Is an A record required for an email subdomain?

No, an A record is not strictly required for email sending from a subdomain. While an A record maps a hostname to an IP address, email routing relies primarily on MX records to direct incoming mail. SPF, DKIM, and DMARC records handle email authentication. An A record might be used for web content on the subdomain or for specific tracking domains if your ESP requires it.

How long does it take for DNS changes for a subdomain to take effect?

DNS changes can take anywhere from a few minutes to 48 hours to fully propagate across the internet. This delay is normal and depends on factors like your DNS provider's TTL (Time To Live) settings and how frequently DNS resolvers update their caches. Always verify propagation using an online DNS lookup tool after making changes.

Do I need separate SPF, DKIM, and DMARC records for each subdomain?

Yes, each subdomain you use for sending emails should have its own SPF, DKIM, and DMARC records. These records are specific to the domain (or subdomain) that appears in the Return-Path header for SPF, the d= domain in the DKIM signature, and the From header for DMARC. Configuring them individually ensures proper authentication for each sending stream.

How can I verify that my subdomain's DNS records are set up correctly?

You can verify your DNS records using various online tools, often called DNS lookup or DNS checker tools. Simply enter your subdomain, and the tool will query DNS servers to show you the published records. Your email service provider or Google Postmaster Tools also offer verification methods.

What if emails from my subdomain are still going to spam?

If your emails are going to spam after setting up a subdomain, it is likely an issue with your DNS records or email authentication. Double-check your SPF, DKIM, and DMARC records for any errors or misconfigurations. Ensure that SPF and DKIM are aligning correctly with your DMARC policy. Also, check if your sending IP or domain (or blocklist) is on any email blocklist (or blacklist).

How to set up email subdomains and what DNS records are required? - Technical - Email deliverability - Knowledge base

Setting up email subdomains can seem like a complex task, especially when you start diving into the intricacies of DNS records. It is a critical step for many organizations, allowing for better email management, improved deliverability, and clearer brand separation for different email streams. Whether you are segmenting marketing emails from transactional ones, or simply want to use a distinct sending identity, subdomains offer a powerful solution.

The good news is that while it involves a few technical steps, understanding the core concepts and the specific DNS records required makes the process much more straightforward. I have guided many teams through this, and the key is to be methodical and verify each record carefully. Many email service providers (ESPs) will provide you with the exact DNS records you need, simplifying the process of copying and pasting them into your domain's DNS settings.

This guide will walk you through the essential DNS records and the steps needed to successfully set up an email subdomain. My goal is to demystify the process and provide you with a clear roadmap, ensuring your emails reach the inbox reliably.

Understanding email subdomains

Before we dive into the DNS records, let's clarify what an email subdomain is and why it is beneficial. An email subdomain is essentially a subdivision of your main domain, used specifically for sending emails. For instance, if your main domain is yourcompany.com, you might use marketing.yourcompany.com for marketing emails and transactional.yourcompany.com for transactional emails. This approach allows you to isolate the reputation of different email streams.

The primary reason to use email subdomains is to protect your main domain's reputation. If your marketing emails, sent from a subdomain, encounter deliverability issues or land on a blacklist (or blocklist), it is less likely to affect the deliverability of your critical transactional emails sent from a different subdomain or your main domain. This segregation is crucial for maintaining a healthy email ecosystem. You can learn more about why to use email subdomains in our detailed guide.

Setting up a subdomain for email involves configuring specific DNS records in your domain's DNS zone file. These records tell mail servers how to handle emails sent from your subdomain, ensuring they are properly authenticated and routed. Without these records, your emails are highly likely to be marked as spam or rejected outright.

Benefits of using subdomains

Reputation isolation: Protect your primary domain from reputation damage caused by high-volume or potentially riskier email sending activities.
Improved deliverability: Mailbox providers (like Gmail and Yahoo) can evaluate different email streams independently, leading to better inbox placement for each.
Better analytics: Track the performance of specific email campaigns or types more accurately without mixing data.
Brand segmentation: Differentiate between various brand activities or departments, such as support.yourcompany.com.

Key DNS records for email subdomains

To ensure proper email deliverability from your subdomain, you will need to configure several types of DNS records. These records work together to authenticate your emails and direct them to the correct recipients. The most common and crucial DNS records include MX, SPF, DKIM, and DMARC.

While an A record points a domain or subdomain to an IP address, it is not strictly necessary for email sending itself, though it may be used for tracking domains or webmail access for your subdomain. For email, it is the MX record that points to your mail servers. Many mistakenly believe an A record is paramount for email subdomains, but as detailed in what DNS records are needed for email subdomains, it is often not required for the email sending path itself.

Each of these records plays a distinct role in email authentication. SPF specifies which servers are authorized to send email on behalf of your domain, while DKIM adds a digital signature to your emails, verifying their authenticity. DMARC ties these two together, allowing you to instruct receiving mail servers on how to handle emails that fail SPF or DKIM checks, and providing valuable DMARC monitoring reports.

I often see confusion about whether a subdomain needs its own SPF record. The answer is yes, a subdomain used for sending emails requires its own SPF record, as SPF is checked against the Return-Path domain, which will be your subdomain. This is critical for authentication and preventing your emails from going to spam. You can dive deeper into this topic with our guide: Does a subdomain need its own SPF record?

Record type	Purpose	Example configuration	Key considerations
MX record	Directs incoming email for the subdomain to the correct mail server(s).	Name: mail.sub.example.com, Value: mailserver.example.com, Priority: 10.	Crucial for receiving bounce messages and replies. Your ESP provides these.
SPF record (TXT)	Authorizes specific IP addresses or domains to send email on behalf of your subdomain.	Name: sub.example.com, Value: "v=spf1 include:_spf.example.com ~all"	Ensure all sending services are included. Only one SPF record per domain/subdomain.
DKIM record (TXT or CNAME)	Adds a digital signature to outgoing emails, verifying the sender's authenticity and message integrity.	Name: selector1._domainkey.sub.example.com, Value: "v=DKIM1; k=rsa; p=MIGf..." or CNAME to ESP.	Usually provided by your ESP. Multiple DKIM records can exist for different selectors.
DMARC record (TXT)	Specifies policies for email authentication failures and requests aggregate reports.	Name: _dmarc.sub.example.com, Value: "v=DMARC1; p=none; rua=mailto:reports@example.com"	Crucial for monitoring and enforcing email authentication for the subdomain.
CNAME record (optional)	Used for tracking domains or pointing one domain name to another, often for DKIM or tracking links.	Name: track.sub.example.com, Value: tracking.esp.com	Commonly used by ESPs for click and open tracking.

Setting up DNS records: A step-by-step guide

Setting up these DNS records is a process that typically involves your domain registrar or DNS hosting provider. The exact steps can vary slightly depending on who manages your DNS, but the core actions remain the same. Before starting, gather all the necessary records from your email service provider or mail server administrator. For Google Workspace and Microsoft 365, specific guides are available to help you add their required DNS records.

The first step is to log into your domain registrar's control panel (e.g., GoDaddy, Cloudflare) and navigate to the DNS management section. This area is typically labeled DNS settings, Zone file editor, or Advanced DNS. From there, you will add new records one by one, ensuring the correct type, name (or host), and value for each.

Once all records are added, save your changes. DNS changes can take some time to propagate across the internet, typically from a few minutes to 48 hours. This propagation period is normal, so patience is key. After the propagation, use a free online email testing tool to verify that your records are correctly configured and recognized globally. This step is crucial to confirm your subdomain is ready for sending.

Configuring DNS records example: SPF

Here is an example of what an SPF record for a subdomain might look like when you add it to your DNS settings.

SPF record for marketing.yourcompany.comDNS

Host/Name: marketing.yourcompany.com
Type: TXT
Value: v=spf1 include:spf.your-esp.com ~all
TTL: 3600

Remember to replace yourcompany.com and your-esp.com with your actual domain and ESP's SPF record. The TTL (Time to Live) specifies how long DNS resolvers should cache the record.

Common challenges and best practices

Even with a clear understanding, you might encounter some challenges when setting up email subdomains. One common issue is incorrect DNS record values, often due to typos or not copying the full string provided by your ESP. Another is DNS propagation delays, where changes take longer than expected to update globally.

Additionally, it is common to forget that each subdomain used for sending email needs its own set of authentication records (SPF, DKIM, DMARC), separate from the root domain's. Forgetting to set up a DMARC record for your subdomain can leave you blind to authentication failures and potential spoofing attempts. Our guide on setting up DMARC records for subdomains provides further detail.

To mitigate these, always double-check every character in your DNS records, use a DNS lookup tool to verify propagation, and consult your ESP's documentation meticulously. For a simple overview of authentication, refer to our guide to DMARC, SPF, and DKIM. Proper configuration is key to boosting your email deliverability rates.

Common pitfalls

Missing records: Forgetting to add all necessary records, especially DKIM or DMARC.
Incorrect values: Typos in hostnames or record values, leading to authentication failures.
Overlapping SPF: Having multiple SPF records or exceeding the 10-lookup limit.
DMARC alignment: Not ensuring SPF and DKIM domains align with your DMARC policy.

Best practices

Verify records: Use online tools to confirm DNS records are correctly published and propagated.
Use DMARC monitoring: Start with p=none and gradually move to stricter policies.
Dedicated subdomains: Separate transactional, marketing, and internal emails onto different subdomains.
Regular audits: Periodically review your DNS records for accuracy and compliance with current standards.

Views from the trenches

Best practices

Always start with a 'p=none' DMARC policy for new subdomains to avoid immediate deliverability issues.

Utilize dedicated subdomains for different email types (e.g., transactional, marketing) to isolate reputation.

Ensure SPF and DKIM records are correctly published and aligned with your DMARC policy for robust authentication.

Regularly monitor DMARC reports to identify potential issues and ensure proper email flow.

Keep your DNS records updated as your email sending infrastructure evolves or changes.

Common pitfalls

Assuming a single SPF record for your main domain covers all subdomains, leading to SPF failures.

Missing or incorrect MX records for the subdomain, which can cause bounce messages to fail.

Not publishing a DMARC record for the subdomain, which means you lose out on critical visibility.

Exceeding the 10-lookup limit for SPF records, causing validation failures at receiving servers.

Forgetting about DNS propagation time, leading to premature troubleshooting attempts.

Expert tips

When creating a new email subdomain, verify each DNS record with a DNS lookup tool immediately after publishing.

Prioritize setting up SPF, DKIM, and DMARC for every email sending subdomain.

If you're using a third-party email service provider, ensure you copy their provided records exactly.

Consider setting up an A record for your subdomain if you plan to host web content or webmail on it.

Review M3AAWG's sending domain best practices for comprehensive guidance.

Marketer view

Marketer from Email Geeks says: The software your web-hosting provider uses greatly influences the ease of subdomain setup, with cPanel making domain and record management simple.

2019-12-30 - Email Geeks

Expert view

Expert from Email Geeks says: An A record is not strictly necessary for sending emails from a subdomain, as other crucial records are missing in a setup that only includes an A record pointing to a sending IP.

2019-12-30 - Email Geeks

Final thoughts on email subdomains

Setting up email subdomains and their associated DNS records is an essential step for any organization looking to optimize its email deliverability and maintain a strong sending reputation. By segregating your email streams, you gain better control over your sender reputation and ensure that critical communications are not impacted by other email activities.

The core of this setup lies in correctly configuring MX, SPF, DKIM, and DMARC records for each subdomain. While the process requires attention to detail, the benefits in terms of email performance and security are substantial. Always verify your DNS changes and monitor your email performance to ensure everything is working as intended.