How to configure DNS for a contact form

by | Jul 22, 2025

Integrating contact forms with an external email service

This guide walks you through modifications you need to make to your domain name’s DNS zone record so that your contact form mail can reliably connect to your external email service, like Microsoft 365 or another email supplier.

configure DNS for contact forms

This article is written for web designers who know websites but may not be as familiar with DNS.

Click on the headers below to find out how to modify DNS records and other steps in the order shown. Click on images to view at full-sized resolution.

1. Why?

One of the biggest reasons spam happens is because a hacker can purport to be you by sending email using your email address from email servers that you do not control. This means end users have to constantly combat rogue email, and email services have to make educated guesses about what is good email before passing it to your Inbox.

These modifications to SPF, rDNS, DKIM, and DMARC help a receiving email server determine that the email it receives really does come from an email server in your control.

If a receiving server cannot validate the source of your email, the receiving server is likely to conclude that your email has been sent from a spammer, in which case the email will be dropped. Your server can implement some tools, but your domain name has to be configured to co-ordinate with your server too.

2. Scenario

This example assumes that a web site owner uses Microsoft 365 for email and the domain name which governs the web site and email is managed at a registrar like GoDaddy where the authoritative zone record is held. In reality, the registrar might be different. For instance, the domain name might be managed at Cloudflare or even Microsoft 365 itself.

The important point is to understand where your authoritative zone record is managed. the web server will have a zone record. However, if the domain name is regitered at a regisrar like Tucows and the domain name uses Tucow’s nameservers, then the authoritative nameserver for your domain is at Tucows.

This workflow assumes:

  • Your website is hosted on at IP address 88.202.183.10
  • The domain’s authoritative DNS is managed at a registrar like GoDaddy
  • Email for the domain (e.g., yourdomain.co.uk) is handled by Microsoft 365
  • You want your contact forms to send email from the domain (e.g., info@yourdomain.co.uk) using your web server’s mail system

This assumes that you already have a valid email address called info@yourdomain.co.uk. Also, this assumes that DKIM and DMARC are already configured for Microsoft 365. Microsoft organises its DKIM records using CNAME records – this means that Microsoft can handle DKIM identifiers in-house.

This is useful because most other entities use an A record which means multiple there would be multiple DKIM records in your authoritative zone. This is possible, but it might affect reliability. So, if you already have DKIM records in your authoritative zone to cope with another email server, it might be worth considering options.

Preparation

Review the existing authoritative zone record to check for SPF, DKIM, and DMARC. You will need:

  • credentials for the domain name registrar control panel access
  • credentials for cPanel to edit and get records from your web server
  • credentials for any other services that might be implicated, like Microsoft 365
  • if DKIM is not already configured, refer to this guidance note
  • if DMARC is not already configured, refer to this guidance note
3. SPF (Sender Policy Framework)

SPF tells receiving email servers which IP addresses you have approved to send mail for your domain. Usually, this record is already posted in your zone record. In the example below, the record is only configured to recognize Microsoft 365:

v=spf1 include:spf.protection.outlook.com -all

So, now we need to include your web server’s IP address to verify that your web server is a valid email server too.

What to do:

  • Log into the DNS editor where your domain name is managed (e.g. GoDaddy)
  • Find your existing SPF TXT record (it starts with v=spf1).
  • Add your server’s IP: ip4:88.202.183.10 before the -all.

Example:

v=spf1 include:spf.protection.outlook.com ip4:88.202.183.10 -all

The syntax is not absolute. For instance, the following record also works:

v=spf1 ip4:88.202.183.10 include:spf.protection.outlook.com -all

Adding your web server’s IP address to the SPF record authenticates both Microsoft 365 and your web server as valid mail servers for your domain.

4. rDNS (Reverse DNS / PTR Record)

Unless you rely on exceptional settings, you do not need to do anything about rDNS. A PTR record is already established in the reverse zone for our servers. This means that the IP address for your server is already mapped to your hostname.

A PTR record can only be created where a reverse zone is accessible. Usually, this means having to post a support ticket at your domain registrar, or asking the owner of the IP address you have been granted to map the setting for you.

5. DKIM (DomainKeys Identified Mail)

DKIM adds a digital signature to your emails.

Usually, DKIM is established with an A record. Microsoft 365 already uses DKIM via CNAME records. This is convenient. Other registrars might already require an A record that you rely on. It is possible to have multiple A records establishing DKIM records for different servers. This might cause some reliability issues though. So, you might need to monitor traffic flow after making this kind of change. In any event,  your web server needs its own DKIM setup if it sends mail too.

What to do in cPanel:

  • Log into cPanel
  • Go to Email  > Email Deliverability
  • Click open <Manage>
  • Do not enable DKIM. Instead:
  • Copy the TXT Name and Value fields shown for DKIM
  • Add this TXT record to your DNS at GoDaddy

This allows receiving servers to verify that your server’s emails are legitimate.

6. DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC tells receiving servers how to handle emails that fail SPF or DKIM checks. settings. This may already be established in your authoritative zone and that record would already be valid as long as:

  • your SPF record already includes for your web server’s IP address
  • or DKIM passes for your server (if you set it up)

 Example

You can use the values suggested in cPanel > Email > Email Deliverability to create a DMARC record. DMARC uses an industry defined instruction set which is universally adhered to. For now, it is probably only necessary to operate DMARC in “test” mode. However, some services like Microsoft 365 may be sensitive (especially to “contact form” mail and require an elevated metric like p=quarantine.

Name: _dmarc.domainname.co.uk
Value: v=DMARC1; p=quarantine; rua=mailto:your-alias@domainname.co.uk

The three incremental states for DMARC are:

  • p=none
  • p=quarantine
  • p=reject
8. cPanel Mail Routing

Lastly, check that your server expects email to be managed externally. As the records above are being added to your authotitative zone, cPanel will often detect that external email servers are now in use. However, you need to check this setting.

What to do:

  • log into cPanel > Email > Email Routing
  • check <Remote Mail Exchanger> if it is not already enabled
  • save the setting

This ensures your server sends contact form emails to Microsoft 365 instead of trying to deliver them locally.

Testing and Summary

After updating your DNS:

  • Use MXToolbox to check SPF, DKIM, and DMARC
  • Send test emails from your contact form to Gmail or Outlook and inspect the headers
  • Look for spf=pass, dkim=pass, and dmarc=pass

Summary

By configuring SPF, rDNS, DKIM, and DMARC correctly, your contact forms can send email reliably—even when Microsoft 365 or other suppliers handle your domain’s email. This setup helps prevent your messages from being flagged as spam and protects a client’s domain reputation and brand intact.

About ComStat.uk: Internet Service Provider Comstat provides IT support, web hosting, and media services including web design, Microsoft 365 setup, and audio/video production, serving businesses across Denbighshire, North Wales and Wirral from Ruthin, and Lancashire and the Northwest from Bolton.

Configure SPF, rDNS, DKIM, and DMARC for email

by | Jul 5, 2025

Introduction

Sending and receiving email should be straightforward, but a lot of background checks happen before your organization’s email is delivered reliably and securely. Use this article to activate SPF, rDNS, DKIM, and DMARC to make sure your email reaches recipients, and protects your email server from crippling outcomes like dropped email and public blacklisting.

undeliverable email header

“Undeliverable”: What cost a lost email that you never know a recipient has not seen?

Click open the headers below to learn about email deiverability and “trust”. Please read through this entire article before starting to engage individual modifications to your email server. Changes you make are done so at your risk so be sure to contact us for general advice if you are in doubt. Support options are available for professional assistance. Click on images to view at full-sized resolution.

Why do these protocols matter?

If you do not put a postage stamp on a letter, it probably will not reach its destination, and without a return address you will certainly never know what happened to the letter.

Similarly, without SPF, rDNS, DKIM, and DMARC, email that you send will be erratic and unpredictable. This is because industry tools to assess “trust” are not operational. These protocols are like postage stamps. You may think “it has never been a problem before”. Partly this is because when email does not reach a recipient, you know you sent it but the recipient does not know it was supposed to be received.

Everyone has sent an email that has never reached its target. These protocols are why most failures happen, and in business communications…. it matters. The protocols we cover in this article enable your suppliers’ and customers’ email servers to “trust” your email and its “brand”.

“Postage stamps” for email

The one question we are posed by clients in 25 years of IT support more than anything else is the plaintive “why aren’t my emails getting through?”. Hopefully, it is only because of a badly spelled email address. Often, though, the answer is that outgoing email is not sending adequately “stamped” emails with “return addresses”.

Protecting your identity – “trust”

Protocols like SPF, rDNS, DKIM, and DMARC are email’s a little bit like postage stamps. When the bar code on a postage stamp is recognized as authentic, the envelope is sent to its destination. Similarly, protocols enable receiving email servers to measure and “trust” the authenticity of your communication. Put another way, these protocols protect your email from being measured as spam or malicious email.

Self serve guides for implementing email protocols

Your web server is optimised for delivering your web pages. If email is included in your package, we have made sure that an email server is enabled with necessary email tools. However, like flat-pack furniture, your email server is minimally configured and the protocols described here need to be aligned with your domain name.

These domain name modifications can only be manually configured by you or your agent. If we look after your domain name, we would configure these modifications within your ongoing support. If we do not have admin privileges for your domain name’s “zone record”, and you have elected against support, then you need to configure your domain name’s zone record.

If you do not have expert in-house IT skills, consider our DNS configuration service and ongoing support plans.

DNS Configuration – Professional support

DNS is awkward technology, even for IT pros. If you purchased your domain before you began using our servers and you want us to manage your domain name records for you, we can still administer your domain name records (DNS) annually for £75, including periodic updates as they are required. Use the PayPal QR code at the bottom of our home page for to send us payment, or contact us to arrange invoicing for our DNS service. This is included in optional support arrangements that you may already subscribe to.

DNS Configuration – self-service option

Use our “self-serve” guides linked below to implement SPF, rDNS, DKIM, and DMARC. There are a few ways to deal with these modifications, and it really depends on how your domain name, and your authoritative nameservers are configured. Read more about deciding where to manage your authoritative nameserver here. So these articles might not be exactly on point for your situations. Again, ask us for advice. Implement the protocols in the order listed:

  1. How to configure SPF
  2. How to configure rDNS
  3. How to configure DKIM
  4. How to configure DMARC

Tips and tricks

  • some protocols may take up to 24-72 hours to resolve
  • read through each guide before starting
  • monitor email for a week or so before enabling the next protocol
  • do not make DNS modifications during heavy traffic/important projects
  • document what you do (e.g. screen shots) so that you have a note of “last known” working state

Bear in mind that changes made to domain names happen in real time, and errors can cause web site and email outages that could take up to 72 hours to restore. If in doubt, contact us first.

 

Summary

Email is vulnerable to malicious attacks that pose risks to your online identity, reputation, and hijack. Implementing SPF, rDNS, DKIM, and DMARC helps to ensure that your outgoing email reaches recipients.

Implementing these kinds of services is challenging without experience. If you do not have expert in-house IT skills, consider our email configuration service and ongoing support plans. We are glad to quote on request.