Benefits of Your Own Domain

If you have ever changed email providers, you know the pain of updating your email address with all the service providers to the new address, a number that is only increasing by every passing day, rinse and repeat if you want to change again. This gets old quickly.

To avoid this change of address any time you want to change providers, you can purchase a domain and get full control. Making things like moving to a new email provider a few record changes and no email change, all references will continue working, just now handled by the new provider.

Having your own domain allows you the flexibility to…

  • Use domain-level services. Test them without destroying content, rules, or mailboxes as it all takes place outside the email solution
  • Move email providers without a change of email address
  • Easily add additional aliases or mailboxes, if your email provider account allows for this.
  • Use domain-level email security, like DKIM or DMARC. More on this later in the article.

Acquiring Domain

You can purchase (register) domains all most anywhere these days and host them even more places, like Cloudflare and other providers. Depending on the provider host with, you will have to learn how they manage the zone for your domain. Some have more complex interfaces than others, I prefer consoles with less, but use what you are comfortable with.

Hosting the domain at another provider usually requires domain verification through a DNS TXT record and an update to the SOA record to point to new provider DNS servers. Your DNS registrar should have instructions on how to host your domain with a third party.

I purchase my domain from Hover and host them with Cloudflare. Whom you purchase and host domains with is completely up to you, there are hundreds of companies to choose from.

Email Routing

Routing email with your domain will require a specific type of DNS record(s), Mail Exchange (MX). These records route inbound email for the domain.

At one time you could use custom domains for free at a lot of email providers, but now it’s usually a premium feature.

Once you add your domain to your email provider, usually through DNS or file verification. File verification would require you having set an A record for the base domain, and set it to a location you control, so you can upload a file with specific content, an S3 bucket for example.

My MX records for Proton Mail are:

cormier.co    mail exchanger = 10 mail.protonmail.ch

Email Security

Properly setting up Sender Policy Framework, Domain Keys, and Domain-based Message Authentication will mitigate email spoofing attacks involving your domain.

Sender Policy Framework (SPF)

Sender Policy Framework is a technology that specifies which IP addresses can send for a given domain. At times you might want a service to send emails for your domain, Mail Chimp or email security solutions like Proofpoint.

v=spf1 include:_spf.protonmail.ch mx ~all

DomainKeys Identified Mail (DKIM)

DomainKeys Identified Mail is used to sign outgoing email, it does this by affixing a digital signature, linked to your domain, to each outgoing email message. The recipient can verify this by looking up the public key through DNS.

v=DKIM1; k=rsa; p=MIGfMA0GCSqGS...

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

Further extends on DKIM and SPF with policies, what to do if SPF and/or DKIM fails and the third check of alignment, DMARC checks the domain in the From field for aligning with other authenticated domains.

Like SPF and DKIM, DMARC uses the concept of a domain owner, the entity or entities that are authorized to make changes to a given domain.

SPF checks that the IP address of the sending server is authorized by the owner of the domain that appears in the SMTP MAIL FROM command. In addition to requiring that the SPF check pass, DMARC additionally checks that the envelope MAIL FROM (“5321.MailFrom”) aligns with From (“5322.From”) header field.

v=DMARC1; p=quarantine; rua=mailto:[email protected]

Verify

MXTools has all the necessary tools to verify if email security has been set up correctly and aid with troubleshooting.

Check SPF
Check DKIM
Check DMARC

Web Content (Optional)

It’s nice to have some type of web content at the root of your domain. For example, cormier.co, the A record points to a WordPress instance. So if someone pastes my domain into a browser, they end up at this blog.

This blog is hosted on a Linux instance, running WordPress, blah, blah, blah. Root DNS A record for my domain is a Cloudflare endpoint that proxies to my Linux instance.

 > cormier.co
   Server:        10.0.70.2
   Address:       10.0.70.2#53 
 Non-authoritative answer:
 Name:    cormier.co
 Address: 104.27.175.48
 >

You can point it anywhere, a public Amazon S3 bucket would work just as well as an WordPress instance.

Happy computing!

Nov 17th, 2019 • Posted in Best Practices, DNS, S3
No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>