rodmail logo
Login
back to the blog

DNS Records for Business Email: MX, SPF, DKIM, and DMARC Setup Guide

DNS Records for Business Email: MX, SPF, DKIM, and DMARC Setup Guide

What DNS records do for your email

DNS records are the instructions that tell the rest of the internet how to handle mail for your domain: where to deliver it, who is allowed to send on your behalf, and how to spot forgeries. Get them right and your mail flows and lands in the inbox. Get them wrong and messages bounce, or quietly drop into spam. For business email you need four core records — MX, SPF, DKIM and DMARC — plus a couple of optional ones for extra security.

Important: every domain on RodMail gets its own values — your DKIM key in particular is unique to your domain. Always copy the exact records RodMail generates for you in Dashboard → Domains → DNS (each value has a copy button), rather than retyping examples from any guide.

1. MX — where your mail is delivered

The MX (Mail Exchange) record routes incoming mail to RodMail. Add a single MX record:

  • Type: MX
  • Name/Host: @ (your root domain)
  • Value: imap.rodlinehost.com
  • Priority: 10

Remove any old MX records from a previous provider — leftover MX entries are one of the most common causes of mail going to the wrong place.

2. SPF — who is allowed to send for your domain

SPF (Sender Policy Framework) lists the servers permitted to send mail using your domain, so receivers can reject spoofed messages. It's a single TXT record:

  • Type: TXT
  • Name/Host: @ (your root domain)
  • Value: v=spf1 include:secured.msg25.net ~all

You may only have one SPF record per domain. If you already send through another service (for example a CRM or newsletter tool), don't add a second SPF record — merge the includes into one line.

3. DKIM — a tamper-proof signature on every message

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to your outgoing mail so receivers can verify it really came from you and wasn't altered in transit. RodMail signs your mail with two keys and shows both in your dashboard:

  • Ed25519 (recommended) — a modern, compact key. This is the one marked Best; add it if your registrar supports it.
  • RSA (legacy) — a longer key for the small number of older receivers that don't yet understand Ed25519.

The record is a TXT entry at a selector unique to your domain (something like xxxx._domainkey), with a value beginning v=DKIM1; k=ed25519; ... or v=DKIM1; k=rsa; .... Because the key is unique to you, copy it straight from your dashboard — don't reuse another domain's value.

4. DMARC — what to do with mail that fails the checks

DMARC ties SPF and DKIM together and tells receivers how to treat mail that fails — and where to send you reports. Add a TXT record:

  • Type: TXT
  • Name/Host: _dmarc
  • Value: v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; pct=100

Start with p=quarantine (suspicious mail goes to spam) while you confirm everything is signing correctly, then tighten to p=reject once you're confident. Point rua at a mailbox you actually read so you can see who is sending as your domain.

Optional: MTA-STS and TLS-RPT (advanced)

For an extra layer of security you can enforce encrypted delivery with MTA-STS and receive encryption reports with TLS-RPT. These are optional and most businesses can add them later — RodMail lists them under the Optional section of your DNS page when you're ready.

How to add the records

You add these at your domain registrar or DNS host (GoDaddy, Namecheap, Cloudflare, etc.), not inside RodMail. The flow is the same everywhere:

  1. Open your RodMail dashboard at Domains → DNS and keep it side by side with your registrar.
  2. For each record, copy the Name and the Value using the copy buttons, and paste them into a new record of the matching Type.
  3. Save, then come back to RodMail and click Check DNS.

For registrar-specific, click-by-click screenshots, see our companion walkthrough: How to add DNS records for your email domain.

Verifying and propagation

DNS changes aren't instant — they can take anywhere from a few minutes up to 1–24 hours to propagate worldwide. RodMail re-checks automatically and turns each record green once it's live, and you can re-run a check any time with the Check DNS button. To debug a stubborn record, use our free tools: MX Lookup, SPF Lookup and DKIM Lookup.

Common mistakes to avoid

  • Two SPF records — only one is allowed; a second causes a hard failure. Merge instead.
  • Leftover MX records from your old provider still pointing mail elsewhere.
  • Wrong Name/Host — use @ for the root and _dmarc exactly as shown; some registrars add your domain automatically.
  • Copying examples instead of your own values — your DKIM key is unique; always copy it from your dashboard.
  • Expecting instant results — give DNS time to propagate before assuming something's broken.

Getting started

RodMail generates all of these records for you the moment you add a domain, and verifies them automatically — no guesswork. Create your free RodMail account, add your domain, and copy your records straight from the dashboard.