Postmark is an email delivery service that ensures emails are delivered quickly and reliably to their intended recipients. Postmark makes use of DNS (Domain Name System) in order to verify the sender’s domain and improve the deliverability of the email. This also helps protect the sender’s reputation and prevent phishing attempts. Here’s a brief overview of how Postmark uses DNS:
1. DomainKey Setup (DKIM): Postmark will provide you with a TXT record for DomainKeys Identified Mail (DKIM). This record is added to your DNS settings and allows Postmark to sign outgoing emails on behalf of your domain.
2. SPF (Sender Policy Framework) setup: SPF is another TXT record added to your DNS settings. This record allows you to specify which mail servers, like Postmark, are authorized to send email on your behalf.
3. Custom Return-Path (pm-bounces): A CNAME record is provided by Postmark for setting up a custom return-path, often in the form of pm-bounces.yourdomain.com. This record is crucial for handling bounces effectively.
4. Inbound Email Setup (MX record): If you’re using Postmark’s Inbound feature, which allows your application to receive email, you’ll add an MX (Mail Exchange) record pointing to inbound.postmarkapp.com. This tells other mail servers where to deliver email sent to your domain.
5. Custom Tracking Domains: If you want to use your own domain for link tracking, you can set up a CNAME record to do so.
6. DMARC (Domain-based Message Authentication, Reporting & Conformance) setup: An optional TXT record, DMARC is used to help prevent spoofing and phishing attempts. It provides instructions to receiving servers on how to handle emails that fail SPF or DKIM checks, and reports back to you about these failures.
Here’s a simplified flow:
1. When an email is sent via Postmark, the email gets signed by Postmark using the DKIM key associated with your domain. The email is also sent from an IP address that’s listed in the SPF record.
2. The recipient’s email server receives the email and checks the DNS records of the sender’s domain.
3. The email server verifies the DKIM signature of the email using the DKIM record in your DNS.
4. The email server checks the IP address the email was sent from against the SPF record in your DNS.
5. If both checks pass, the email is accepted and delivered to the recipient’s inbox. If either check fails, the email server follows the policy outlined in the DMARC record, which could involve rejecting the email or marking it as spam.
6. In case of bounced emails, the return-path set in the DNS records (via the CNAME record for pm-bounces) guides where the bounce information should be returned to.
7. If someone sends an email to your domain, their email server checks your MX record and sends the email to inbound.postmarkapp.com, where it’s processed according to your application’s settings.
The exact flow can vary depending on the setup, but this gives a general idea of how Postmark uses DNS to improve email deliverability.