Add mailbox DNS records_Public Zone-Alibaba Cloud DNS(DNS)-阿里云帮助中心

To send and receive emails with a custom domain name, such as user1@example.com, you must configure the DNS settings for your enterprise mailbox.

Scenarios

Set up an enterprise mailbox service for a new domain name.
Migrate from one email service provider to another.
Optimize the security and deliverability of an existing email configuration.

Prerequisites

The Public Zone service of Alibaba Cloud DNS must be the authoritative DNS server for your domain name.
- If you purchased your domain name from Alibaba Cloud, it uses Public Zone by default. If you have not purchased a domain name, you can purchase one from Alibaba Cloud Domains.
- If you purchased your domain name from a third-party provider, you must manually add it to Public Zone and change its DNS server addresses. For more information, see Smoothly migrate DNS resolution to Alibaba Cloud DNS.
You have purchased an enterprise mailbox and bound it to a domain name, such as example.com, in the mailbox management console. To purchase Alibaba Mail, see Purchase Alibaba Mail. After you bind the mailbox to the domain name, the status indicates that the domain name is bound, but the DNS resolution for the mailbox has not yet taken effect.

On the Mailbox Management page, you can view configuration details such as the administrator account (for example, postmaster@example.com), mailbox access URL (https://qiye.aliyun.com), number of purchased users, enterprise web storage capacity, and product name on the Basic Information tab.

Mailbox DNS record types

Host	Type	Example	Description	Requirement
@	MX	mx1.qiye.aliyun.com	Specifies the mail server that receives emails for the domain name. A domain name can have multiple MX records. A smaller priority number indicates a higher priority.	Basic, Required
imap/pop3/smtp	CNAME	imap.qiye.aliyun.com	Used for email client configuration.	Basic, Optional
mail	CNAME	qiye.aliyun.com	Allows users to access the webmail login page at a URL such as `mail.yourdomain.com`.	Basic, Optional
@	TXT	v=spf1 include:spf.qiye.aliyun.com -all	SPF record: Authenticates email senders by their IP address to prevent spam. A receiving server checks the domain's SPF record to verify the sender's IP. If the IP is listed, the email is considered authentic; otherwise, it is considered a forgery and is rejected.	Basic, Required
default._domainkey	TXT	k=rsa; p=MIGfMA0GCSq...	DKIM: An email digital signature used to verify message authenticity. For more information, see What is DKIM and how to add a DKIM record?	Advanced, Optional, Recommended
_dmarc	TXT	v=DMARC1; p=quarantine; rua=...	DMARC: An email authentication policy that tells receiving servers how to handle emails that fail SPF or DKIM checks. For more information, see What is DMARC and how to set up DMARC?	Advanced, Optional, Recommended

Configuration methods

If you use Alibaba Mail, DingTalk Mail, NetEase Mail, Tencent Exmail, or Sina Free Enterprise Mail, follow Method 1: Use the Quick Add feature. For other email providers, follow Method 2: Manually add all DNS records.

Method 1: Use Quick Add

The Public Zone service simplifies email configuration by providing built-in DNS records for common email providers. However, this feature typically does not include DKIM or DMARC records. After using the Quick Add feature, we recommend that you follow Method 2: Manually add all DNS records to complete your email security configuration.

Go to the Alibaba Cloud DNS - Public Zone console, find the domain name you want to manage and click it.
On the Settings tab, click Quick Add.
In the dialog box that appears, click Add DNS Records for Mailbox, select your email provider, and then submit. For example, if you add records for Alibaba Mail, the system adds the following records for your domain name:

host @, record type TXT, record value v=spf1 include:spf.qiye.aliyun.com -all; host mail, record type CNAME, record value qiye.aliyun.com; host smtp, record type CNAME, record value smtp.qiye.aliyun.com; host pop3, record type CNAME, record value pop.qiye.aliyun.com; host imap, record type CNAME, record value imap.qiye.aliyun.com; host @, record type MX, record value mx1.qiye.aliyun.com (priority 5); host @, record type MX, record value mx2.qiye.aliyun.com (priority 10); host @, record type MX, record value mx3.qiye.aliyun.com (priority 15). The resolution line for all records is Default, and the TTL is 10 minutes.

Method 2: Manually add DNS records

This method provides full control over the configuration. It is suitable for all email providers and allows for more complex setups, such as merging SPF records from multiple sending sources and adding DKIM records.

Contact your email provider to obtain the list of DNS records that you need to configure. The following table lists the records required for Alibaba Mail.

Host	Type	Priority	Value	Description
@	MX	5	mx1.qiye.aliyun.com	Specifies the server that receives emails for the domain name.
@	MX	10	mx2.qiye.aliyun.com
@	MX	15	mx3.qiye.aliyun.com
imap	CNAME		imap.qiye.aliyun.com	Specifies server addresses for email clients.
pop3	CNAME		pop.qiye.aliyun.com
smtp	CNAME		smtp.qiye.aliyun.com
mail	CNAME		qiye.aliyun.com	You can access the email web client at `mail.example.com`.
@	TXT		v=spf1 include:spf.qiye.aliyun.com -all	Authenticates sending servers to prevent spam.
default._domainkey	TXT		Obtain this value from your email provider.	DKIM: An email digital signature. For more information, see What is DKIM and how to add a DKIM record?
_dmarc	TXT		Obtain this value from your email provider.	DMARC: An email policy control mechanism. For more information, see What is DMARC and how to set up DMARC?

Go to the Alibaba Cloud DNS - Public Zone console, find the domain name you want to manage and click it.
On the Settings tab, click Add Record.

In the Add Record panel, set record type to MX, host to @, resolution line to Default, and routing policy to round-robin. Keep the default TTL of 10 minutes. In the Record value set, add three records: mx1.qiye.aliyun.com (priority 5), mx2.qiye.aliyun.com (priority 10), and mx3.qiye.aliyun.com (priority 15).
Add all the required MX, TXT, and CNAME records.

Verify configuration

After you modify DNS records, the changes take time to propagate globally. This process typically takes from a few minutes to several hours. You can use the following methods to verify the status of your configuration.

Console propagation check

Go to the Settings page for your domain name.
Click the Probing button next to the target record.

CLI

# Check the propagation of the MX record. The command should return the mail server address and priority.
dig yourdomain.com MX
# Check the SPF record. The command should return a TXT record that contains "v=spf1".
dig yourdomain.com TXT

Live delivery test

Send an email from your configured enterprise mailbox to a major email service, such as Gmail or Outlook.
Check whether the email arrives in the recipient's inbox.

Billing

Email service fees: The primary cost is the subscription fee from your enterprise mailbox provider.
DNS resolution fees: Alibaba Cloud DNS provides both a free edition and paid editions. If you require a premium Public Zone service with guaranteed availability, purchase a paid edition in advance. For more information, see Purchase and bind a domain name.

Troubleshooting

Q: Why are my DNS records not taking effect?

A: Confirm that Alibaba Cloud DNS is the authoritative DNS server for your domain name. Clear your local DNS cache or test from a different network environment. Wait for the record's TTL to expire.

Q: Why am I unable to receive emails?

A: Use dig or a domain name detection tool to check if the MX record correctly points to the service provider's server. Confirm that the email account is correctly set up with the service provider.

Q: Why are emails I send being rejected or sent to the spam folder?

A: Check if the SPF record includes all sending sources. Use online tools to verify that the DKIM signature is valid. Check if the DMARC policy is too strict (for example, using p=reject in the initial stage).