Good email deliverability ensures your messages reach inboxes instead of spam folders. By setting up proper authentication records and following secure sending practices, you can greatly improve the reputation and reliability of your domain’s mail.
Why Email Deliverability Matters:
• Internet service providers use authentication checks to verify your domain is legitimate.
• Missing or incorrect DNS records can cause outgoing mail to be marked as suspicious.
• Strong authentication builds trust and reduces the risk of spoofing or phishing attacks using your domain.
Key DNS Records for Email Authentication:
• SPF (Sender Policy Framework): Lists which servers are allowed to send mail for your domain.
• Example: v=spf1 a mx include:_spf.yourmailhost.com ~all
• DKIM (DomainKeys Identified Mail): Adds a cryptographic signature to each message, confirming it was sent by your domain.
• Virtualmin automatically handles DKIM signing when enabled under Email Settings → DomainKeys Identified Mail.
• DMARC (Domain-based Message Authentication, Reporting & Conformance): Defines what mail servers should do if SPF or DKIM validation fails.
• Example: v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com
Adding These Records in Virtualmin:
1. Log in to your Virtualmin dashboard.
2. Select your domain from the drop-down menu.
3. Go to Server Configuration → DNS Records.
4. Click Add a record to this domain.
5. Choose TXT Record for SPF or DMARC entries, and paste the appropriate value.
6. Click Create to save each record.
7. Wait for DNS propagation (usually within 1–2 hours).
Enabling DKIM Signing:
1. In the left menu, go to Email Settings → DomainKeys Identified Mail.
2. Check Enable DKIM signing for this domain.
3. Save the settings — Virtualmin will automatically generate the key and publish the required TXT record.
4. Verify the DNS record exists under Server Configuration → DNS Records before sending mail.
Other Tips for Better Deliverability:
• Always send mail using valid From addresses that exist on your domain.
• Avoid sending bulk or marketing emails from your primary domain without using a trusted mail service.
• Keep your domain off public blacklists by monitoring it with tools like MXToolbox Blacklist Check.
• Use proper reverse DNS (PTR) records — your IP should resolve back to your mail hostname.
• Regularly check your mail logs in Virtualmin (Read User Mail → Mail Log) for rejected or deferred messages.
Next Steps:
• Test your domain’s DNS and mail setup using mail-tester.com.
• Continue to “Security & Best Practices” to learn how to further harden your hosting environment.
• Contact support if mail authentication tests fail even after records are added.
