Sending emails that will arrive in the target inboxes is not that trivial nowadays. The DNS settings are crucial for this. And they contain some pitfalls. I want to elaborate the things I ran into. This is what I learned in the quest.

The Sender Policy Framework (SPF) is used to mark which hosts are allowed to send emails for specific domains. If this setting is available, the emails will more probably land in the inboxes instead of the spam folders. The SPF record is outdated, and the TXT record shall be used instead. Be aware that only a single entry is allowed for a domain. Multiple ones would cause emails not to arrive in the targeted inboxes. To solve this, you can merge two SPF entries into a single one.

The DKIM refers to a public key with which one can determine whether the received and signed email is really from that authorized sender. It works similar to public/private signature authentication. The public key has to be stored in a TXT record as well.

But also receiving emails is not that simple when the DNS is not set up correct.

Lets assume you own the domain example.com and your website is hosted at someurl.cloudprovider.com. To let the user access your website through your domain, you normally add CNAME entries. The typical rule would be of the form www.example.com CNAME someurl.cloudprovider.com and this would work without flaws. But what if the user would only type in example.com? In that case, the user will not land at the website. The first thought would be to add another CNAME entry like this example.com CNAME someurl.cloudprovider.com so that any request landing at example.com would be correctly resolved to the website. It works. And then your customer also wants to receive emails at that domain. And you will set up an MX record pointing to the email server. But no mail will ever arrive. Never ever….

The reason for this is that the root CNAME is in conflict with the MX record, and because of this the MX record will not work. This has something to do with the classic DNS protocol that specifies that a root entry can only be an A entry. . Most cloud providers do not offer actual IP addresses. There are various solutions to this problem. One being that you can set up a url DNS record that issues a HTTP 301 redirect from any subdomain to the www subdomain instead.

I hope this helps you in your endeavor towards sending and receiving emails that will arrive in the inbox, not in the spam folder.