For proper configuration of a public-facing mail server, it is necessary to configure public DNS records so that other mail servers can discover and distribute emails to your users, and so that other mail servers will trust you to receive your mail. There are also DNS records designed to protect you from spam and to help other servers to identify that your server is not a spam host.
DNS Hosting Provider
Virtually all DNS Hosting Providers facilitate a web browser-based control interface used to modify your DNS records and should provide the technical support needed. Some common DNS Hosting providers are GoDaddy, Network Solutions, DigitalOcean, and DynDNS. Some ISP might also offer DNS hosting on your behalf, but make sure they offer a web-based interface DNS records control. All of their interfaces are different, but they accomplish the same basic thing; they allow you to publish your hostnames and important DNS records to the Internet.
Hosting Your Own DNS
From within your DNS web hosting portal, it might be possible to configure it to not host your DNS, but instead to point your NS records someplace else.
You could point your NS records to another DNS hosting provider or to your own DNS server at your static IP address. If you are pointing it to your own DNS servers under your direct control, you must have advanced knowledge of the DNS servers you are managing or must have access to the documentation needed to create the DNS records yourself.
Static or Dynamic IP Address
It's recommended to have at least one static IP address, as the dynamic DNS hosting such as DynDNS has some drawbacks and limitations.
A record maps a name to an address. You will first need an A record for your mail server. Your static IP address from your ISP was the first step. For example, you might log into the web portal for the domain and create an A record for mail for 192.0.2.21. This would create a
mail.example.com published on the Internet. However, mail servers still wouldn't know that this is where to send mail. That's what MX records are for.
Your MX record tells other mail servers the name of the server on the Internet to send mail to for your domain. It is a free text field because it can have any name, including a name of a server from a mail hosting provider or a mail spam filter. If you have the Kerio Connect server with an A record
mail.example.com you will need to create an MX record that just says
mail.example.com as its value. For additional information, refer to Configuring an MX Record.
The PTR record is a reverse lookup which maps the IP address to the name.
Some mail servers will not trust mail coming from your server unless they can do a reverse DNS lookup. Strict mail servers do a forward lookup on the name your mail server introduces itself as such as
mail.example.com, verify it is the IP address that is read off the connection, and do a PTR lookup on that IP address to see if it resolves to the same name.
The PTR record creation requires more advanced knowledge of DNS. It's recommended to contact your DNS hosting provider to create a PTR record on your behalf. They will ask the name you want, and what IP address you want to assign to that name. Knowing the A record for
mail.example.com you must create a reverse PTR record.
Some hosting services are providing PTR records automatically if the server has a valid Domain name. Refer to the DigitalOcean PTR record discussion.
The successful PTR record creation can be checked in the MXtoolbox.
SPF gives other mail servers a way to verify that mail claiming to be from your domain is from one of your IP addresses. They do this by checking a special TXT record you put in your DNS records. It is an interesting way to prevent mail spoofing.
For additional information, refer to Creating an SPF.
Caller-ID was an earlier way to do what SPF does today. Caller-ID gives other mail servers a way to verify that mail claiming to be from your domain is from one of your IP addresses. They do this by checking a special TXT record specified in your DNS records. Caller-ID is not nearly as popular as SPF but does protect slightly differently than SPF. Because of this, not everyone believes Caller-ID is irrelevant. For additional information, refer to Email Spam Protection using Blacklists and Caller ID.