To use StartMail with your own domain, you'll need to configure some DNS records with your domain registrar. The domain records you need to configure are listed in the Settings > Domain panel. You can find them by opening the Domain records option.
If one of the records is not set up correctly, it will mention this on the same page.
In order to be able to send and receive emails with your own domain via Startmail you need to configure following TXT-entries for verification and SPF and MX-records at your domains registrar.
TXT Verification and SPF records
The verification record was already set up during your registration process. See Setup a custom domain for more information.
|You already copied the verification value in your Startmail interface
|v=spf1 include:spf.startmail.com ~all
Mail (MX) records
We have two mail servers. If your registrar does not allow you to set those to the same priority, it's also possible to have different priorities for those.
Optional Advanced Records
DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email (email spoofing), a technique often used in phishing and generally spam emails. DKIM cryptographically verifies if an email was sent by trusted servers and has not been tampered with. It signs your outgoing emails with a key that is tied to your domain.
After these records have been configured, please contact our support team and they will make sure future mails sent from your domain will be signed with DKIM signatures tied to your domain.
When support confirms DKIM is enabled, you are ready to add a TXT-record for DMARC at your domains registrar.
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
allows the domain owner to specify what should happen with failed emails and get feedback when emails arrive.
The actual content of that record depend on how you use your domain - for example whether you are also sending out messages using third parties, or using subdomains and if you want to receive reports or not. Please be aware, delivery issues can be caused, if this record isn't set up properly.
An example record for a basic setup is given below. This will cause messages that are not aligned with SPF and DKIM to be rejected, and no statistics to be reported.
|v=DMARC1; p=reject; sp=reject;
- Depending on the Time to live (TTL) configuration of your DNS settings, changes take between a couple of minutes up to 48 hours before they're in effect. When you're migrating your domain(s) you might want to temporarily choose a shorter TTL so the transition goes more smoothly. After the change is done, you can set a longer TTL.
- If you don't set up a separate DKIM record, we sign the message with our StartMail DKIM key when you send it and we receive it on our servers.