You bought the domain. You created the mailbox. You logged into webmail and saw the inbox. You thought you were done.
Then you tried to send a test from your phone. Nothing. It sat in the Outbox spinning. Or you sent from your personal Gmail to your new address and it disappeared — no bounce, no error, just silence.
This is the Zombie State: the lights are on, but nobody's home. Login works because webmail runs over HTTPS (port 443) — the same protocol as any website. Sending and receiving through Outlook, Apple Mail, or your CRM uses SMTP and IMAP. Those are completely different doors, and they might still be locked.
If you're working through the full setup, the step-by-step process is covered in our guide on how to create email with your domain — this article picks up where that leaves off: you can log in, but mail flow is broken.
This is your rapid-response runbook. We'll move from 60-second triage to CLI-level diagnostics, so you can isolate exactly where the break is.
Step 1: Identify Your Symptom Before Touching Anything
Don't start messing with DNS records until you know which part of the pipeline is broken. "It doesn't work" is not a diagnosis. Pick your scenario:
Scenario A: The Ghost Town (Can't Receive)
You send a test from Gmail to your new address. It never arrives. No bounce comes back to the sender. You can log in fine.
What it means: The internet doesn't know where you live. Your MX records are missing, wrong, or pointing to a server from your previous host.
Scenario B: The Outbound Block (Can't Send)
You click Send in Outlook or on your iPhone. The progress bar hangs. Eventually: "Connection Timed Out" or "Server Unreachable."
What it means: Your network is choking the connection. Usually a firewall, an ISP blocking port 25, or an encryption mismatch.
Scenario C: The Untrusted Pariah (Spam / Bounces)
Mail sends, but lands in the recipient's Junk folder. Or you get an immediate bounce: 550 5.7.1 Message rejected.
What it means: You're missing an ID card. SPF, DKIM, or DMARC aren't configured, and receiving servers are treating you like a spammer.
The Fix Checklist: How to Set Up Email on My Domain Correctly
Work through these in order. Don't skip layers.
1. MX Records — The GPS Coordinates
When someone sends mail to you@yourdomain.com, their server asks DNS: "Who handles mail for this domain?" If MX records are wrong, mail doesn't bounce — it just disappears or goes to your old host.
Two mistakes that destroy deliverability:
- Leftover records from your previous host. If you have old MX records from GoDaddy mixed with your new provider's records, mail gets split between them. Delete the old ones entirely.
- Pointing MX to a CNAME. An MX record must point to an A record (a hostname that resolves to an IP). Pointing it to a CNAME violates RFC 2181 and causes random-looking delivery failures.
Check your MX records right now:
dig mx yourdomain.com +shortYou should see your provider's mail servers, and only your provider's mail servers. If you see records from two different hosts, fix that first.
DNS propagation takes up to 48 hours. If you just changed settings, use whatsmydns.net to check whether the world sees your new records yet.
2. Mailbox Status and Storage
Check the obvious things before going deep:
- Does the mailbox actually exist? Check the spelling. Did you create
support@orsuport@? - Is the mailbox over quota? In traditional hosting (Google Workspace, M365), every user has a hard cap. Hit it, and incoming mail bounces with a "Mailbox Full" error.
TrekMail uses pooled storage — your plan's storage is shared across all users. One heavy user doesn't break everyone else's inbox or force you to upgrade the whole account.
3. SMTP Configuration — Where 90% of "Can't Send" Tickets Come From
Webmail bypasses SMTP entirely, which is why login works but your desktop client doesn't. When you configure Outlook, Thunderbird, or your CRM, you need exact settings.
Port 25 is blocked on most home and office ISPs. Comcast, Verizon, AT&T — they all block outbound port 25 to stop spam bots. If you've been trying to connect on port 25, that's your problem.
| Protocol | Function | Port | Encryption |
|---|---|---|---|
| SMTP | Sending | 587 | STARTTLS |
| SMTP | Sending | 465 | Implicit SSL/TLS |
| IMAP | Receiving | 993 | SSL/TLS |
Port 587 with STARTTLS is the modern standard for mail submission. Port 465 works too. Use either — just make sure your client's encryption setting matches the port. Mixing them (SSL on 587, or STARTTLS on 465) causes connection failures that look like network errors.
TrekMail doesn't support POP3. It's an obsolete protocol that deletes mail from the server and creates data silos on individual devices. IMAP keeps everything in sync across your phone, laptop, and webmail.
4. Hostname — Use the Exact Value, Not a Guess
Your mail client needs the precise hostname your provider gives you. These don't work:
mail.google.com(wrong provider)smtp.yourdomain.com(only valid if you created a CNAME specifically for this)
Use the hostname from your welcome email or provider dashboard — something like smtp.trekmail.net. See our IMAP & SMTP settings reference for the exact values.
5. SPF, DKIM, and DMARC — Non-Negotiable in 2025
If mail sends but lands in spam, or you're getting 550 5.7.1 bounces, your DNS is missing authentication records. Google and Yahoo now reject mail that doesn't pass these checks.
SPF is a TXT record listing which servers are allowed to send for your domain:
v=spf1 include:sendingprovider.net ~allCritical mistake: you can only have one SPF record. If you have two lines starting with v=spf1, both are invalid. Merge them into a single record.
DKIM is a digital signature your mail server attaches to every outgoing message. It proves the message wasn't altered in transit. Your provider generates the key; you add the DNS record they give you.
DMARC tells receiving servers what to do when SPF or DKIM fails. Start with monitor mode — it collects data without blocking anything:
v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.comMove to p=quarantine or p=reject only after you've reviewed the reports and confirmed legitimate mail is passing. Our full walkthrough is in the required DNS records guide.
Deep Diagnostics: When the Checklist Doesn't Fix It
You've run through everything above and it's still broken. Time to go deeper.
Split-Brain DNS
Classic symptom: mail works fine on your phone's cellular connection, but fails on your office Wi-Fi or VPN.
Your internal network has its own DNS server (Active Directory, Pi-hole, corporate resolver). When you query mail.yourdomain.com, it looks locally first. If there's no matching internal record, it doesn't forward to public DNS — it just fails. The fix: add a DNS entry on your internal server pointing mail.yourdomain.com to the external IP of your mail provider, not a 192.168.x.x address.
MTU Mismatch
Symptom: short text emails send fine. Attach a PDF and the connection hangs.
If you're on a VPN (WireGuard, IPsec) or a DSL/PPPoE connection, your effective packet size may be smaller than the standard 1500 bytes. The SMTP handshake (small packets) completes, but the data transfer (large packets) gets fragmented and dropped. Test with MTU 1300 on your adapter or router. If attachments start flowing, that's your issue.
Antivirus SSL Inspection
Symptom: your mail client shows a certificate error even though you know the server cert is valid.
Avast, Bitdefender, and others perform "Mail Shield" or "SSL Scanning" — they intercept your encrypted connection, scan the content, and re-present their own certificate. Your mail client rejects it. Temporarily disable SSL scanning in your antivirus settings. If mail flows immediately, you've found the problem. You'll need to add an exception for your mail server's hostname.
App Passwords When 2FA Is Enabled
You enabled two-factor authentication. Outlook stops working and keeps rejecting your correct password.
Legacy IMAP/SMTP can't handle a 2FA pop-up window. They only understand a username and a static password. You need to generate an App Password — a long random credential from your provider's security settings that bypasses the 2FA flow for that specific device. Use it only in the mail client, not for web login.
Set Up Email on My Domain: What to Have Ready Before Contacting Support
If you open a ticket saying "email is down," expect a slow back-and-forth. Bring these four things and you'll get a resolution in one reply:
The exact error code. These all mean different things:
550 User Unknown— the address doesn't exist at that server421 Connection Refused— server busy or blocking your IP535 Authentication Failed— wrong password or App Password needed5.7.1 Relay Access Denied— SMTP auth not enabled, or spam filter block
The connection log. In Outlook or Thunderbird, enable troubleshooting logs. The raw conversation tells you exactly where the handshake breaks:
CLIENT: EHLO mycomputer
SERVER: 250-Hello
CLIENT: AUTH LOGIN
SERVER: 334 VXNlcm5hbWU6If it stops after AUTH LOGIN, it's a password issue. If it stops before EHLO, the port isn't reaching the server.
CLI verification. Run these before you even open a ticket:
# Check MX records
dig mx yourdomain.com +short
# Check SPF record
dig txt yourdomain.com +short
# Test if port 587 is reachable
telnet smtp.trekmail.net 587On the telnet command: if you see a 220 banner, the port is open. If it says "Connecting..." and hangs, the port is blocked at your network or ISP level. That's not a mail server problem — that's a firewall or ISP problem.
For more targeted help, see the can't send emails FAQ and sending errors troubleshooting guide.
Why This Keeps Happening: The Real Problem With Traditional Email Hosting
If you've debugged your way through this checklist more than once, the infrastructure is the problem — not your skill level.
Google Workspace and Microsoft 365 are massive collaboration suites. They're not built for people who just need professional email. They hand you a billing portal, a help article, and a support queue. When something breaks, you're on your own.
The pricing model makes it worse. You pay per seat — $6–$20/month per mailbox. That part-timer who checks mail twice a week? Same price as your busiest executive. One user fills their 30GB quota and starts bouncing mail? You either buy them an add-on or upgrade everyone.
TrekMail is built differently. One flat rate for the whole account. Storage is pooled — if you're on the Pro plan with 50GB, that 50GB belongs to the organization, not individual users. No one's mailbox caps out while everyone else's sits empty. Sending is managed on our end, so IP reputation isn't your problem to maintain. There's no SharePoint, no Teams licensing, no "Viva" modules you'll never open.
For a full side-by-side of what per-user pricing actually costs at scale, see our breakdown of business email costs for small business.
If you're managing multiple domains — clients, brands, or a portfolio — the control differences are even more pronounced. Our piece on client email management covers the full provisioning flow.
The Short Version
When you try to set up email on my domain and login works but mail doesn't, the break is almost always in one of five places: MX records pointing somewhere wrong, port 25 blocked by your ISP, wrong hostname in your mail client, missing SPF/DKIM/DMARC records, or a local network issue intercepting the connection.
Run the checklist above in order. Use dig and telnet to verify each layer before touching the next one. Collect the error code and connection log before contacting support.
If you're done fighting with per-seat pricing and want email infrastructure that's just set up correctly from the start — DNS wizard included — try TrekMail free for 14 days. Card required, no crypto on trials. Five minutes to a working inbox.
