The Secret Behind Email Marketing Deliverability

Mail Delivery and Spam Prevention with DNS