ST Hosting Manual
Our manual
DNS records for mail servers
In this article, we would like to explain you what DNS records are and why they are so important for your own mail server. Please note: DKIM and DMARC are not mentioned here.
Special DNS records are being used in e-mail shipping to increase security. A mail server has the option to send e-mails from any domain. The owner of the domain has the possibility to set entries in the DNS, which shows the mail servers who are allowed to use this domain. If a mail servers receives a mail, they usually check out if it is the right entry or not. That means if they find out that the sending mail server was not authorized to send an e-mail via the domain, this e-mail will be directly rejected. This inspection takes place via the corresponding entries in the domain name system, (short form: DNS). In the following we will explain you why DNS records are so important for a mail server.
A-Record
As you might know, all services — inluding mail servers — can be reached via a specific IP. Do not forget to assigne a certain name for your mail servers. Therefor you have to use an A-Record. IP addresses are just being used for the connection between devices in the internet. However, it is to difficult to keep each IP address in mind. To simplify this, DNS is being used to translate domain names into IP addresses. In order to interpret the name of the mail server correctley, it has to point to the IP of the mail server via an A-record. First you have to go to Management then Domainmanagement to set a DNS-record for your mail server. For example mail.yourdomain.de as name and as value you enter the IP address, of your mail server. This could be for example an IP of a vServer which you got from us.
PTR or rDNS Record
The PTR or rDNS record is the exact counterpart of the A-record and so it is normally the first security measure which mail servers demand. For a specific IP, the name behind it is entered here. Thats why the IP of your mail servers has to point to the name of your mail server. Have a look at your clientcenter below VPS-Management ->RDNS-Management because you can adjust everything there. As a last resort you have to deposit the name of the mail servers — for instance: mail.yourdomain.de — for your IP.
MX-Record
With this DNS record, you specify which mail server/s are responsible for receiving the mails with this particular domain. Therefor you just enter the value, which means you put in the name of your mail server again, in our case: mail.yourdomain.de. With multiple entries and different priorities, you have the opportunity to perform a load balancing, herewith you can specify multiple mail servers for only one domain.
SPF-Record (Typ TXT)
A SPF Record is a TXT-Record, which is needed to specify whichever mail servers are allowed to send emails for the domain. SPF stands for transmitter policy framework. You enter all mail servers that are allowed to send mails for your domain here. An often encountered value is, for example: "v=spf1 a mx -all". That would mean, all mail servers are allowed which matches a particular A record (a) of the domain. Additional all mail servers are allowed, which are specified by MX record (mx) for the domain. All the other possible mail server (-all) are out of question. Only the domain owner can set an A-Records and MX-Records, this ensures that only the authorized mailserver from the owner are allowed to send mails. Of course, there are many more parameters to build up an SPF record. For instance you can specify different IP addresses here. If you were wondering, we must specify the TXT records with quotation marks at the beginning and at the end of the record.