Understanding Common DNS and Email Authentication Terms

By Yoonsoo Park | | 2 minutes
DNS Email Security

A comprehensive guide to understanding common DNS records and email authentication terms like DKIM, CNAME, MX, and more.

When setting up a domain for your website or email system, you’ll encounter various DNS-related terms and records. Let’s demystify these common terms and understand their significance in modern web infrastructure.

DKIM (DomainKeys Identified Mail)

DKIM serves as your email’s digital signature, acting like a wax seal on traditional letters. This authentication method ensures that emails genuinely come from your claimed domain and haven’t been tampered with during transmission.

How DKIM Works

  1. When you send an email, your email server adds a digital signature to the message header
  2. This signature is created using a private key that only your server knows
  3. The recipient’s server can verify this signature using a public key published in your DNS records
  4. If the verification succeeds, the email is considered authentic

Easy DKIM

AWS has simplified the DKIM implementation through Easy DKIM:

  • Automatically manages the cryptographic aspects
  • Creates three DKIM tokens for redundancy
  • Requires minimal technical knowledge to set up
  • Handles key rotation and maintenance automatically

CNAME (Canonical Name)

CNAME records are like sophisticated mail forwarding services in the DNS world. They allow you to create an alias from one domain name to another. Common uses include:

  • Pointing subdomains to content delivery networks (CDNs)
  • Setting up email authentication records
  • Creating memorable URLs that redirect to longer, technical ones

MX (Mail Exchange)

MX records are the postal service of the email world. They tell other servers where to deliver emails for your domain. Key aspects include:

  • Priority numbers (lower = higher priority)
  • Multiple MX records for redundancy
  • Different priorities for primary and backup mail servers

Additional Common DNS Terms

SPF (Sender Policy Framework)

  • Specifies which servers are authorized to send emails from your domain
  • Helps prevent email spoofing
  • Works alongside DKIM for better email security

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

  • Tells receiving servers what to do with emails that fail SPF or DKIM checks
  • Provides reporting capabilities for better insight into email authentication
  • Helps maintain domain reputation

TXT Records

  • General-purpose text records in DNS
  • Often used for domain ownership verification
  • Can store SPF records and other domain verification data

A Records

  • Maps a domain directly to an IP address
  • Most basic type of DNS record
  • Essential for website hosting

Best Practices

  1. Always maintain proper backup MX records
  2. Implement all three email authentication methods (SPF, DKIM, and DMARC)
  3. Regularly audit your DNS records
  4. Use appropriate TTL (Time To Live) values for different record types
  5. Document all DNS changes and their purposes

Cheers! 🍺