How to configure DNS for a contact form

by | Jul 22, 2025

Integrating contact forms with an external email service

This guide walks you through modifications you need to make to your domain name’s DNS zone record so that your contact form mail can reliably connect to your external email service, like Microsoft 365 or another email supplier.

configure DNS for contact forms

This article is written for web designers who know websites but may not be as familiar with DNS. 

Click on the headers below to find out how to modify DNS records and other steps in the order shown. Click on images to view at full-sized resolution.

1. Why?

One of the biggest reasons spam happens is because a hacker can purport to be you by sending email using your email address from email servers that you do not control. This means end users have to constantly combat rogue email, and email services have to make educated guesses about what is good email before passing it to your Inbox.

These modifications to SPF, rDNS, DKIM, and DMARC help a receiving email server determine that the email it receives really does come from an email server in your control.

If a receiving server cannot validate the source of your email, the receiving server is likely to conclude that your email has been sent from a spammer, in which case the email will be dropped. Your server can implement some tools, but your domain name has to be configured to co-ordinate with your server too.

2. Scenario

This example assumes that a web site owner uses Microsoft 365 for email and the domain name which governs the web site and email is managed at a registrar like GoDaddy where the authoritative zone record is held. In reality, the registrar might be different. For instance, the domain name might be managed at Cloudflare or even Microsoft 365 itself.

The important point is to understand where your authoritative zone record is managed. the web server will have a zone record. However, if the domain name is regitered at a regisrar like Tucows and the domain name uses Tucow’s nameservers, then the authoritative nameserver for your domain is at Tucows.

This workflow assumes:

  • Your website is hosted on at IP address 88.202.183.10
  • The domain’s authoritative DNS is managed at a registrar like GoDaddy
  • Email for the domain (e.g., yourdomain.co.uk) is handled by Microsoft 365
  • You want your contact forms to send email from the domain (e.g., info@yourdomain.co.uk) using your web server’s mail system

This assumes that you already have a valid email address called info@yourdomain.co.uk. Also, this assumes that DKIM and DMARC are already configured for Microsoft 365. Microsoft organises its DKIM records using CNAME records – this means that Microsoft can handle DKIM identifiers in-house.

This is useful because most other entities use an A record which means multiple there would be multiple DKIM records in your authoritative zone. This is possible, but it might affect reliability. So, if you already have DKIM records in your authoritative zone to cope with another email server, it might be worth considering options.

Preparation

Review the existing authoritative zone record to check for SPF, DKIM, and DMARC. You will need:

  • credentials for the domain name registrar control panel access
  • credentials for cPanel to edit and get records from your web server
  • credentials for any other services that might be implicated, like Microsoft 365
  • if DKIM is not already configured, refer to this guidance note
  • if DMARC is not already configured, refer to this guidance note
3. SPF (Sender Policy Framework)

SPF tells receiving email servers which IP addresses you have approved to send mail for your domain. Usually, this record is already posted in your zone record. In the example below, the record is only configured to recognize Microsoft 365:

v=spf1 include:spf.protection.outlook.com -all

So, now we need to include your web server’s IP address to verify that your web server is a valid email server too.

What to do:

  • Log into the DNS editor where your domain name is managed (e.g. GoDaddy)
  • Find your existing SPF TXT record (it starts with v=spf1).
  • Add your server’s IP: ip4:88.202.183.10 before the -all.

Example:

v=spf1 include:spf.protection.outlook.com ip4:88.202.183.10 -all

The syntax is not absolute. For instance, the following record also works:

v=spf1 ip4:88.202.183.10 include:spf.protection.outlook.com -all

Adding your web server’s IP address to the SPF record authenticates both Microsoft 365 and your web server as valid mail servers for your domain.

4. rDNS (Reverse DNS / PTR Record)

Unless you rely on exceptional settings, you do not need to do anything about rDNS. A PTR record is already established in the reverse zone for our servers. This means that the IP address for your server is already mapped to your hostname.

A PTR record can only be created where a reverse zone is accessible. Usually, this means having to post a support ticket at your domain registrar, or asking the owner of the IP address you have been granted to map the setting for you.

5. DKIM (DomainKeys Identified Mail)

DKIM adds a digital signature to your emails.

Usually, DKIM is established with an A record. Microsoft 365 already uses DKIM via CNAME records. This is convenient. Other registrars might already require an A record that you rely on. It is possible to have multiple A records establishing DKIM records for different servers. This might cause some reliability issues though. So, you might need to monitor traffic flow after making this kind of change. In any event,  your web server needs its own DKIM setup if it sends mail too.

What to do in cPanel:

  • Log into cPanel
  • Go to Email  > Email Deliverability
  • Click open <Manage>
  • Do not enable DKIM. Instead:
  • Copy the TXT Name and Value fields shown for DKIM
  • Add this TXT record to your DNS at GoDaddy

This allows receiving servers to verify that your server’s emails are legitimate.

6. DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC tells receiving servers how to handle emails that fail SPF or DKIM checks. settings. This may already be established in your authoritative zone and that record would already be valid as long as:

  • your SPF record already includes for your web server’s IP address
  • or DKIM passes for your server (if you set it up)

 Example

You can use the values suggested in cPanel > Email > Email Deliverability to create a DMARC record. DMARC uses an industry defined instruction set which is universally adhered to. For now, it is probably only necessary to operate DMARC in “test” mode. However, some services like Microsoft 365 may be sensitive (especially to “contact form” mail and require an elevated metric like p=quarantine.

Name: _dmarc.domainname.co.uk
Value: v=DMARC1; p=quarantine; rua=mailto:your-alias@domainname.co.uk

The three incremental states for DMARC are:

  • p=none
  • p=quarantine
  • p=reject
8. cPanel Mail Routing

Lastly, check that your server expects email to be managed externally. As the records above are being added to your authotitative zone, cPanel will often detect that external email servers are now in use. However, you need to check this setting.

What to do:

  • log into cPanel > Email > Email Routing
  • check <Remote Mail Exchanger> if it is not already enabled
  • save the setting

This ensures your server sends contact form emails to Microsoft 365 instead of trying to deliver them locally.

Testing and Summary

After updating your DNS:

  • Use MXToolbox to check SPF, DKIM, and DMARC
  • Send test emails from your contact form to Gmail or Outlook and inspect the headers
  • Look for spf=pass, dkim=pass, and dmarc=pass

Summary

By configuring SPF, rDNS, DKIM, and DMARC correctly, your contact forms can send email reliably—even when Microsoft 365 or other suppliers handle your domain’s email. This setup helps prevent your messages from being flagged as spam and protects a client’s domain reputation and brand intact.

Using Authoritative Nameservers for your web server

by | Feb 8, 2025

Introduction

Use this article to understand how a domain name relies on an “authoritative namserver” to connect web site viewers and email users to your web server. This article is intended for Comstat clients so this guidance is aimed at cPanel users who have moved up from entry level retail services.

Click on the headers below to find out about how to decide where to locate your authoritative nameserver. Click on inmages to view at full-sized resolution.

What is an Authoritative Nameserver?

An authoritative nameserver holds the definitive records for a domain name. It answers queries about domain names with the most accurate and up-to-date information about your web site, email server, and more. For instance, if you want to send an email, your computer has to find your authoritative nameserver to find out how to send your outgoing email and verify that the email legitimate.

To do this, an authoritative nameserver translates domain names (like comstat.uk) into IP addresses (like 192.0.2.1). To read this article, your computer had to find where the web server was that hosts the page you are reading.This way, you can operate email from one server, and email from another.

Using a domain name supplier's Authoritative Nameserver

When you buy a domain name your domain name supplier will provide a standard authotitative nameserver which points to your domain name’s “zone record” – a phone book – which describes where your web site is, and where your email server is. Also, it provides room for you to define records to help prove that your email is legitimate and many more things. It is important that it is safe from malicious hijack.

Pros:

  •  Reliability – good security, robust global availability

Cons:

  • Limited control – limited customization options
  • Dependency – you rely on the registrar for DNS management
  • Manual entries – records have to be transcribed from cPanel (e.g. webmail.domainname.com)
  • Complexity – different suppliers adopt differing methodologies for scripting records
  • Resolution – some suppliers take up to 72 hours to resolve DNS
Using your web server as an Authoritative Nameserver

When you use your web server as your Authoritative nameserver, you modify records at your domain name supplier so that your web server becomes the Authoritative nameserver. This is easy to do. It is a simple matter of overwriting the default nameservers with your web server’s nameservers. For instance, we use nameservers like ns1.namesfirst.net and ns2.namesfirst.net. Once the nameservers are modified, all records dealing with your web site, email, webdisk, etc., are handled via cPanel.

Pros:

  • Control – you can make changes instantly
  • Integration – seamless integration with your email, web site, etc.
  • Customization – you can tailor DNS to specialized needs
  • SSL – cPanel can automatically align SSL certificates with your web server

Cons:

  • Security – greater onus on web server owner to protect against intrusion
Summary - which one?

Entry level web hosting services do not do much more that provide a web site, and email is usually bought as a separate service. As businesses outgrow entry level web hosting, the realities that larger business face become more evident.

If you operate a web site via cPanel which includes email, and you intend to use services like Webdisk and automated SSL, it is probably less effort to use your web server as an authoritative web server.

If you want to provide extra security against a malicious person hacking your authoritative nameserver, consider managing things at your domain name supplier. This will mean copying records from cPanel however, and may limit how your SSL certificate works.

In some case, we manage authoritative nameservers for clients at Cloudflare and Microsoft 365. Both provide Enterprise grade suecurity and resiliency.

Without a working authoritative namserver, web sites, email, and more cease to work. So, at some point businesses have to develop in-house skill or outsource help to manage this critical Internet technology.

 

Add SPF to your DNS zone record

by | Feb 4, 2025

Authenticate your outgoing email with SPF

Use SPF (Sender Policy Framework) is a utility that lists all the server IP addresses that a domain name can use to send emails from.

cpanel SPF record

Click on the headers below to follow our guide to manage SPF record using cPanel WHM and then post your SPF record in your domain name’s zone record at your domain registrar. Click on images to see in full resolution.

Why is SPF important?

Most people who rely on a contact form have experienced what happens when SPF is not working.

For instance, your business might use Microsoft 365 (i.e. Exchange). Exchange handles all staff email and its servers use IP addresses to do so. Now, imagine that your business also has a web site with a contact form but the web site sends contact form email from a different IP address than Microsoft Exchange uses for everyday emails: the contact form uses the web server’s IP address. SPF means your business can validate the web site’s server IP address. Without properly configured SPF, the contact form would not work. You would never know you lost a sale. At best, contact form email might end up in Spam/Junk.

How do I configure SPF?

If your web server is configured for email, you might not need to do anything at all. If you already use another email service for regular email, you may need to amend your existing SPF record where you manage your domain name to include the IP address for your contact form. The best thing to do is to contact us first for advice.

Step-by-step instructions

This guide assumes that you need to create an SPF record at your domain name supplier, but you want to operate your email from our new web server.

1. Log in to cPanel

  • using your web server configuration sheet, log into cPanel
  • navigate to <Email>
  • click on <Email deliverability>

2. Find your SPF record

  • towards the top of your page, you will see a section for SPF, like you see in the screenshot below.
  • the SPF <value> is the entry you need to modify your existing domain name record where you manage your domain name – copy the record from cPanel.
  • go to your domain name supplier

cpanel SPF record

3. Create or edit your SPF record

  • log in to your domain name manager or zone editor
  • if there is no SPF record, create a new TXT or SPF record, and enter the the values from cPanel
  • if there is an SPF record, copy the existing record an paste/save it so you have a last known working state
  • if the existing SPF record handles other email alredy, you will need to determine how to add your web server’s IP address to the entry. This is because you use one SPF record to define all IP addresses that need to be covered.

SPF can be the simplest of protocols to implement, especially if you are operating all email from your web server and your domain name uses our nameservers. However, SPF needs to be able to cope with diverse eventualities, and it may need configuring for multiple IP addresses that handle email for your business. If in doubt, contact us for advice.

Summary

SPF is already configured if your web server includes email services, so there is nothing to do if we manage your domain name for you and all your email will be handled from your web server.

In most other cases, you should contact us for guidance before you make changes anywhere. If you do make changes to existing records, be sure to copy/paste/save those records so that you can resort to a last known working state if problems develop.

DNS is not a forgiving technology, and if you are nervous about making real time changes that might disrupt your web site and/or email, please contact us at the very least for advice.

Expert help available

We have decades of experience managing domain names on behalf of clients. If you are nervous about dealing with this technology, we can provide admin support for domain names and ongoing services. We can turn modifications in minimal time at reasonable cost while saving you from risk of web site and email disruption – please ask for help if in doubt.