The following is an explanation of the various DNS records you create when configuring a domain with a email sending service like MailGun. These notes are specific to the MailGun setup, but the same general concepts apply to other email services (SendGrid, Amazon SES, etc.)
The above video and these notes explain the details of the records; if you just want to see how to quickly set them up check out this video...)
It’s suggested that you use a subdomain (e.g.
mail.yourdomain.com) when configuring MailGun because it can help improve the deliverability and reputation of your emails. When you use a subdomain it separates your email sending reputation from your root domain. This means that if you experience any issues with email deliverability, it won’t affect your main domain’s reputation.
Additionally, configuring an email sending service with a subdomain makes it easier to manage your email sending as you can track your email metrics and manage your email settings separately from your main domain.
Note that even though you are configuring things with a subdomain, you will still be able to send emails from your root domain e.g.
The following is an explanation of typical DNS records used to configure a email sending service. The example is specific to MailGun but the same general idea applies to other services such as SendGrid, Amazon SES, Etc.
Record 1 holds a SPF (Sender Policy Framework) record that is used to verify to receiving mail servers that your sending server (in this example, MailGun) has the right to send email on behalf of your domain.
Record 2 is a DKIM (DomainKeys Identified Mail) record, and is used to authenticate the identity of an email sender and verify that the message has not been altered during transit. The contents of this record contains a special key that will coincide with a digital signature sent with all your outgoing MailGun email. When your emails are received, the recipient’s email server will retrieve the key from your DNS settings and check it's a match with the digital signature found in the email. If it’s a match, the recipient’s email server can be confident that the message has not been altered during transit and that it was sent by an authorized sender from the specified domain.
By adding a DKIM record to your domain’s DNS configuration, you can help to prevent email spoofing and protect your domain reputation, preventing you emails from landing in Spam folders.
Records 3 and 4 are MX (Mail Exchange) records specific to receiving email via MailGun (vs. the above two records which were specific to sending email).
You might receive email via MailGun if you want to do some sort of processing on your server of incoming email. For example, let’s say you wanted to run a contest where users could email in a submission, and you wanted those submissions to be processed by your server so that each submission was added to a database and users were automatically sent a confirmation email of receipt.
You should only set up these MX receiving records if you don’t already have existing existing MX records pointing to another server (e.g. Gmail). Because you probably set up a specific subdomain for MailGun, this shouldn’t be a concern.
It’s recommended that you set up these records, even if you don’t intend on receiving emails via MailGun because having an MX record for your domain can improve email deliverability, as it helps to establish trust with email recipients' servers.
Record 5 is a CNAME (Canonical Name) record which is used to creates aliases from one domain to another. In this case, you’re creating an alias between a subdomain of your domain (
email.mail.yourdomain.com) and MailGun’s domain (
When you send an email campaign through Mailgun, the system automatically replaces links in the email with links that point to your tracking subdomain, and when recipients click these links, the request is then aliased (via the CNAME) to MailGun's domain/server where the clicks can be tracked.