Required DNS Records (MX, SPF, DKIM, DMARC)
This guide explains Mandatory DNS records with explanations and examples. so you can complete the TrekMail task with confidence.
Article details
Type, difficulty, plans, and last updated info.
▼
Article details
Type, difficulty, plans, and last updated info.
- Type
- Reference
- Difficulty
- Beginner
- Plans
- Free (MX/SPF) · Paid (DKIM)
- Last updated
- Dec 14, 2025
To activate your domain, TrekMail looks for four key DNS records. You’ll copy the exact values from your dashboard into your DNS provider — and we’ll show you what’s missing if anything doesn’t match.
Who this is for
- System administrators configuring DNS.
- Users troubleshooting delivery issues or "Red" DNS status.
The four pillars of email DNS
| Record | Type | Purpose | How TrekMail validates |
|---|---|---|---|
| MX | Mail Exchange | Tells the world to send your email to TrekMail servers. | Must match mail.trekmail.net exactly. |
| SPF | TXT | Lists allowed senders for your domain (prevents spoofing). | Must contain include:spf.trekmail.net. |
| DKIM | TXT | Adds a cryptographic signature to every email you send. | Must match the unique key in your dashboard exactly. |
| DMARC | TXT | Tells receivers what to do if SPF or DKIM fail. | Must be present and valid (v=DMARC1). |
1. MX Record (Receiving Mail)
Host: @ (or your domain root)
Value: mail.trekmail.net
Priority: 10
This redirects incoming email to our servers.
- Common Mistake: Leaving old MX records (like Google or GoDaddy) alongside the TrekMail one. This splits your mail and causes lost messages. Remove all other MX records.
2. SPF Record (Authorized Senders)
Host: @
Required Include: include:spf.trekmail.net
SPF (Sender Policy Framework) is a whitelist of IPs allowed to send as you.
- If you have no SPF record: Create a TXT record with
v=spf1 include:spf.trekmail.net -all. - If you already have SPF: Edit your existing record to add our include.
- Bad: Two separate TXT records.
- Good:
v=spf1 include:spf.google.com include:spf.trekmail.net -all.
3. DKIM Record (Digital Signature)
Host: dkim._domainkey
Value: (Unique long string starting with v=DKIM1...)
DKIM (DomainKeys Identified Mail) proves the email hasn't been tampered with.
- Provisioning: If the value says "Generating...", click Verify DNS and wait a moment.
- Formatting: Some DNS providers (like Route53) want the value split into quotes; most just want the full string. Paste it exactly as shown.
4. DMARC Record (Policy Enforcement)
Host: _dmarc
Value: v=DMARC1; p=quarantine; rua=mailto:dmarc@trekmail.net
DMARC ties SPF and DKIM together.
- Policies (
p):none: Watch mode. (Good for starting).quarantine: Put failing mail in Spam. (Recommended).reject: Bounce failing mail. (Advanced, strictest).
- TrekMail's Check: We look for any valid
v=DMARC1record. You are free to customize tags likerua(reporting address) as you see fit.
Common mistakes & quick fixes
- Symptom: SPF status is "Conflict".
- Fix: Check for multiple TXT records starting with
v=spf1. You can only have one.
- Fix: Check for multiple TXT records starting with
- Symptom: DNS changes aren't showing up.
- Likely Cause: TTL (Time To Live). If your old records had a TTL of 1 hour, it might take 1 hour for validatiors to see the change. TrekMail tries to bypass cache, but global propagation takes time.
See also
Related articles
Jump to nearby guides that continue the workflow.