Email Domain Setup for Node.js MX Records, SPF, DKIM, and DMARC
Learn how to set up email for your custom domain MX records, SPF, DKIM, and DMARC for sending and receiving emails from your Node.js application.
Email Domain Setup for Node.js
If your Node.js app sends emails (password resets, notifications, welcome emails), you need to configure your domain's email DNS records.
Why Email DNS Records Matter
Without proper email DNS records:
- Emails go to spam folder
- Email providers block your emails
- Users don't receive important notifications
- Your domain can be blacklisted
Key Email DNS Records
| Record | Purpose |
|---|---|
| MX | Mail server that receives email for your domain |
| SPF | Lists authorized servers that can send email |
| DKIM | Digital signature for email authenticity |
| DMARC | Policy for handling failed SPF/DKIM checks |
Step 1: Choose an Email Provider
For sending emails from Node.js:
- Amazon SES Cheap, reliable, AWS integration ($0.10 per 1000 emails)
- SendGrid Free up to 100 emails/day, good API
- Mailgun Free up to 5000 emails/month for 3 months
- Postmark Focused on transactional email, paid
- Resend Modern, developer-friendly, free 3000/month
For receiving email:
- Google Workspace $6/user/month
- Zoho Mail Free for up to 5 users
- Cloudflare Email Routing Free forwarding
Step 2: Configure MX Records (Receiving Email)
MX records tell other mail servers where to send email for your domain.
For Google Workspace:
Type: MX
Name: @
Priority: 1
Value: aspmx.l.google.com
Type: MX
Name: @
Priority: 5
Value: alt1.aspmx.l.google.com
Type: MX
Name: @
Priority: 5
Value: alt2.aspmx.l.google.com
Type: MX
Name: @
Priority: 10
Value: alt3.aspmx.l.google.com
Type: MX
Name: @
Priority: 10
Value: alt4.aspmx.l.google.com
For Cloudflare Email Routing (forwarding only):
Type: MX
Name: @
Priority: 69
Value: route1.mx.cloudflare.net
Type: MX
Name: @
Priority: 12
Value: route2.mx.cloudflare.net
Type: MX
Name: @
Priority: 34
Value: route3.mx.cloudflare.net
Step 3: Configure SPF (Sending Authorization)
SPF lists which servers are allowed to send email from your domain.
For Amazon SES:
Type: TXT
Name: @
Value: v=spf1 include:amazonses.com ~all
For SendGrid:
Type: TXT
Name: @
Value: v=spf1 include:sendgrid.net ~all
For Google Workspace:
Type: TXT
Name: @
Value: v=spf1 include:_spf.google.com ~all
For multiple providers:
Type: TXT
Name: @
Value: v=spf1 include:amazonses.com include:_spf.google.com ~all
Step 4: Configure DKIM (Email Signing)
DKIM adds a digital signature to your emails. The provider gives you a DKIM record to add.
For Amazon SES:
Type: CNAME
Name: abc123._domainkey
Value: abc123.dkim.amazonses.com
For SendGrid:
Type: CNAME
Name: s1._domainkey
Value: s1.domainkey.abc.sendgrid.net
Each provider has specific DKIM records. Check your provider's documentation.
Step 5: Configure DMARC (Email Policy)
DMARC tells receiving servers what to do if SPF or DKIM fails.
Type: TXT
Name: _dmarc
Value: v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1
Policy options (p=):
noneMonitor only (no action, good for testing)quarantineSend to spam folderrejectReject the email completely
Start with p=none to monitor, then increase to quarantine and eventually reject.
Step 6: Verify Email Setup
# Check MX records dig yourdomain.com MX +short # Check SPF dig yourdomain.com TXT +short | grep spf # Check DKIM (replace with your provider's selector) dig abc123._domainkey.yourdomain.com CNAME +short # Check DMARC dig _dmarc.yourdomain.com TXT +short
Also use:
- mail-tester.com Send an email and get a spam score
- Google Admin Toolbox Check MX records
- MXToolbox Check all email DNS records
Step 7: Send Test Email from Node.js
const nodemailer = require("nodemailer"); const ses = require("aws-sdk/clients/ses"); const transporter = nodemailer.createTransport({ SES: new ses({ region: "us-east-1" }) }); await transporter.sendMail({ from: "[email protected]", to: "[email protected]", subject: "Test Email", text: "This is a test email from DevTinder" });
The Takeaway
Email domain setup involves: MX records (receiving email), SPF (authorized sending servers), DKIM (email signing), and DMARC (policy for failures). Start with p=none in DMARC to monitor, then increase to quarantine and reject. Use mail-tester.com to verify your setup. Without these records, your Node.js app's emails will go to spam.
MX records (mail server for receiving), SPF (TXT record listing authorized sending servers), DKIM (CNAME or TXT for email signing), and DMARC (TXT record with policy for failed authentication). All four are needed for reliable email delivery.
SPF (Sender Policy Framework) is a TXT record that lists which servers are allowed to send email from your domain. Without SPF, email providers may send your emails to spam or block them entirely. Example: v=spf1 include:amazonses.com ~all
DKIM (DomainKeys Identified Mail) adds a digital signature to your emails using a public-private key pair. The public key is in your DNS, and the private key signs each email. This proves the email is genuinely from your domain and wasn't tampered with.
DMARC (Domain-based Message Authentication) tells receiving servers what to do if SPF or DKIM fails. Start with p=none (monitor only), then increase to p=quarantine (send to spam), and eventually p=reject (block completely) once you're confident in your setup.
Use dig to check MX, SPF, DKIM, and DMARC records. Send a test email to mail-tester.com for a spam score. Use Google Admin Toolbox or MXToolbox to check all records. Your score should be 9-10 out of 10 for reliable email delivery.
Ready to master Node.js completely?
Want to upskill yourself, crack your next interview, and get your dream job? Join our comprehensive course to dive deeper with high-quality video tutorials, solve interview questions, and a premium community.
Master Node.js
Want to upskill yourself, crack your next interview, and get your dream job? Join our comprehensive course.

