DNS Configuration Guide
Set up DNS records for optimal email delivery
Overview
Proper DNS configuration is essential for email delivery. You'll need to set up:
Route incoming email to your server
Authorize your server to send email
Sign emails cryptographically
Policy for handling failed authentication
Adding Email Domains
Before configuring DNS, add your domain in your Mailat instance:
- 1
Log in to your Mailat server (e.g., yourname.mailat.co)
- 2
Navigate to Settings → Email Domains
- 3
Click Add Domain and enter your domain (e.g., yourdomain.com)
- 4
Copy the DNS records shown and add them to your DNS provider
Tip: Mailat will automatically generate the correct DNS records for your domain. You just need to copy them to your DNS provider.
Required DNS Records
| Type | Name/Host | Value | Purpose |
|---|---|---|---|
MX | @ | mail.yourdomain.com | Points incoming mail to your server |
A | Your server IP | Points mail subdomain to server | |
TXT | @ | v=spf1 include:amazonses.com ~all | SPF record for email authentication |
TXT | _dmarc | v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com | DMARC policy for email protection |
DKIM Configuration
DKIM (DomainKeys Identified Mail) cryptographically signs your emails to prove they came from your domain.
AWS SES DKIM Records
When you verify a domain in AWS SES, it provides 3 CNAME records for DKIM:
Type: CNAME
Name: abc123._domainkey.yourdomain.com
Value: abc123.dkim.amazonses.com
Type: CNAME
Name: def456._domainkey.yourdomain.com
Value: def456.dkim.amazonses.com
Type: CNAME
Name: ghi789._domainkey.yourdomain.com
Value: ghi789.dkim.amazonses.comCopy the exact DKIM records from your AWS SES console or Mailat dashboard. The values shown above are examples.
SPF Configuration
SPF (Sender Policy Framework) specifies which servers are allowed to send email for your domain.
SPF Record for AWS SES
Type: TXT
Name: @ (or leave blank)
Value: v=spf1 include:amazonses.com ~allCombining with Existing SPF
If you already have an SPF record, merge them (you can only have one SPF record):
# Before (existing SPF):
v=spf1 include:_spf.google.com ~all
# After (merged):
v=spf1 include:_spf.google.com include:amazonses.com ~allDMARC Configuration
DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receiving servers what to do with emails that fail SPF or DKIM checks.
Recommended DMARC Record
Type: TXT
Name: _dmarc
Value: v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.comDMARC Policy Options
p=noneMonitor only (receive reports, no action)p=quarantineSend failed emails to spam (recommended start)p=rejectReject failed emails completely (most strict)
Tip: Start with p=none or p=quarantine to monitor before moving to p=reject.
Verifying Your Setup
After adding DNS records, verify they're configured correctly:
1. Wait for Propagation
DNS changes can take up to 48 hours to propagate, but usually complete within 1-2 hours.
2. Check in Mailat
Your Mailat dashboard will show verification status for each DNS record.
3. Use Online Tools
- • MX Toolbox - Check MX, SPF, DKIM, DMARC
- • Mail Tester - Test email deliverability
- • DMARC Inspector - Verify DMARC setup
Troubleshooting
DNS records not showing up
- Wait for DNS propagation (up to 48 hours)
- Clear your local DNS cache
- Double-check record syntax in your DNS provider
Emails going to spam
- Verify all DNS records (SPF, DKIM, DMARC) are correct
- Check your domain's reputation
- Avoid spam trigger words in email content
- Ensure you're sending from a verified domain
DKIM verification failing
- Ensure CNAME records are exact (no extra spaces)
- Some DNS providers add the domain automatically - don't double it
- Wait for AWS SES to show "Verified" status
All Done!
Once your DNS records are verified, you're ready to start sending and receiving email with Mailat.