DNS stands for Domain Name System or Domain Name Server. They’re responsible for connecting domain names to web servers. Anytime you connect to the internet and go anywhere, you’re using them.
Here is how it works:
Your browser: Go to intilery.com.
Your computer: Connect to DNS server and tell me which server godaddy.com is on.
DNS server: intilery.com is on this IP address: XX.XXX.XX.XXX
Your browser: Go to this IP address and ask for the intilery.com website.
The DNS records translate the domain into the IP address of the server that hosts it. So in this case, you asked for intilert.com and it told you where it was hosted. (The web server is then responsible for loading the site that matches the requested domain, but that’s beyond what we’re covering here.)
Why should you care?
If you are a small business owner and you are sending email to contactus@your_company.com through a “contact us” form on your website, you should care. You need these to make it to your_company.com. This is true for any form on your website. You need the mail to be delivered.
If the DNS records aren’t there, emails are far less likely to make it from your contact form to your company email address.
This is also true for general email delivery, like person-to-person email. Mail servers check and to see if you are allowed to send and receive based on the DNS records. If the records aren’t present, the emails are far less likely to make it through.
What are CNAME and A records?
The CNAME and A Records are the most basic and common records. They are probably the easiest to explain.
‘A’ record: This tells you where the default domain is. Often the main domain is represented by an @ symbol. The @ symbol just means your_company.com.
‘CNAME’ record: Is an alias for something. In the case below, the CNAME is telling you that the “www” part of “your_company.com” is on the same server, which is represented by the @ symbol.
Here is a standard set up telling you that the “A record for your_company.com (also known as @) is on the server IP address of 192.168.1.1,” and the “CNAME of www is also pointing to the alias of @, which is 192.168.1.1.”
What are mail exchange (MX) records?
MX records in the DNS server allow us to specify where email should be delivered. MX records specify and prioritise the incoming mail servers that receive email messages sent to your domain name.
Adding MX records are the easiest part of this. If you are using a service like G Suite, your MX records should look something like:
These records are just telling the sending email server, when sending an email to sideways8.com, deliver to aspmx.l.google.com (10). If that server doesn’t accept the email, then send it to alt1.aspmx.l.google.com (20), etc.
How is email sent and received?
Email became popular and as more emails were being sent globally, more spam came in.
Here is an example of how email used to be sent and received:
Sending server: Hello, I have an email for bob@your_company.com.
Receiving server: Great! Send it.
Sending server: Here you go.
Receiving server: I received it. Thanks.
Here is how the conversation goes now, and this is why email sent from you or your website might not make it into someone’s inbox:
Sending server: Hello, I have an email for bob@your_company.com
Receiving server: your_company.com? Let me check DNS records. You do not have permission to send email on behalf of your_company.com. I’m rejecting you.
Sending server: Ugh. I guess I need to fix my DNS so you will accept it.
Anyone can send an email acting like someone else. I could set up an email server on my laptop and send an email to bob@your_company.com saying that I’m larry@your_company.com.
If your_company.com’s mail server doesn’t have some way of checking, it will be accepted.
Concerning your website, sending email from a web server used to be easy. You would build a very simple form and specify which email address it should go to and — boom! The email shows up on the mail server specified by the receiving domain’s MX record.
The issue is that spam became popular, and spam filters started to pop up to stop it.
What is blocking the mail from being delivered?
Spam filters are designed to detect illegitimate email and they use these technologies to filter out spam:
- SPF: Sender Policy Framework
- DKIM” DomainKeys Identified Mail
- DMARC: Domain-based Message Authentication, Reporting and Conformance
These all have corresponding DNS records that must be configured.
I’m going to simplify my explanation to a certain extent, but here is what each one of those are asking:
SPF asks, “Is this IP address allowed to send mail on behalf your_company?”
There are three responses: Accept, Reject, and Accept but send to spam.
You need a record for any service that sends email on your_company.com’s behalf. For example, if you are using MailChimp, you will need to add records to cover it.
DKIM asks, “Can I check your digital signature? I need to check the signature against the sending server.”
One of the best explanation of DKIM comes from emailonacid.com: A sender creates the DKIM by “signing” the email with a digital signature. This “signature” is located in the message’s header. The sending mail transfer agent (MTA) generates the signature by using an algorithm applied to the content of the signed fields. This algorithm creates a unique string of characters, or a “hash value.”
DMARC asks, “Did SPF and DKIM pass? Let’s run through our policies that tell us what to do if the email is accepted or rejected.”
What is blocking the mail from being delivered?
Spam filters are designed to detect illegitimate email and they use these technologies to filter out spam:
- SPF: Sender Policy Framework
- DKIM” DomainKeys Identified Mail
- DMARC: Domain-based Message Authentication, Reporting and Conformance
These all have corresponding DNS records that must be configured.
To simplify, here is what each one of those are asking:
SPF asks, “Is this IP address allowed to send mail on behalf your_company?”
There are three responses: Accept, Reject, and Accept but send to spam.
You need a record for any service that sends email on your_company.com’s behalf. For example, if you are using MailChimp, you will need to add records to cover it.
DKIM asks, “Can I check your digital signature? I need to check the signature against the sending server.”
One of the best explanation of DKIM comes from emailonacid.com: A sender creates the DKIM by “signing” the email with a digital signature. This “signature” is located in the message’s header. The sending mail transfer agent (MTA) generates the signature by using an algorithm applied to the content of the signed fields. This algorithm creates a unique string of characters, or a “hash value.”
DMARC asks, “Did SPF and DKIM pass? Let’s run through our policies that tell us what to do if the email is accepted or rejected.”