DNS Configuration Guide¶
Complete guide to configuring DNS records for email authentication across different providers.
Overview¶
This guide covers DNS configuration for SPF, DKIM, and DMARC records across popular DNS providers:
DNS Basics for Email Authentication¶
Record Types¶
All email authentication uses TXT records:
| Protocol | Record Name | Record Type |
|---|---|---|
| SPF | example.com |
TXT |
| DKIM | selector._domainkey.example.com |
TXT |
| DMARC | _dmarc.example.com |
TXT |
Important DNS Concepts¶
TTL (Time To Live)¶
TTL determines how long DNS records are cached.
Recommended TTL values:
- Testing: 300 (5 minutes) - Fast propagation
- Production: 3600 (1 hour) - Standard
- Stable: 86400 (24 hours) - Maximum caching
Strategy: 1. Lower TTL to 300 before making changes 2. Wait for old TTL to expire 3. Make DNS changes 4. Test thoroughly 5. Raise TTL back to 3600+
DNS Propagation¶
DNS changes take time to propagate: - Minimum: 5-15 minutes - Typical: 1-4 hours - Maximum: 24-48 hours
Check propagation:
# Check from your location
dig example.com TXT +short
# Check from multiple locations
# Use: https://www.whatsmydns.net/
Route53 (AWS)¶
Prerequisites¶
- AWS account with Route53 access
- Domain hosted in Route53 (hosted zone exists)
Adding SPF Record¶
Via AWS Console¶
- Open Route53 console
- Select Hosted zones
- Click your domain
- Click Create record
- Configure:
- Record name: Leave blank (for root domain)
- Record type: TXT
- Value:
"v=spf1 include:_spf.google.com -all" - TTL:
3600 - Click Create records
Via AWS CLI¶
aws route53 change-resource-record-sets \
--hosted-zone-id Z1234567890ABC \
--change-batch '{
"Changes": [{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "example.com",
"Type": "TXT",
"TTL": 3600,
"ResourceRecords": [{
"Value": "\"v=spf1 include:_spf.google.com -all\""
}]
}
}]
}'
Via Terraform¶
resource "aws_route53_record" "spf" {
zone_id = aws_route53_zone.main.zone_id
name = "example.com"
type = "TXT"
ttl = 3600
records = [
"v=spf1 include:_spf.google.com -all"
]
}
Adding DKIM Record¶
Via AWS Console¶
- Route53 → Hosted zones → Select domain
- Create record
- Configure:
- Record name:
google._domainkey - Record type: TXT
- Value:
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA..." - TTL:
3600 - Create records
Note: For long DKIM keys, AWS automatically handles splitting.
Via AWS CLI¶
aws route53 change-resource-record-sets \
--hosted-zone-id Z1234567890ABC \
--change-batch '{
"Changes": [{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "google._domainkey.example.com",
"Type": "TXT",
"TTL": 3600,
"ResourceRecords": [{
"Value": "\"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB...\""
}]
}
}]
}'
Via Terraform¶
resource "aws_route53_record" "dkim_google" {
zone_id = aws_route53_zone.main.zone_id
name = "google._domainkey.example.com"
type = "TXT"
ttl = 3600
records = [
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA..."
]
}
Adding DMARC Record¶
Via AWS Console¶
- Route53 → Hosted zones → Select domain
- Create record
- Configure:
- Record name:
_dmarc - Record type: TXT
- Value:
"v=DMARC1; p=none; rua=mailto:dmarc@example.com" - TTL:
3600 - Create records
Via AWS CLI¶
aws route53 change-resource-record-sets \
--hosted-zone-id Z1234567890ABC \
--change-batch '{
"Changes": [{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "_dmarc.example.com",
"Type": "TXT",
"TTL": 3600,
"ResourceRecords": [{
"Value": "\"v=DMARC1; p=none; rua=mailto:dmarc@example.com\""
}]
}
}]
}'
Via Terraform¶
resource "aws_route53_record" "dmarc" {
zone_id = aws_route53_zone.main.zone_id
name = "_dmarc.example.com"
type = "TXT"
ttl = 3600
records = [
"v=DMARC1; p=none; rua=mailto:dmarc@example.com"
]
}
Complete Terraform Example¶
# Route53 Zone
resource "aws_route53_zone" "main" {
name = "example.com"
}
# SPF Record
resource "aws_route53_record" "spf" {
zone_id = aws_route53_zone.main.zone_id
name = "example.com"
type = "TXT"
ttl = 3600
records = [
"v=spf1 include:_spf.google.com -all"
]
}
# DKIM Record
resource "aws_route53_record" "dkim_google" {
zone_id = aws_route53_zone.main.zone_id
name = "google._domainkey.example.com"
type = "TXT"
ttl = 3600
records = [
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA..."
]
}
# DMARC Record
resource "aws_route53_record" "dmarc" {
zone_id = aws_route53_zone.main.zone_id
name = "_dmarc.example.com"
type = "TXT"
ttl = 3600
records = [
"v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; pct=100"
]
}
Cloudflare¶
Prerequisites¶
- Cloudflare account
- Domain added to Cloudflare
- Nameservers pointed to Cloudflare
Adding SPF Record¶
Via Cloudflare Dashboard¶
- Log in to Cloudflare dashboard
- Select your domain
- Go to DNS → Records
- Click Add record
- Configure:
- Type: TXT
- Name:
@(for root domain) - Content:
v=spf1 include:_spf.google.com -all - TTL: Auto
- Proxy status: DNS only (gray cloud)
- Click Save
Important: Set proxy status to DNS only for email records.
Via Cloudflare API¶
curl -X POST "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{
"type": "TXT",
"name": "example.com",
"content": "v=spf1 include:_spf.google.com -all",
"ttl": 3600,
"proxied": false
}'
Via Terraform¶
resource "cloudflare_record" "spf" {
zone_id = var.cloudflare_zone_id
name = "@"
type = "TXT"
value = "v=spf1 include:_spf.google.com -all"
ttl = 3600
proxied = false
}
Adding DKIM Record¶
Via Cloudflare Dashboard¶
- DNS → Records → Add record
- Configure:
- Type: TXT
- Name:
google._domainkey - Content:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA... - TTL: Auto
- Proxy status: DNS only
- Save
Note: Cloudflare may display long TXT records in chunks - this is normal.
Via Cloudflare API¶
curl -X POST "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{
"type": "TXT",
"name": "google._domainkey",
"content": "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...",
"ttl": 3600,
"proxied": false
}'
Via Terraform¶
resource "cloudflare_record" "dkim_google" {
zone_id = var.cloudflare_zone_id
name = "google._domainkey"
type = "TXT"
value = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA..."
ttl = 3600
proxied = false
}
Adding DMARC Record¶
Via Cloudflare Dashboard¶
- DNS → Records → Add record
- Configure:
- Type: TXT
- Name:
_dmarc - Content:
v=DMARC1; p=none; rua=mailto:dmarc@example.com - TTL: Auto
- Proxy status: DNS only
- Save
Via Cloudflare API¶
curl -X POST "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{
"type": "TXT",
"name": "_dmarc",
"content": "v=DMARC1; p=none; rua=mailto:dmarc@example.com",
"ttl": 3600,
"proxied": false
}'
Via Terraform¶
resource "cloudflare_record" "dmarc" {
zone_id = var.cloudflare_zone_id
name = "_dmarc"
type = "TXT"
value = "v=DMARC1; p=none; rua=mailto:dmarc@example.com"
ttl = 3600
proxied = false
}
Complete Terraform Example¶
# Cloudflare Provider
terraform {
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 4.0"
}
}
}
provider "cloudflare" {
api_token = var.cloudflare_api_token
}
variable "cloudflare_zone_id" {
description = "Cloudflare Zone ID"
type = string
}
# SPF Record
resource "cloudflare_record" "spf" {
zone_id = var.cloudflare_zone_id
name = "@"
type = "TXT"
value = "v=spf1 include:_spf.google.com -all"
ttl = 3600
proxied = false
}
# DKIM Record
resource "cloudflare_record" "dkim_google" {
zone_id = var.cloudflare_zone_id
name = "google._domainkey"
type = "TXT"
value = "v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY_HERE"
ttl = 3600
proxied = false
}
# DMARC Record
resource "cloudflare_record" "dmarc" {
zone_id = var.cloudflare_zone_id
name = "_dmarc"
type = "TXT"
value = "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; pct=100"
ttl = 3600
proxied = false
}
Google Cloud DNS¶
Prerequisites¶
- Google Cloud project with Cloud DNS API enabled
- Domain zone created in Cloud DNS
Adding SPF Record¶
Via Google Cloud Console¶
- Open Cloud Console → Network Services → Cloud DNS
- Select your DNS zone
- Click Add record set
- Configure:
- DNS Name: Leave blank (root domain)
- Resource Record Type: TXT
- TTL: 1 hour
- TXT data:
"v=spf1 include:_spf.google.com -all" - Click Create
Via gcloud CLI¶
gcloud dns record-sets create example.com. \
--zone=my-zone \
--type=TXT \
--ttl=3600 \
--rrdatas="v=spf1 include:_spf.google.com -all"
Via Terraform¶
resource "google_dns_record_set" "spf" {
name = "example.com."
type = "TXT"
ttl = 3600
managed_zone = google_dns_managed_zone.main.name
rrdatas = ["\"v=spf1 include:_spf.google.com -all\""]
}
Adding DKIM Record¶
Via Google Cloud Console¶
- Cloud DNS → Select zone → Add record set
- Configure:
- DNS Name:
google._domainkey - Resource Record Type: TXT
- TTL: 1 hour
- TXT data:
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA..." - Create
Via gcloud CLI¶
gcloud dns record-sets create google._domainkey.example.com. \
--zone=my-zone \
--type=TXT \
--ttl=3600 \
--rrdatas="v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA..."
Via Terraform¶
resource "google_dns_record_set" "dkim" {
name = "google._domainkey.example.com."
type = "TXT"
ttl = 3600
managed_zone = google_dns_managed_zone.main.name
rrdatas = ["\"v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY_HERE\""]
}
Adding DMARC Record¶
Via Google Cloud Console¶
- Cloud DNS → Select zone → Add record set
- Configure:
- DNS Name:
_dmarc - Resource Record Type: TXT
- TTL: 1 hour
- TXT data:
"v=DMARC1; p=none; rua=mailto:dmarc@example.com" - Create
Via gcloud CLI¶
gcloud dns record-sets create _dmarc.example.com. \
--zone=my-zone \
--type=TXT \
--ttl=3600 \
--rrdatas="v=DMARC1; p=none; rua=mailto:dmarc@example.com"
Via Terraform¶
resource "google_dns_record_set" "dmarc" {
name = "_dmarc.example.com."
type = "TXT"
ttl = 3600
managed_zone = google_dns_managed_zone.main.name
rrdatas = ["\"v=DMARC1; p=none; rua=mailto:dmarc@example.com\""]
}
Complete Terraform Example¶
# Google Cloud DNS Zone
resource "google_dns_managed_zone" "main" {
name = "example-zone"
dns_name = "example.com."
description = "DNS zone for example.com"
}
# SPF Record
resource "google_dns_record_set" "spf" {
name = "example.com."
type = "TXT"
ttl = 3600
managed_zone = google_dns_managed_zone.main.name
rrdatas = ["\"v=spf1 include:_spf.google.com -all\""]
}
# DKIM Record
resource "google_dns_record_set" "dkim" {
name = "google._domainkey.example.com."
type = "TXT"
ttl = 3600
managed_zone = google_dns_managed_zone.main.name
rrdatas = ["\"v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY_HERE\""]
}
# DMARC Record
resource "google_dns_record_set" "dmarc" {
name = "_dmarc.example.com."
type = "TXT"
ttl = 3600
managed_zone = google_dns_managed_zone.main.name
rrdatas = ["\"v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; pct=100\""]
}
GoDaddy¶
Prerequisites¶
- GoDaddy account
- Domain registered or transferred to GoDaddy
Adding SPF Record¶
- Log in to GoDaddy
- Go to My Products → DNS
- Click Add under Records
- Configure:
- Type: TXT
- Name:
@ - Value:
v=spf1 include:_spf.google.com -all - TTL: 1 Hour
- Click Save
Adding DKIM Record¶
- DNS → Add
- Configure:
- Type: TXT
- Name:
google._domainkey - Value:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA... - TTL: 1 Hour
- Save
Note: GoDaddy may truncate display of long values - this is OK.
Adding DMARC Record¶
- DNS → Add
- Configure:
- Type: TXT
- Name:
_dmarc - Value:
v=DMARC1; p=none; rua=mailto:dmarc@example.com - TTL: 1 Hour
- Save
GoDaddy Notes¶
- Propagation: Usually 10-60 minutes
- Character limit: 255 characters per string (long DKIM keys may need splitting)
- API: GoDaddy has a DNS API for automation
Namecheap¶
Prerequisites¶
- Namecheap account
- Domain registered with Namecheap
- Using Namecheap nameservers
Adding SPF Record¶
- Log in to Namecheap
- Domain List → Click Manage next to your domain
- Go to Advanced DNS tab
- Click Add New Record
- Configure:
- Type: TXT Record
- Host:
@ - Value:
v=spf1 include:_spf.google.com -all - TTL: Automatic
- Click Save
Adding DKIM Record¶
- Advanced DNS → Add New Record
- Configure:
- Type: TXT Record
- Host:
google._domainkey - Value:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA... - TTL: Automatic
- Save
Adding DMARC Record¶
- Advanced DNS → Add New Record
- Configure:
- Type: TXT Record
- Host:
_dmarc - Value:
v=DMARC1; p=none; rua=mailto:dmarc@example.com - TTL: Automatic
- Save
Namecheap Notes¶
- Propagation: Usually 30 minutes
- Character limit: Long DKIM keys are automatically handled
- Free DNS: Included with domain registration
Generic DNS Provider¶
General Instructions¶
These instructions work for most DNS providers:
Adding SPF Record¶
- Log in to your DNS provider
- Find DNS management (often called "DNS Settings", "Zone File", or "DNS Records")
- Add new TXT record:
- Name/Host:
@or leave blank (root domain) - Type: TXT
- Value:
v=spf1 include:_spf.google.com -all - TTL: 3600 (or 1 hour)
Adding DKIM Record¶
- DNS management → Add new record
- Configure TXT record:
- Name/Host:
google._domainkey - Type: TXT
- Value:
v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY - TTL: 3600
Important: Some providers require fully qualified name: google._domainkey.example.com
Adding DMARC Record¶
- DNS management → Add new record
- Configure TXT record:
- Name/Host:
_dmarc - Type: TXT
- Value:
v=DMARC1; p=none; rua=mailto:dmarc@example.com - TTL: 3600
Common DNS Provider Issues¶
Issue 1: Long TXT Records¶
Problem: DKIM keys exceed 255 characters
Solution: Most providers automatically split long records. If not:
# Split into multiple strings
google._domainkey.example.com. IN TXT (
"v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA..."
"...continuation of key..."
)
Issue 2: Quotes Required¶
Problem: Provider requires quotes around TXT value
Solutions:
# With quotes (most common)
"v=spf1 include:_spf.google.com -all"
# Without quotes (some providers)
v=spf1 include:_spf.google.com -all
Issue 3: Multiple SPF Records¶
Problem: Existing SPF record conflicts
Solution: Combine into ONE record:
# Wrong - Multiple records
example.com. IN TXT "v=spf1 include:_spf.google.com -all"
example.com. IN TXT "v=spf1 include:mailgun.org -all"
# Correct - Single record
example.com. IN TXT "v=spf1 include:_spf.google.com include:mailgun.org -all"
Issue 4: Subdomain vs Root Domain¶
Problem: Confusion about record placement
Clarification:
# Root domain SPF
example.com. IN TXT "v=spf1 ..."
# DKIM always uses subdomain
selector._domainkey.example.com. IN TXT "v=DKIM1 ..."
# DMARC always uses subdomain
_dmarc.example.com. IN TXT "v=DMARC1 ..."
DNS Configuration Checklist¶
Before Making Changes¶
- [ ] Backup existing DNS records
- [ ] Lower TTL to 300 (5 minutes) for faster testing
- [ ] Note current nameservers
- [ ] Have rollback plan ready
Adding Records¶
- [ ] Add SPF record to root domain
- [ ] Add DKIM record(s) with correct selector(s)
- [ ] Add DMARC record with monitoring (p=none)
- [ ] Verify no duplicate records exist
After Making Changes¶
- [ ] Wait for DNS propagation (use low TTL)
- [ ] Test with multiple tools
- [ ] Send test emails
- [ ] Monitor for issues
- [ ] Raise TTL back to 3600+ once stable
Verification Commands¶
Check SPF Record¶
# Using dig
dig example.com TXT +short | grep spf
# Using nslookup
nslookup -type=TXT example.com
# Using host
host -t TXT example.com
Check DKIM Record¶
# Replace 'google' with your selector
dig google._domainkey.example.com TXT +short
# Check multiple selectors
dig default._domainkey.example.com TXT +short
dig mail._domainkey.example.com TXT +short
Check DMARC Record¶
Check All Records at Once¶
# Bash script to check all records
domain="example.com"
selectors=("default" "google" "mail")
echo "=== SPF ==="
dig $domain TXT +short | grep spf
echo -e "\n=== DKIM ==="
for selector in "${selectors[@]}"; do
echo "Checking $selector:"
dig ${selector}._domainkey.$domain TXT +short
done
echo -e "\n=== DMARC ==="
dig _dmarc.$domain TXT +short
Validation with ReputeAPI¶
Quick Validation¶
Validate with Specific Selectors¶
curl "https://api.reputeapi.com/api/v1/check?domain=example.com&selectors=default,google,mail" \
-H "X-API-Key: your-api-key"
Force Fresh Check (Bypass Cache)¶
curl "https://api.reputeapi.com/api/v1/check?domain=example.com&refresh=true" \
-H "X-API-Key: your-api-key"
Python Validation Script¶
import requests
import time
def validate_dns_configuration(domain, selectors=None):
"""Validate email authentication DNS configuration"""
params = {"domain": domain, "refresh": True}
if selectors:
params["selectors"] = ",".join(selectors)
response = requests.get(
"https://api.reputeapi.com/api/v1/check",
params=params,
headers={"X-API-Key": "your-api-key"}
)
result = response.json()
print(f"Domain: {result['domain']}")
print(f"Score: {result['score']}/100\n")
# Check SPF
if result['spf']['present']:
print(f"✅ SPF: {result['spf']['record']}")
else:
print("❌ SPF: Not found")
# Check DKIM
if result['dkim']['discovered_selectors']:
print(f"✅ DKIM Selectors: {result['dkim']['discovered_selectors']}")
for key in result['dkim']['validated_keys']:
print(f" - {key['selector']}: {key['key_size']}-bit")
else:
print("❌ DKIM: No keys found")
# Check DMARC
if result['dmarc']['present']:
print(f"✅ DMARC: {result['dmarc']['record']}")
print(f" Policy: {result['dmarc']['policy']}")
else:
print("❌ DMARC: Not found")
# Show issues
if result['issues']:
print("\n⚠️ Issues Found:")
for issue in result['issues']:
print(f" [{issue['severity']}] {issue['message']}")
return result
# Usage
validate_dns_configuration("example.com", ["default", "google"])
Testing Email Delivery¶
Send Test Email¶
After configuring DNS, send a test email:
To Gmail¶
Check authentication in Gmail: 1. Open email 2. Click "..." → Show original 3. Look for:
To Mail Tester¶
# Send to check-auth@verifier.port25.com
echo "Test" | mail -s "Test" check-auth@verifier.port25.com
# Or use Mail Tester web service
# Send email to: {unique-id}@mail-tester.com
# Check score at: https://www.mail-tester.com/{unique-id}
Troubleshooting DNS Issues¶
Problem: DNS Not Propagating¶
Check:
# Check from multiple DNS servers
dig @8.8.8.8 example.com TXT +short
dig @1.1.1.1 example.com TXT +short
dig @208.67.222.222 example.com TXT +short
Solutions:
- Wait longer (up to 48 hours)
- Lower TTL and try again
- Flush local DNS cache: ipconfig /flushdns (Windows) or sudo dscacheutil -flushcache (Mac)
Problem: Record Not Found¶
Check:
Solutions: - Verify domain uses correct nameservers - Check record name exactly matches expected format - Some providers need fully qualified names (with trailing dot)
Problem: Validation Fails Despite Correct DNS¶
Check:
# Direct DNS query
dig _dmarc.example.com TXT +short
# Test from ReputeAPI
curl "https://api.reputeapi.com/api/v1/check?domain=example.com&refresh=true" \
-H "X-API-Key: your-api-key"
Solutions:
- Use refresh=true to bypass cache
- Wait for DNS propagation
- Check for typos in record values
Best Practices¶
1. Use Version Control for DNS¶
Track DNS changes in git:
# terraform/dns.tf
resource "cloudflare_record" "spf" {
zone_id = var.zone_id
name = "@"
type = "TXT"
value = "v=spf1 include:_spf.google.com -all"
ttl = 3600
}
2. Document Your Configuration¶
Keep a DNS record inventory:
# DNS Configuration
## SPF
- Record: example.com TXT
- Value: v=spf1 include:_spf.google.com -all
- Updated: 2025-01-15
- Purpose: Authorize Google Workspace
## DKIM
- Selector: google
- Record: google._domainkey.example.com TXT
- Key Size: 2048-bit RSA
- Updated: 2025-01-15
3. Set Appropriate TTLs¶
Testing: 300 (5 minutes)
Staging: 1800 (30 minutes)
Production: 3600 (1 hour)
Stable: 86400 (24 hours)
4. Monitor DNS Health¶
# Automated monitoring script
import requests
import time
def monitor_dns(domain):
"""Monitor DNS configuration and alert on changes"""
while True:
response = requests.get(
f"https://api.reputeapi.com/api/v1/check",
params={"domain": domain, "refresh": True},
headers={"X-API-Key": "your-api-key"}
)
result = response.json()
if result['score'] < 80:
send_alert(f"DNS score dropped to {result['score']}")
if result['issues']:
for issue in result['issues']:
if issue['severity'] in ['critical', 'high']:
send_alert(f"Critical DNS issue: {issue['message']}")
time.sleep(3600) # Check hourly
5. Test Before Production¶
# 1. Configure in staging subdomain
staging.example.com
# 2. Test thoroughly
curl "https://api.reputeapi.com/api/v1/check?domain=staging.example.com" \
-H "X-API-Key: your-api-key"
# 3. Send test emails
# 4. Monitor for 24-48 hours
# 5. Apply to production
example.com
Related Concepts¶
- SPF Explained - Understanding SPF records
- DKIM Explained - Understanding DKIM keys
- DMARC Explained - Understanding DMARC policies
- Email Authentication - Complete framework
API Resources¶
- GET /api/v1/check - Validate DNS configuration
- POST /api/v1/recommendations - Get DNS fix recommendations
- Mailflow Security Score - How DNS affects your score