dns - Comstat | Ruthin, North Wales

How to configure DNS for a contact form

by Steve Galloway | Jul 22, 2025

Integrating contact forms with an external email service

This guide walks you through modifications you need to make to your domain name’s DNS zone record so that your contact form mail can reliably connect to your external email service, like Microsoft 365 or another email supplier.

This article is written for web designers who know websites but may not be as familiar with DNS.

Click on the headers below to find out how to modify DNS records and other steps in the order shown. Click on images to view at full-sized resolution.

1. Why?

One of the biggest reasons spam happens is because a hacker can purport to be you by sending email using your email address from email servers that you do not control. This means end users have to constantly combat rogue email, and email services have to make educated guesses about what is good email before passing it to your Inbox.

These modifications to SPF, rDNS, DKIM, and DMARC help a receiving email server determine that the email it receives really does come from an email server in your control.

If a receiving server cannot validate the source of your email, the receiving server is likely to conclude that your email has been sent from a spammer, in which case the email will be dropped. Your server can implement some tools, but your domain name has to be configured to co-ordinate with your server too.

2. Scenario

This example assumes that a web site owner uses Microsoft 365 for email and the domain name which governs the web site and email is managed at a registrar like GoDaddy where the authoritative zone record is held. In reality, the registrar might be different. For instance, the domain name might be managed at Cloudflare or even Microsoft 365 itself.

The important point is to understand where your authoritative zone record is managed. the web server will have a zone record. However, if the domain name is regitered at a regisrar like Tucows and the domain name uses Tucow’s nameservers, then the authoritative nameserver for your domain is at Tucows.

This workflow assumes:

Your website is hosted on at IP address 88.202.183.10
The domain’s authoritative DNS is managed at a registrar like GoDaddy
Email for the domain (e.g., yourdomain.co.uk) is handled by Microsoft 365
You want your contact forms to send email from the domain (e.g., info@yourdomain.co.uk) using your web server’s mail system

This assumes that you already have a valid email address called info@yourdomain.co.uk. Also, this assumes that DKIM and DMARC are already configured for Microsoft 365. Microsoft organises its DKIM records using CNAME records – this means that Microsoft can handle DKIM identifiers in-house.

This is useful because most other entities use an A record which means multiple there would be multiple DKIM records in your authoritative zone. This is possible, but it might affect reliability. So, if you already have DKIM records in your authoritative zone to cope with another email server, it might be worth considering options.

Preparation

Review the existing authoritative zone record to check for SPF, DKIM, and DMARC. You will need:

credentials for the domain name registrar control panel access
credentials for cPanel to edit and get records from your web server
credentials for any other services that might be implicated, like Microsoft 365
if DKIM is not already configured, refer to this guidance note
if DMARC is not already configured, refer to this guidance note

3. SPF (Sender Policy Framework)

SPF tells receiving email servers which IP addresses you have approved to send mail for your domain. Usually, this record is already posted in your zone record. In the example below, the record is only configured to recognize Microsoft 365:

v=spf1 include:spf.protection.outlook.com -all

So, now we need to include your web server’s IP address to verify that your web server is a valid email server too.

What to do:

Log into the DNS editor where your domain name is managed (e.g. GoDaddy)
Find your existing SPF TXT record (it starts with v=spf1).
Add your server’s IP: ip4:88.202.183.10 before the -all.

Example:

v=spf1 include:spf.protection.outlook.com ip4:88.202.183.10 -all

The syntax is not absolute. For instance, the following record also works:

v=spf1 ip4:88.202.183.10 include:spf.protection.outlook.com -all

Adding your web server’s IP address to the SPF record authenticates both Microsoft 365 and your web server as valid mail servers for your domain.

4. rDNS (Reverse DNS / PTR Record)

Unless you rely on exceptional settings, you do not need to do anything about rDNS. A PTR record is already established in the reverse zone for our servers. This means that the IP address for your server is already mapped to your hostname.

A PTR record can only be created where a reverse zone is accessible. Usually, this means having to post a support ticket at your domain registrar, or asking the owner of the IP address you have been granted to map the setting for you.

5. DKIM (DomainKeys Identified Mail)

DKIM adds a digital signature to your emails.

Usually, DKIM is established with an A record. Microsoft 365 already uses DKIM via CNAME records. This is convenient. Other registrars might already require an A record that you rely on. It is possible to have multiple A records establishing DKIM records for different servers. This might cause some reliability issues though. So, you might need to monitor traffic flow after making this kind of change. In any event, your web server needs its own DKIM setup if it sends mail too.

What to do in cPanel:

Log into cPanel
Go to Email > Email Deliverability
Click open <Manage>
Do not enable DKIM. Instead:
Copy the TXT Name and Value fields shown for DKIM
Add this TXT record to your DNS at GoDaddy

This allows receiving servers to verify that your server’s emails are legitimate.

6. DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC tells receiving servers how to handle emails that fail SPF or DKIM checks. settings. This may already be established in your authoritative zone and that record would already be valid as long as:

your SPF record already includes for your web server’s IP address
or DKIM passes for your server (if you set it up)

Example

You can use the values suggested in cPanel > Email > Email Deliverability to create a DMARC record. DMARC uses an industry defined instruction set which is universally adhered to. For now, it is probably only necessary to operate DMARC in “test” mode. However, some services like Microsoft 365 may be sensitive (especially to “contact form” mail and require an elevated metric like p=quarantine.

Name: _dmarc.domainname.co.uk

Value: v=DMARC1; p=quarantine; rua=mailto:your-alias@domainname.co.uk

The three incremental states for DMARC are:

p=none
p=quarantine
p=reject

8. cPanel Mail Routing

Lastly, check that your server expects email to be managed externally. As the records above are being added to your authotitative zone, cPanel will often detect that external email servers are now in use. However, you need to check this setting.

What to do:

log into cPanel > Email > Email Routing
check <Remote Mail Exchanger> if it is not already enabled
save the setting

This ensures your server sends contact form emails to Microsoft 365 instead of trying to deliver them locally.

Testing and Summary

After updating your DNS:

Use MXToolbox to check SPF, DKIM, and DMARC
Send test emails from your contact form to Gmail or Outlook and inspect the headers
Look for spf=pass, dkim=pass, and dmarc=pass

Summary

By configuring SPF, rDNS, DKIM, and DMARC correctly, your contact forms can send email reliably—even when Microsoft 365 or other suppliers handle your domain’s email. This setup helps prevent your messages from being flagged as spam and protects a client’s domain reputation and brand intact.

About ComStat.uk: Internet Service Provider Comstat provides IT support, web hosting, and media services including web design, Microsoft 365 setup, and audio/video production, serving businesses across Denbighshire, North Wales and Wirral from Ruthin, and Lancashire and the Northwest from Bolton.

Configure DMARC using cPanel

by Steve Galloway | Apr 12, 2025

Authenticate outgoing email with DMARC

Configure DMARC (Domain-based Message Authentication, Reporting, and Conformance) to help protect your domain name from being used for email spoofing. Unless you configure DMARC, email that you send can be dropped by a receiver’s email server before reaching that user’s Inbox.

Click on the headers below to follow our guide to obtain a DMARC record using cPanel WHM and then configure your DMARC record in your domain name’s zone record at your domain registrar. Click on images to see in full resolution.

How to prepare

DMARC is already enabled on your web server. DMARC builds on DKIM and SPF, so before implementing DMARC, be sure to implement DKIM first.

Before you configure DMARC in your domain name’s zone record, you will need to understand where your domain name is managed. If your domain name is held at a domain name supplier using their nameservers, you will need to configure DMARC records in your domain name’s zone record at your supplier. If you own the domain, but we hold it in our management portfolio, then you might only need to make amendments in cPanel which will make things easier.

Therefore, before you start, prepare as follows:

if in doubt, check with us where your records need modifying
find your cPanel login credentials from your server information sheet
(optionally) find the login credentials for your domain name supplier

We recommend you add a DMARC record to your domain name’s zone record which initially operates DMARC in test mode. Our workflow therefore is designed to accomplish this preliminary objective.

Making adjustments to your domain name’s zone record requires exacting language and sytax. A missing character can cause a web site to cease functioning and disable your email. Nor can you test it – changes made have effect in real time. Be sure to copy records before overwriting “last known working” states.

Step-by-step instructions

Follow these instructions caefully to configure DMARC and activate the service. Each step is important. Missing characters like colons, semi-colons, and spelling mistakes can cause a lot of work.

1. Log in to cPanel:

open your web browser
enter your cPanel URL (e.g., https://yourdomain.com:2083)
log in with your cPanel credentials

2. Navigate to <Zone Editor>

in cPanel dashboard, scroll to <Domains> section
find and click open <Zone Editor>

3. Look for a DMARC Record:

in Zone Editor, find the domain you want to check
click <Manage> next to the domain
look for a TXT record with the name: _dmarc.yourdomain.com
if you do not see one, you will need to create it

4. Create or Modify a DMARC Record:

if you need to create a new DMARC record, click <Add Record>
choose <TXT Record> from the <+Add> dropdown list
in the <Name> field, enter: _dmarc
in the <TTL> field, leave the default value
in the <Type> field, select: TXT
in the <Record field>, enter your DMARC policy. For now, use:
• v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-failures@yourdomain.com; sp=none; pct=100
for <mailto:> substitute your preferred email address• see notes below
select and copy the record field to clipboard or notepad. You will need this later

5. Save the DMARC Record:

Click <Save Record> to apply the changes

6. Log in to Your Domain Registrar:

in a new browser window, go to your domain registrar’s website
log in with your credentials

7. Access DNS Management:

find the DNS management or zone file settings
this section allows you to add or edit DNS records

8. Add the DMARC Record you created in steps 4 and 5 above:

Add a new TXT record
in the <Name> field, enter: _dmarc
in the <Value> field, paste the DMARC policy you created and copied earlier in cPanel
Save the changes

9. Verify the new DMARC record:

Use online tools like MXToolbox to verify your DMARC record
Check for typos like missing colons or spaces, or inaccurate spelling

Notes:

DMARC is a technology that operates on a few levels. The record we gave an example for you to use above is for a DMARC policy that shows DMARC is enabled, but not reactive (p=0). The record can be modified to p=quarantine and p=reject which cause emails that fail a test to be either quarantined or rejected by a receiver. In some circumstances like emails sent to a mailing list, values for sp and pct can also affect how your outgoing email is received.

By using policy p=0 and establishing the email address of the person you want to receive DMARC reports, you have a minium valid record. Once this tests positive, consider upgrading the policy to p=quarantine.

Summary

DMARC builds upon existing protocols like SPF and DKIM to help domain name owners specify how their organisation’s emails should be treate by receiving email servers that fail authentication checks. This is important because it helps to prevent a malicious party from attempting to use your email addresses to purport to be you using spoofing and phishing attacks. Consequently, you can configure DMARC a few ways.

Making adjustments to your domain name’s zone record requires exacting language and syntax. A missing character can cause a web site to cease functioning and disable your organisation’s email. Nor can you test a modification first – changes made have effect in real time.

Expert help available

We have decades of experience managing domain names on behalf of clients. If you are nervous about dealing with this technology, we can provide admin support for domain names and ongoing services. We can turn modifications in minimal time at reasonable cost while saving you from risk of web site and email disruption – please ask for help if in doubt.

Configure DKIM in cPanel

by Steve Galloway | Apr 3, 2025

Verify outgoing email with DKIM

Use DKIM (DomainKeys Identified Mail) to reduce the chance of your users’ outgoing emails ending up in customer/supplier Spam or Junk folders.

Click on the headers below to follow our guide to configure DKIM using cPanel WHM and post your DKIM records in your domain name’s zone record at your domain registrar. Click on images to see in full resolution.

How to prepare

DKIM is already enabled on your web server. However, the service needs to be implemented. This is because the verification process requires checking a unique DKIM record which only you can add to your domain name’s “phone book” – we call the phone book a zone record. If we have ongoing access to your domain name, we would take care of this as part of the support we provide.

Before starting, you will need to understand where your domain name is managed. If your domain name is held at a domain name supplier using their nameservers, you will need to create DKIM records in the zone record at your supplier. If you own the domain, but we hold it in our management portfolio, then you might only need to make amendments in cPanel which will make things easier.

Therefore, before you proceed, prepare as follows:

if in doubt, check with us where your records need modifying
find your cPanel login credentials from our server information sheet
(optionally) find the login credentials for your domain name supplier

We are able to manage domain names on behalf of clients. Domain name management is a critical function and unwitting errors can cause email and web site failure. If you are nervous about dealing with this technology, we can provide admin support – ask for help. For instance, if you do not have in-house expertise, we can take administrative custody of your domain to manage these kinds of jobs.

Step-by-Step instructions

1. Log in to WHM:

Open your web browser.
Enter your WHM URL (e.g., https://your-server-ip:2087).
Log in with your root credentials.

2. Access the DKIM Settings:

In the WHM dashboard, search for <Email>.
Click on <Email Deliverability>.

3. Select the Domain:

Choose the domain you want to configure DKIM for.
Click <Manage> next to the domain.

4. Enable DKIM:

In the DKIM section, click <Install the Suggested Record>.
WHM will automatically generate the DKIM record.

5. Copy the DKIM Record:

After generating the DKIM record, you will see a TXT record.
Copy the entire TXT record, including the v=DKIM1; part.

6. Log in to Your Domain Registrar:

Open your domain registrar’s website.
Log in with your credentials.

7. Access DNS Management:

Find the DNS management or zone file settings.
This section allows you to add or edit DNS records.

8. Add the DKIM Record:

Add a new TXT record.
In the Name field, enter the selector and domain (e.g., default._domainkey.yourdomain.com).
In the Value field, paste the DKIM record you copied from WHM.
Save the changes.

9. Verify the DKIM Record:

Go back to WHM.
In the <Email Deliverability> section, click <Manage> next to your domain.
Click <Check> to verify the DKIM record.

10. Test Your DKIM Setup:

Send a test email to ensure DKIM is working.
Use online tools like DKIMValidator to check if your email passes DKIM checks.

Tips for Non-IT Users

Take Your Time: Follow each step carefully.
Ask for Help: If you get stuck, don’t hesitate to ask your registrar’s support team.
Double-Check Entries: Ensure there are no typos in the DKIM record.

Summary

Business users do not have a lot of patience when it comes to email, and not a lot of people check Spam or Junk occasionally if at all. Email that is lost in this way costs business so DKIM, along with SPF (automatically configured for you already, DMARC, and Reverse DNS are necessary utilities for providing resilient email delivery.

Expert help available

We have decades of experience managing domain names on behalf of clients. If you are nervous about dealing with this technology, we can provide admin support for domain names and ongoing services – we can turn modifications in minimal time at reasonable cost and while saving you from risk of web site and email disruption – please ask for help if in doubt.

Why Authoritative Nameservers Matter for Your Web Hosting Setup

by Steve Galloway | Feb 8, 2025

Introduction

Use this article to understand how a domain name relies on authoritative namservers to connect web site viewers and email users to your web server. This article is intended for Comstat.uk clients who have bought domain names elsewhere who intend to maintain the domain names in their own portfolios. This requires more client input and can delay restoration of services in the event of outages.

If you maintain your domain names within ComStat.uk’s management portfolios we can provide streamlined support because we can access your domain names’ zone records 24/7 without recourse to clients. This means we can fix authoritative nameservers without reverting to you.

For instance, in the event of an outage while you are away on holiday, or you cannot access your domain name control panel because you have no phone signal to handle 2FA, your web site service could be disrupted until someone can get to your domain name control panel to resolve problems. So, it is important to understand how your authoritative nameservers operate and who is repsonsible for the dashboard that manages them.

Click on the headers below to find out about how to decide where to locate your authoritative nameservers. Click on images to view at full-sized resolution.

What are Authoritative Nameservers?

Authoritative nameservers hold the definitive records for a domain name that operate your email, website availability, and other services. Conventionally, two or more authoritative nameserves are in operation in case one server fails. Authoritative nameservers answer queries about domain names with the most accurate and up-to-date information about your web site, email server, and more.

For instance, if you want to send an email, your computer has to find your authoritative nameserver to find out how to send your outgoing email. Also, it has to find where to send the email. Lastly, the receipient’s email server has to verify that email is legitimate, so it is critically important that your authoritative nameservers are operational and capable of demonstrating a good “score”. If your authoritative nameservers are not recognised and do not achieve adequate safety metrics, your emails will be dropped or sent to spam.

Authoritative nameservers work behind the scenes to translates domain names (like comstat.uk) into IP addresses (like 192.0.2.1). To read this article, your computer had to find where the web server was that hosts the page you are reading. Often, a web site operates from one server, and email from another. Authoritative nameservers define where your services are established.

Using a domain name supplier's Authoritative Nameservers

When you buy a domain name your domain name supplier will provide standard authotitative nameservers which point to your domain name’s “zone record” – a phone book – which describes where your web site is, and where your email server is. Also, it provides room for you to define records to help prove that your email is legitimate and many more things. It is important that it is secure, and safe from malicious hijack.

Pros:

Reliability – good security, robust global availability

Cons:

Limited control – limited customization options
Dependency – you rely on the registrar for DNS management
Manual entries – records have to be transcribed from your cPanel zone record (e.g. webmail.domainname.com)
Complexity – different suppliers adopt differing methodologies for scripting records
Resolution – some suppliers take up to 72 hours to resolve DNS

Using your web server for Authoritative Nameservers

When you use your web server as your authoritative nameservers, you modify records at your domain name supplier so that your web server become your authoritative nameservers. This is easy to do: you replace the standard nameservers in your domain name’s control panel with your web server’s nameservers which we will establish for you. For instance, we use nameservers like ns1.namesfirst.net and ns2.namesfirst.net. Once the nameservers are modified, all records dealing with your web site, email, webdisk, etc., are handled via cPanel.

Pros:

Control – you/we can make changes instantly
Integration – seamless integration with your email, web site, etc.
Customization – you can tailor DNS to specialized needs
SSL – cPanel can automatically align SSL certificates with your web server

Cons:

Security – teh onus is on the web server owner to protect against intrusion

Summary - which one?

Entry level web hosting services do not do much more than provide a web site, and email is usually bought as a separate service. As businesses outgrow entry level web hosting, the realities that larger business face become more evident.

If you operate a web site via cPanel which includes email, and you intend to use services like Webdisk and automated SSL, it is probably less effort to use your web server as an authoritative web server.

If you want to provide extra security against a malicious person hacking your authoritative nameserver, consider managing things at your domain name supplier. This will mean copying records from cPanel however, and may limit how your SSL certificate works. Also, our ability to restore services in the event of authoritative nameservers depend on us being able to reach you.

In some cases, we also manage authoritative nameservers for clients at Cloudflare and Microsoft 365. Both provide Enterprise grade suecurity and resiliency. How your email and website are organised influences how we need to deal with your authoritative nameservers.

Without a working authoritative namserver, web sites, email, and more cease to work. So, at some point businesses have to develop in-house skills or outsource help to manage this critical Internet technology.

To discuss how best to manage your domain name and how best to establish your authoritative nameservers, contact us using the WhatsApp link or arrange a convenient time for us tr contact you via our contact page.

Add SPF to your DNS zone record

by Steve Galloway | Feb 4, 2025

Authenticate your outgoing email with SPF

Use SPF (Sender Policy Framework) is a utility that lists all the server IP addresses that a domain name can use to send emails from.

Click on the headers below to follow our guide to manage SPF record using cPanel WHM and then post your SPF record in your domain name’s zone record at your domain registrar. Click on images to see in full resolution.

Why is SPF important?

Most people who rely on a contact form have experienced what happens when SPF is not working.

For instance, your business might use Microsoft 365 (i.e. Exchange). Exchange handles all staff email and its servers use IP addresses to do so. Now, imagine that your business also has a web site with a contact form but the web site sends contact form email from a different IP address than Microsoft Exchange uses for everyday emails: the contact form uses the web server’s IP address. SPF means your business can validate the web site’s server IP address. Without properly configured SPF, the contact form would not work. You would never know you lost a sale. At best, contact form email might end up in Spam/Junk.

How do I configure SPF?

If your web server is configured for email, you might not need to do anything at all. If you already use another email service for regular email, you may need to amend your existing SPF record where you manage your domain name to include the IP address for your contact form. The best thing to do is to contact us first for advice.

Step-by-step instructions

This guide assumes that you need to create an SPF record at your domain name supplier, but you want to operate your email from our new web server.

1. Log in to cPanel

using your web server configuration sheet, log into cPanel
navigate to <Email>
click on <Email deliverability>

2. Find your SPF record

towards the top of your page, you will see a section for SPF, like you see in the screenshot below.
the SPF <value> is the entry you need to modify your existing domain name record where you manage your domain name – copy the record from cPanel.
go to your domain name supplier

3. Create or edit your SPF record

log in to your domain name manager or zone editor
if there is no SPF record, create a new TXT or SPF record, and enter the the values from cPanel
if there is an SPF record, copy the existing record an paste/save it so you have a last known working state
if the existing SPF record handles other email alredy, you will need to determine how to add your web server’s IP address to the entry. This is because you use one SPF record to define all IP addresses that need to be covered.

SPF can be the simplest of protocols to implement, especially if you are operating all email from your web server and your domain name uses our nameservers. However, SPF needs to be able to cope with diverse eventualities, and it may need configuring for multiple IP addresses that handle email for your business. If in doubt, contact us for advice.

Summary

SPF is already configured if your web server includes email services, so there is nothing to do if we manage your domain name for you and all your email will be handled from your web server.

In most other cases, you should contact us for guidance before you make changes anywhere. If you do make changes to existing records, be sure to copy/paste/save those records so that you can resort to a last known working state if problems develop.

DNS is not a forgiving technology, and if you are nervous about making real time changes that might disrupt your web site and/or email, please contact us at the very least for advice.