Thread: How to handle DNS with Fastmail and (different) web host?
View Single Post
Old 11 Aug 2017, 02:31 AM   #8
camner
Cornerstone of the Community
 
Join Date: Jul 2002
Location: Tacoma, WA
Posts: 642
Quote:
Originally Posted by n5bb View Post
I agree that for critical business needs you should look for the best DNS host available. But so far I have had very good reliability with the free (for a Standard or better account) Fastmail DNS hosting. I also find it very easy to set up the DNS records needed for email and simple websites, since Fastmail automatically sets up:
  • A records for my domain website, subdomain website, and mail.mydomain redirection.
  • MX records for my domain email, subdomain email, and mail.mydomain.
  • CNAME records for DKIM signing sent through the Fastmail SMTP.
  • SRV records for SMTP, IMAP, and POP client auto-discovery by modern email clients.
  • SRV records for CardDAV contact sharing client auto-discovery.
  • SRV records for CalDAV calendar sharing client auto-discovery.
  • TXT SPF default record (which I disable and enter as a custom entry, since I want to force all outgoing traffic to be forced to the Fastmail SMTP).
  • I also use a custom DMARC entry through the Fastmail DNS host. I recently changed my policy from p=quarantine to p=reject, and I'm waiting to see if any problems show up.
  • Fastmail confirms if DKIM and SPF are correctly configured.
  • If you are using a non-Fastmail DNS host, I recommend that you configure all of these as recommended at:
    https://www.fastmail.com/help/receiv...d.html#dnslist
Bill
Yikes! I don't think I know what half of these DNS records are for! In looking at my zone record, I see that the only DNS records I have related to email are two MX records pointing to FM and the following TXT SPF record:
Code:
"v=spf1 +a +mx +ip4:129.121.176.191 +ip4:108.165.20.5 +include:relay.mailchannels.net +include:spf.messagingengine.com ~all"
So I think this really answers the question as to which method to use for DNS when one's website is hosted at a different place than email. By delegating my DNS to the web host and then setting up MX records to FM, I'm not taking advantage of the various features FM provides. By reversing things so that I delegate DNS to FM and then set up a custom A record to point to my web host, I'll be able to let FM handle the appropriate zone records for email.

Two questions remain:
  1. You write
    Quote:
    TXT SPF default record (which I disable and enter as a custom entry, since I want to force all outgoing traffic to be forced to the Fastmail SMTP)
    Can you elaborate on what setting up a custom TXT SPF record accomplishes? When you say "force outgoing traffic to use FM's SMTP, " what circumstances are you talking about (obviously sending email via the FM web interface will use FM's SMTP, and using an email client will use the SMTP server set up in the config, right?). What kind of custom TXT SPF record accomplishes this?
  2. In a general way, what are the advantages of using the various "safety mechanisms" such as DKIM and DMARC for someone like me, who does not send bulk email or other kinds of email that could more easily be seen as spam?



Thanks to all who replied to my initial question!
camner is offline   Reply With Quote