Can a CNAME record exist alongside other DNS records on the same subdomain?

Generally, no. A CNAME record declares a subdomain as an alias for another hostname, and therefore, it cannot have other DNS records (like MX, SPF, DKIM) at the same level. If you need other records, you might need to use a sub-subdomain (e.g., t.mail.yourdomain.com ) for the CNAME, while placing other records on the parent subdomain ( mail.yourdomain.com ).

Why do ESPs often recommend CNAMEs for email sending subdomains?

Email Service Providers (ESPs) often manage dynamic IP addresses for their sending infrastructure. By using CNAMEs, ESPs can update their underlying IP addresses without requiring you to manually change your DNS records, ensuring continuous email delivery and avoiding disruptions.

What happens if the IP address an A record points to changes?

If the IP address an A record points to changes, the subdomain will no longer resolve correctly to the intended server. This can lead to website downtime or email delivery failures until the A record is manually updated to the new IP address. This is why A records are less flexible for services with frequently changing IPs.

How do DNS records for subdomains impact email deliverability?

Properly configured DNS records for subdomains are vital for email deliverability. Incorrect A or CNAME records can cause emails to be rejected, marked as spam, or not sent at all. They also play a role in authenticating your emails through SPF, DKIM, and DMARC, which helps build sender reputation.

Is it better to use a dedicated subdomain for email sending?

Yes, it is generally considered a best practice to use a dedicated subdomain for email sending (e.g., mail.yourdomain.com ). This isolates your email sending reputation from your main domain, protecting your core website in case of deliverability issues or if your sending IP ends up on a blocklist (or blacklist).

When setting up a subdomain, what A record should I use, and when should I use a CNAME? - Technical - Email deliverability - Knowledge base

Setting up a subdomain for your email sending can be a great way to manage your sender reputation and ensure your messages land in the inbox. However, one of the most common questions that comes up during this process is whether to use an A record or a CNAME record for your subdomain.

Both A records and CNAMEs are fundamental components of the Domain Name System (DNS), but they serve different purposes. Understanding their distinctions is crucial for proper email deliverability, preventing issues like emails going to spam or even complete delivery failures.

The choice between an A record and a CNAME often depends on who is hosting the content or service the subdomain points to, and how much control you have, or want to have, over the underlying IP addresses.

What is an A record?

An A record, short for 'address record,' directly maps a domain or subdomain to an IPv4 address. It's the most basic type of DNS record and essentially tells a web browser or email server the specific numerical address where a domain's resources are located. When you use an A record, you are directly specifying the IP address where your subdomain's content or service resides.

You should use an A record for your subdomain when you have a static IP address that you control, such as a dedicated server or a specific hosting environment. This is common for the root domain of your website (e.g., yourdomain.com), and can also be applied to subdomains if you want them to point to a distinct server you manage. For email sending, an A record would point your mail server's IP directly. If that IP changes, you must manually update the A record, or your email sending could be disrupted.

Using an A record for your subdomain provides direct control and can sometimes offer slightly faster resolution as there's no additional lookup. However, this comes with the responsibility of keeping the IP address updated if it ever changes. If you want to learn more about how DNS records work, you can check out this helpful guide on DNS records.

Example A recordDNS

subdomain.yourdomain.com. IN A 192.0.2.1

What is a CNAME record?

A CNAME record, or 'Canonical Name record,' functions as an alias. Instead of pointing a subdomain to an IP address, a CNAME points it to another hostname or domain name. The actual IP address resolution then occurs when the aliased hostname is looked up. This creates a flexible arrangement where the IP address can change without requiring an update to your CNAME record, as long as the aliased hostname remains the same.

You should use a CNAME when your subdomain needs to point to a service hosted by a third party, especially when that third party manages its own IP addresses. This is exceedingly common for email sending through an Email Service Provider (ESP) or for setting up tracking domains (e.g., clicks.yourdomain.com or mail.yourdomain.com). The ESP provides you with a hostname to point to, and they handle the underlying IP changes on their end. A key limitation of CNAME records is that you cannot have other DNS records (like MX, SPF, DKIM) at the same level as a CNAME. For detailed information, Cloudflare explains CNAME records well.

For email sending, this flexibility is paramount because ESPs frequently update their server infrastructure, including IP addresses. By using a CNAME, your email deliverability remains unaffected by these behind-the-scenes changes. This also plays a role in how CNAME records affect DNS records like SPF, DKIM, DMARC, and MX records.

Example CNAME recordDNS

subdomain.yourdomain.com. IN CNAME mail.thirdpartyesp.com.

CNAME limitations for email

If you are using a CNAME record for a subdomain, you cannot typically add other records like MX records or SPF/DKIM records directly to that same subdomain. This is because a CNAME declares the entire subdomain as an alias for another host. For email authentication, this often means setting up SPF and DKIM on a slightly different subdomain level or ensuring your ESP handles it through their canonical name setup.

This becomes particularly relevant when you need to add an MX record to a subdomain that already has CNAMEs for email sending verification.

A record vs. CNAME: choosing the right one

The fundamental difference comes down to direct IP mapping versus alias mapping. Understanding this distinction is key to setting up your DNS records correctly, especially for email sending where misconfigurations can lead to deliverability problems or even land you on a blocklist (or blacklist).

A record

When you have direct control over the server and its IP address, an A record is suitable. This might be for your main website, a custom web application, or a mail server whose IP you manage yourself. It offers direct resolution, but requires manual updates if the IP changes.

IP dependency: Directly links your subdomain to a static IP.
Management: Requires manual updates if the IP address changes.
Use case: Best for servers where you manage the infrastructure.

CNAME record

When your subdomain needs to point to an external service, like an Email Service Provider, a CNAME is the preferred choice. It points to a hostname, allowing the service provider to manage IP changes without affecting your DNS configuration. This is key for reliable email deliverability.

IP independence: Acts as an alias to another domain, abstracting the underlying IP.
Management: Updates are handled by the target hostname, reducing your administrative burden.
Use case: Ideal for third-party services, including email sending platforms.

Best practices for email sending subdomains

For email sending, the best practice is almost always to use a CNAME record when integrating with a third-party Email Service Provider (ESP). These providers typically manage a complex infrastructure with dynamic IP addresses, and a CNAME ensures your sending domain always points to their correct, updated servers.

It's also crucial to remember the rule about CNAMEs not coexisting with other records at the same level. If your ESP requires a CNAME for mail.yourdomain.com, you cannot then put an MX record or a DMARC record directly on mail.yourdomain.com. In such cases, these records would typically be at the parent domain level or on a different subdomain entirely. Understanding this interaction is part of best practices for DNS lookups and SPF records.

When setting up email subdomains, always consult your ESP's documentation. They will provide the precise CNAME (or occasionally A record) values you need to configure in your DNS settings for optimal performance and deliverability. This ensures your email traffic is routed correctly and aligns with their infrastructure, helping to avoid issues such as your emails ending up on a blocklist (or blacklist).

Key considerations for subdomains

Dedicated subdomains: Use distinct subdomains for different types of email (e.g., transactional, marketing) to isolate sender reputation.
Follow ESP guidelines: Always adhere to your Email Service Provider's specific DNS record instructions.
Authentication records: Properly configure SPF, DKIM, and DMARC for each sending subdomain to ensure authentication. You can generate your DMARC record using an online tool.
Monitor deliverability: Regularly check your subdomain's email deliverability and monitor for any blocklist (or blacklist) issues.

Views from the trenches

Best practices

Always consult your Email Service Provider's documentation for specific DNS record requirements before configuration.

Utilize different subdomains for various email streams, such as transactional versus marketing, to protect your sender reputation.

Ensure all necessary email authentication records, including SPF, DKIM, and DMARC, are correctly implemented for each subdomain.

Regularly monitor your email deliverability rates and proactively address any emerging blocklist issues or deliverability challenges.

Common pitfalls

Attempting to place multiple DNS record types (like MX or SPF) on a subdomain that already has a CNAME record.

Using an A record for a subdomain when it should be aliased to a third-party service via a CNAME, leading to broken links.

Failing to update A records when the underlying IP address of your server changes, causing service outages.

Not configuring email authentication for new subdomains, which can result in emails being marked as spam.

Expert tips

Implement a DMARC policy with reporting to gain visibility into your email authentication status across all your subdomains.

Conduct thorough testing of your DNS configurations and email sending setup before sending high volumes of mail.

Consider using an Email Service Provider that simplifies DNS setup by providing easy-to-configure CNAME records for authentication.

Be aware of how CNAMEs interact with other DNS records to avoid conflicts and ensure proper email routing.

Expert view

Expert from Email Geeks says: If your DNS management system mandates an A record, it should point to an IP address that you own or have a clear contractual relationship with, such as one of your web servers.

2021-05-28 - Email Geeks

Marketer view

Marketer from Email Geeks says: When setting up a subdomain for email tracking, most Email Service Providers will require a CNAME record, not an A record, as you cannot have a CNAME alongside other records at the same level.

2021-05-28 - Email Geeks

Summary

The decision to use an A record or a CNAME for your subdomain boils down to who controls the IP address of the service you're pointing to. If you manage the server and its static IP, an A record provides direct control. However, for email sending subdomains, where you often integrate with third-party ESPs, CNAMEs are almost always the correct choice. They offer crucial flexibility, automatically adapting to changes in the ESP's infrastructure without requiring manual DNS updates.

Properly configuring your DNS records for subdomains is a critical step in ensuring strong email deliverability, helping your messages bypass spam folders and reach recipients' inboxes reliably. Always consult your ESP's specific instructions and verify your DNS setup to maintain optimal performance and avoid any unforeseen blocklist (or blacklist) issues.