The Email DNS Ecosystem

How MX, SPF, DKIM, and DMARC work together for email.

Email relies on multiple DNS record types beyond MX. SPF, DKIM, and DMARC work together with MX records to route, authenticate, and protect email.

MX for Routing

MX records handle the "where"—directing incoming email to mail servers. They're queried by sending servers to find delivery destinations. Without correct MX records, email doesn't arrive. MX records only affect incoming mail—outgoing mail uses different mechanisms.

SPF for Sender Authorization

SPF (Sender Policy Framework) is a TXT record listing IPs authorized to send email for your domain. Receiving servers check if the sending IP matches SPF. This prevents spoofing—someone pretending to send from your domain. SPF is checked on the "envelope from" address.

DKIM for Message Integrity

DKIM (DomainKeys Identified Mail) adds cryptographic signatures to emails. A TXT record contains the public key. Receiving servers verify signatures weren't altered in transit. DKIM proves the message content is authentic and unchanged.

DMARC for Policy

DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receivers what to do when SPF or DKIM fail: reject, quarantine, or deliver anyway. DMARC also provides reporting on authentication results. It ties SPF and DKIM together into a cohesive policy.

Put the email dns ecosystem to use. One key, the MX Lookup API, live in minutes.

Scaling up?

Volume pricing, custom SLAs, and dedicated support for high-traffic teams.

Contact sales