Email Deliverability · · 5 min read

How to Set Up Email for Your Domain Step by Step

Complete guide to setting up domain email from scratch. Covers choosing a provider, MX records, SPF, DKIM, DMARC, and testing with free diagnostic tools.

domain email

How to Set Up Email for Your Domain Step by Step

Setting up email for a custom domain involves selecting an email hosting provider, configuring DNS records, enabling authentication, and testing the entire chain. This guide walks through every step regardless of which provider or registrar you use.

Step 1: Register a Domain

If you do not already own a domain, register one through a registrar like Namecheap, Cloudflare Registrar, Porkbun, or Google Domains (now Squarespace). Choose a domain that matches your brand or business name. Keep it short, easy to spell, and memorable.

Make sure you have full access to the domain's DNS management panel. You will need to create MX, TXT, and CNAME records.

Step 2: Choose an Email Hosting Provider

Your email host determines the interface, storage, features, and SMTP infrastructure behind your domain email. The major options:

Google Workspace (Gmail)

  • Familiar Gmail interface.
  • Starts at $7/user/month (Business Starter).
  • Strong spam filtering and integration with Google Drive, Calendar, Meet.
  • MX servers: ASPMX.L.GOOGLE.COM and alternates.

Microsoft 365 (Outlook)

  • Outlook web and desktop clients.
  • Starts at $6/user/month (Business Basic).
  • Deep integration with OneDrive, Teams, SharePoint.
  • MX server: yourdomain-com.mail.protection.outlook.com.

Zoho Mail

  • Free tier available for up to five users.
  • Clean webmail interface, IMAP/POP support.
  • MX servers: mx.zoho.com, mx2.zoho.com, mx3.zoho.com.

Self-Hosted (Postfix, Mail-in-a-Box, Mailu)

  • Full control, no per-user fees.
  • Requires a VPS, ongoing maintenance, and IP reputation management.

Transactional/Marketing Senders

If you only need to send email (not receive), services like Amazon SES, SendGrid, or Postmark provide SMTP infrastructure without full mailbox hosting.

Step 3: Configure MX Records

MX (Mail Exchange) records tell other mail servers where to deliver messages for your domain. In your DNS panel, create MX records that point to your chosen provider's mail servers.

Example for Google Workspace:

@ MX 1 ASPMX.L.GOOGLE.COM.
@ MX 5 ALT1.ASPMX.L.GOOGLE.COM.
@ MX 5 ALT2.ASPMX.L.GOOGLE.COM.
@ MX 10 ALT3.ASPMX.L.GOOGLE.COM.
@ MX 10 ALT4.ASPMX.L.GOOGLE.COM.

Example for Microsoft 365:

@ MX 0 yourdomain-com.mail.protection.outlook.com.

Remove any pre-existing MX records from a previous provider to prevent split delivery. After saving, verify propagation with the InboxTooling MX Lookup.

Step 4: Configure SPF

SPF (Sender Policy Framework) publishes a list of authorized sending servers for your domain. Create a TXT record at the root of your DNS zone.

Google Workspace:

@ TXT "v=spf1 include:_spf.google.com ~all"

Microsoft 365:

@ TXT "v=spf1 include:spf.protection.outlook.com ~all"

Multiple senders: If you use more than one service to send email (e.g., Google Workspace for user email and SendGrid for marketing), include all of them in a single SPF record:

@ TXT "v=spf1 include:_spf.google.com include:sendgrid.net ~all"

Important: You can only have one SPF record per domain. Multiple SPF TXT records will cause authentication failures. Also, SPF is limited to 10 DNS lookups -- exceeding this limit causes a permerror and SPF fails.

Validate your SPF record with the InboxTooling SPF Check.

Step 5: Enable DKIM

DKIM (DomainKeys Identified Mail) adds a digital signature to outgoing messages. The receiving server checks this signature against a public key published in your DNS.

Each provider has its own process for generating DKIM keys:

  • Google Workspace: Admin console > Apps > Gmail > Authenticate email. Generate a key, add the TXT record, then start authentication.
  • Microsoft 365: Defender portal > Email & collaboration > Policies > DKIM. Enable signing for your domain and publish the provided CNAME records.
  • Zoho Mail: Admin panel > Domains > DKIM. Generate a selector and add the TXT record.

After publishing the DNS record, verify it with the InboxTooling DKIM Verify tool.

Step 6: Publish a DMARC Record

DMARC (Domain-based Message Authentication, Reporting, and Conformance) tells receiving servers how to handle messages that fail SPF and DKIM checks. It also enables reporting so you can monitor authentication results.

Start with a monitoring-only policy:

_dmarc TXT "v=DMARC1; p=none; rua=mailto:[email protected]"

This collects aggregate reports without affecting delivery. Review the reports to identify all legitimate sending sources and confirm they pass authentication. Then tighten the policy:

  • p=quarantine -- failed messages go to spam.
  • p=reject -- failed messages are blocked entirely.

Validate your DMARC record with the InboxTooling DMARC Analyzer.

Step 7: Create Mailboxes and Aliases

In your email provider's admin panel, create user accounts for each person who needs a mailbox. Set up aliases or groups for shared addresses like info@, support@, and billing@.

Step 8: Configure Email Clients

Provide users with connection settings for their preferred email client:

  • IMAP for two-way sync (recommended): server, port (993 with SSL), username, password.
  • SMTP for sending: server, port (587 with STARTTLS or 465 with SSL), authentication credentials.

Most modern providers also support autodiscovery, so clients like Outlook and Thunderbird can configure themselves with just the email address and password.

Step 9: Test Everything

Run a comprehensive diagnostic using the InboxTooling Full Report. This checks MX records, SPF, DKIM, and DMARC in a single pass.

Additionally:

  1. Send a test email from your new domain to an external Gmail, Outlook, and Yahoo address.
  2. Check the headers of the received message to confirm SPF and DKIM pass.
  3. Reply to the test message to verify inbound delivery.
  4. Send an email to a non-existent address to confirm your server handles bounces correctly.

Common Pitfalls

  • Forgetting to remove old MX records: Causes mail to split between old and new providers.
  • Multiple SPF records: Only one TXT record starting with v=spf1 is allowed per domain.
  • Not enabling DKIM signing: Publishing the DNS key is not enough -- you must also enable signing in the provider's admin panel.
  • Skipping DMARC: Without DMARC, your domain is vulnerable to spoofing and you have no visibility into authentication failures.
  • DNS propagation delays: Changes can take up to 48 hours, though most propagate within an hour. Lower your TTL values before making changes.

Setting up domain email correctly from the start prevents deliverability problems, protects your brand from spoofing, and gives you full control over your email infrastructure.

Stay on top of your email infrastructure. Sign up for the InboxTooling newsletter for deliverability tips, tool updates, and best practices.

Related articles

Email Deliverability · 4 min read

Why You Should Use a Domain Email for Business | InboxTooling

Learn why a custom domain email address is critical for credibility, deliverability, and brand trust. Covers SPF, DKIM, DMARC benefits for business email.
Email Deliverability · 5 min read

How to Set Up Gmail with a Custom Domain | InboxTooling

Complete guide to configuring Gmail with your own domain through Google Workspace. Covers MX records, SPF, DKIM, DMARC, and DNS setup.
Email Deliverability · 4 min read

How to Get a Free Email Address with Your Own Domain | InboxTooling

Explore free and low-cost ways to use a custom domain email address. Covers email forwarding, Zoho Mail free tier, Cloudflare Email Routing, and self-hosted options.