What are email forwards? 

The email forwards (domain email forwards) are a way of automatically redirect emails on the domain level from one email address to another. 

You can do a permanent email forwarding or temporary forwarding. Also, you can do redirect many email addresses to a single email address.

Imagine you have several domains and emails in each, but you also have one primary email that you use for other tasks that you have. Wouldn’t it be convenient to receive all incoming messages in one place? You simply set up a mail forwards feature (a.k.a email forwarding) from your email contacts@mywebsite.org to your personal mailbox, and all of the incoming emails will be redirected to there by default.

We are not talking about the email forwarding that you have inside Gmail or Outlook.  

How does it work?

Email forwards work by redirecting email messages from one email address to another. The process is super simple and straightforward: 

• Someone sends a message to an email address that is configured to forward incoming emails. 
• The message is automatically sent to the email address that is configured to receive the forwarded emails. 

An important thing to mention is that it happens instantly, so there is no delay in the forwarding process.

When should you use email forwards?

Here are several common situations in which is a good practice to use email forwards:

• You are changing the domain name.

Imagine this case, you have the domain MYSITE.com, and for some reason, brand changes, cost-saving or another, you are changing to a new domain – NEWSITE.com. Your old clients might not immediately understand the change, and they can still try to reach you on your old email contacts@mysite.com. You can still extend that domain for a year and redirect, including email forwards from contacts@mysite.com to contacts@newsite.com. That way, they won’t lose your contact, and you can continue to work flawlessly.

• Forward a particular account to another.

Imagine John from your company was fired. But he was important, and there are still clients who want to contact him on john@company.com. You can redirect the traffic to another email like contact@company.com, or spencer@company.com (another employee) and not miss emails.

• Unite email addresses to a hub email.

In case you have a few companies, but you don’t have enough time to manage each company with a different email account, use email forwards to a single email address.

Benefits of email forwarding

Email forwards are a popular solution that provides a lot of benefits. Some of them are the following:

• Ease of use. Receive all your emails into a single email address.
• Don’t lose clients. Redirect the email of your ex-employees to another mailbox where you can still keep in touch with them.
• Redirect multiple emails to one. All to just a single address for easy managing.
• Use the software you like. You can use email software you like and forward emails to there without problems.
• Save money. You can have multiple emails forwards for different group members and redirect them to a single email address. For example, george@company.com, alex@company.com, and maria@company.com can be redirected to a single point contacts@company.com. That way, you can create only one email account, contacts@company.com, and save money on the rest.
• Save time. Instead of having to open multiple email account and manage them, you can forward them to a single and manage all the email from there.

Email Forwarding service by ClouDNS

How to set up email forwards?

The process of setting up email forwards is noncomplex, and it is easy to complete, even if you are a beginner. You can start by following these steps: 

1. Make sure you have MX records (Mail exchange records used to deliver email to addresses) directed to the email forwards servers, which you can see in your ClouDNS Control Panel.
2. When you have already created the MX records, press the “Mail forwards” option and select “Add new forward”. 
3. In the “Mail box” field, write the email box and select the domain name. For instance, you may type in “info@example.com”.
4. In the “Forward to” field, enter the email address that will receive the forwarded emails.
5. Save the changes, and the email forwards feature is ready.

If you want to check your domain’s MX records, we recommend you take a look at the fourth command from our article: 10 Most used Dig commands

Mail Forward server types

There are two Mail Forward server types available, each with distinct behavior. Therefore, when selecting a group, it is important to consider your requirements carefully to ensure that you choose the one that best suits your needs.

With suffix 1 and 2

We recommend you these if you are using a public mail server (like Gmail, Outlook, Yahoo, etc.) These are for example mailforward21.cloudns.net and mailforward22.cloudns.net.

They are set up in a way, that they can pass the SPF checks (Sender Policy Framework prevents spoofing by validating the legitimacy of your mail server), so your mail doesn’t end up in the spam folder. Take into consideration that those forwarded emails will have modified header (FROM section).

With suffix 3 and 4

If you have own mail server, and you can disable the spam checking (SPF checks), you can use our mail servers with suffix 3 and 4, for example mailforward23.cloudns.net and mailforward24.cloudns.net. The redirected emails won’t have any modified header like in the previous option.

In general, we always advise you to have the highest level of security possible. So, even with an own mail server, use SPF and spam filers. Stay protected and use the first option. 

You can take advantage of mail forwarding feature on every one of our plans, even on the free one. There you have one mail forward. Think about your need and check out all of our Premium plans.

If you are not sure, you can start a 30-day trial by ClouDNS and find the best DNS plan for you!

Best Practices for Email Forwards

By following the best practices, you can optimize your email forwards, enhancing both security and efficiency.

• Choose Reliable Providers: Opt for reputable DNS and email providers to ensure your emails are forwarded securely.
• Regularly Update Forwarding Addresses: Keep your forwarding addresses up to date to avoid losing important emails.
• Monitor Forwarded Emails: Periodically check forwarded emails for spam or malicious content to protect your main inbox.
• Use Filters and Rules: Set up filters and rules to organize your forwarded emails and keep your inbox clutter-free.
• Enable Email Authentication: Implement SPF, DKIM, and DMARC to your main email to protect against email spoofing and ensure email authenticity.
• Avoid Long Forwarding Chains: Minimize the number of forwarding steps to reduce delays and errors.
• Notify Your Contacts: Inform your contacts about your forwarding setup to avoid confusion and ensure smooth communication.

DNS Plans

Conclusion

In conclusion, email forwards are a convenient way to manage multiple email addresses from a single mailbox. They are easy to set up and provide many benefits. In addition, email forwards can be helpful when changing domain names or forwarding a particular account to another. Two mail forward server types are available, and you need to choose the one that best suits your needs. With ClouDNS’s email forwarding service, you can set up email forwards quickly and efficiently, even if you are a beginner.

The post Email forwards – what are they and how to use them? appeared first on ClouDNS Blog.

But first, let’s explain a little bit more about what DNS records actually are.

DNS records briefly explained

DNS records are simple text-based instructions for a specific domain name. Their main purpose is to set precise rules for the domain. Additionally, they are created and gathered in a zone file in the DNS zone. All that information is stored on the Authoritative DNS server for the particular domain name. As we mentioned, DNS records are completely made of text. Therefore, they are pretty light. That allows DNS administrators to edit and adjust them easily. 

Every DNS record type has a different function, so each of them is important for the proper management of the domain name. Moreover, when a user makes a request, the Recursive DNS servers search for a precise DNS record type. 

For the rest of this article, we are going to present to you some of the most important and interesting DNS record types. 

Common DNS record types

There are several types of DNS records, each serving a different purpose. Let’s take a look at some of the most common ones:

SOA Record

SOA (Start of Authority) shows the start of the authority DNS zone and specifies the global parameters of the zone. Every zone must have one, and you can’t add two per zone. It has the following parameters: Serial number, Primary Nameserver, DNS admin’s email, Refresh Rate, Retry Rate, Expire Time and TTL.

A and AAAA Records

These DNS record types are perhaps the most popular and also most important. The A record and the AAAA record are both responsible for mapping a domain name to its corresponding IP address. This is what enables users to access your website via its domain name. The difference is that A record points to an IPv4 and the AAAA record to IPv6.

MX Record

The MX record, commonly also known as mail exchange record, is used to specify the email server responsible for accepting incoming email messages for a domain name. This DNS record type is crucial for ensuring that your email gets delivered to the correct mail server. Basically, it says which server should receive the incoming emails. If it is not directed well, you won’t receive emails.

CNAME Record

CNAME record is another very popular DNS record type where the short acronym “CNAME” stands for Canonical Name. It allows you to point one hostname to another, not to an IP address like the A and AAAA records. You can use it when you want to create an alias for a domain name. It serves just for subdomains. It is important to note that you can add only one CNAME record per hostname.

TXT Record

The TXT record allows you to add and store text-based information about a domain name. There are all kinds of TXT records and some of them people can easily understand, and others are specifically for machines to read. For example, DKIM (DomainKeys Identified Mail) record is a TXT record that associates a domain name with a specific email message. There is also DMARC (Domain-based Message Authentication, Reporting, and Conformance) record that identifies and blocks spam and phishing emails by verifying the emails.

SPF Record

Creating an SPF (Sender Policy Framework) record shows who is authorized to send emails with a particular domain. Without it, all the emails you send will go directly to the spam folder of the recipients. It is helpful for preventing email spoofing and phishing attacks.

NS Record

The short acronym “NS” stands for Nameservers, and this NS record points the domain name to its authoritative DNS servers responsible for the DNS zone. The NS record is essential for ensuring that your domain name is properly registered and configured.

SRV Record

SRV records are responsible for defining the locations of servers for specified services, such as voice-over IP (VoIP), instant messaging, and others.

Web Redirect (WR) Record

The Web Redirect record does precisely what it says. It redirects from one address to another. There are a few types: 301 redirect which is a permanent redirect, and 302 redirect, which is temporary, if the address has been moved but not permanently. You can do such a redirection with SSL too.

ALIAS Record

ALIAS record is a very similar to the CNAME record. It allows you to add various hostnames for the same subdomain. You can use it for the root domain as well. This type of record is built into the ClouDNS.

RP Record

The RP record, or Responsible person record, shows who is responsible for the domain name and specifies its email address.

SSHFP Record

Secure Shell Fingerprint record is used for Secure Shell (SSH). The SSHFP record is typically used with DNSSEC enabled domains. When an SSH client connects to a server, he or she checks the corresponding SSHFP record. If there is a match, the server is legit, and it is safe to connect to it.

PTR Record

The PTR record, also commonly known as the Pointer record, points an IP address (IPv4 or IPv6) to a domain name. It is the exact opposite of the A and AAAA records, which match the hostnames to IP addresses. PTR records are used for Reverse DNS.

NAPTR Record

IP telephony uses Naming Authority Pointer records, or for short NAPTR records,  for mapping the servers and the users’ addresses in the Session Initiation Protocol (SIP).

CAA record

Certification Authority Authorization (CAA record) record gives the ability to the DNS domain name holder to issue certificates for his/her domain. The record can set policies for the whole domain or for specific hostnames.

Wildcard DNS Record

The Wildcard DNS record will match requests for non-existing domain names. It is specified with a “*” for example *.cloudns.net

For more information, examples, and video tutorials check the following DNS record wiki page.

How many DNS record types are there?

The Domain Name System (DNS) offers an extensive collection of DNS record types, each tailored to specific functions within the internet’s architecture. Currently, there are over 60 standardized DNS record types, which highlights the system’s complexity and adaptability to various networking needs.

Among these record types are the fundamental A and AAAA records, which respectively map domain names to IPv4 and IPv6 addresses, enabling the routing of internet traffic. MX records handle mail server information, directing emails to the appropriate destination, while CNAME records help aliasing one domain name to another.

Beyond these basics, there is a large number of specialized DNS record types designed to cater to specific requirements. TXT records store text data, serving purposes like domain verification and SPF (Sender Policy Framework) for email authentication. PTR records enable reverse DNS lookups, aiding in network diagnostics and security measures.

Moreover, DNSSEC (Domain Name System Security Extensions) has introduced additional record types which strengthen DNS security. These include DNSKEY records for cryptographic keys and RRSIG records for digital signatures, ensuring the authenticity and integrity of DNS data.

As technology advances, new record types may emerge to address challenges and requirements in internet communication and security. Despite this evolution, the core DNS record types remain vital components of the internet’s infrastructure, supporting its functionality and reliability.

Conclusion

Knowing more DNS records and how to use them will give you an advantage in your DNS usage. You can manage better, and you can get better results.
If you can’t figure out how to use some of the records on your own, you can always contact our Live chat Support who would be happy to help you.

Check our DNS Plans

The post Types of DNS records – What are they and what is their purpose? appeared first on ClouDNS Blog.

DMARC explained

DMARC is an authentication, policy and also reporting protocol. It uses both SPF and DKIM and adds linkage to the “From” domain name, policies for handling the incoming email in case of failure and something very important – report for the sender. That way the sender can see if there is a problem, and act on it.

The main purpose of DMARC is to protect against direct domain spoofing. If an attacker tries to send email from not authorized, DMARC will detect it and block it.

Combined with BIMI, you will also give proper protection to your brand reputation by providing authentic messages.

Why SPF and DKIM are not enough?

SPF – Sender Policy Framework has the goal to validate the senders’ servers. The receivers check the SPF record and see the IP address. It should be matching the IP address of the domain of the sender.

A problem with the SPF is that the SPF record applies to the return path of the domains, not to the domain, that shows in the “From” on the user interface. DMARC fixes this flaw with alignment, a match, between the visible “From” and the server authenticated by SPF.

DKIM – DomainKeys Identified Mail. The owner can use DKIM record to sign the emails that it sends. The emails will have extra data (encrypted) in the header that can be verified through the DNS. This technology is not flawless too. Many companies don’t rotate the key, and that can be a big problem. This is another thing, DMARC fixes. It provides rotating keys.

How does DMARC work?

We mention already that DMARC uses policies. The administrator sets them, defining the email authentication practices and what should the receiving email server do if an email violates a policy.

When the receiving email server gets a new email, it makes a DNS lookup to check the DMARC record. It will look for:

• If the DKIM signature is valid.
• The IP address of the sender, if is one of the allowed by him (SPF record).
• If the header shows proper “domain alignment”.

With all of the above in consideration, the server DMARC policy to accept, reject or flag the email.

In the end, the server will send a message to the sender with a report.

Benefits of DMARC

Here are some of the main advantages of implementing this advanced protocol.

For the sender:

• Shows that the email uses authentication – SPF and DKIM.
• Receives a feedback about the sent email.
• Policy for failed email.

For the receiver:

• Provide authentication for the incoming emails
• Evaluating the SPF and DKIM
• See what the sender prefer – policy
• Returns feedback to the sender

DMARC Record example

DMARC records are a simple text (TXT) DNS records. They look like this:

“v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@dmarcdomain.com”

• V – the version of the protocol. In the example is version 1
• Pct – % of the messages that are subject to filtering (pct=20)
• Ruf – URI for forensic reports (ruf=mailto:authfail@example.com)
• Rua – URI for aggregate reporting (rua=mailto:aggrep@example.com)
• P – Policy, organizational domain (p=quarantine)
• Sp – Policy, subdomains of the organizational domain (sp=reject)
• Adkim – Alignment for DKIM (adkim=s)
• Aspf – Alignment for SPF (aspf=r)

DMARC record generator by ClouDNS

Why use DMARC?

DMARC is a protocol used to help prevent email fraud and phishing attacks. Here’s why it’s important and why you should use it:

• Prevention of Email Spoofing: It helps prevent attackers from spoofing your domain, a common tactic in phishing attacks. By authenticating emails sent from your domain, DMARC ensures that only authorized senders can use your domain name.
• Improved Email Deliverability: Implementing it can help improve your email deliverability by reducing the chances of your legitimate emails being flagged as spam or being rejected by email servers. When email receivers see that your domain is protected by DMARC, they are more likely to deliver your emails to the inbox.
• Protection of Brand Reputation: Phishing attacks that use your domain can harm your organization’s reputation and trustworthiness. DMARC helps protect your brand reputation by preventing unauthorized use of your domain in phishing emails, thereby maintaining trust with your customers and partners.
• Visibility and Control: DMARC provides visibility into email traffic sent from your domain through reporting mechanisms. You can monitor email authentication results and receive reports on email activity, including information about legitimate and fraudulent email senders. This allows you to take proactive measures to protect your domain and email infrastructure.

What is an MX record?

Conclusion

DMARC can significantly lower the number of fraud emails and spam. It is not 100% bulletproof, but it adds a lot of extra protection in comparison with the other two solutions – SPF and DKIM. The reporting functionality is welcome plus too.

The post DMARC, the solution for your phishing problems appeared first on ClouDNS Blog.

Problems like these can seriously affect your business. Your clients can get phished and send their private information to a fake address which is pretending to be you. This can damage your reputation and can lead to different bans for you.

Understanding Phishing Attack and How to Stay Protected

If you have such problems, then you need a Sender Policy Framework (SPF) to prevent spoofing and improve the reliability of your e-mail server. It is a validation system that verifies the legitimacy of your email server.

To use it you need to create an SPF record for your domain name. It is a type of DNS record that verifies which email server can send emails from the name of the specific domain.

Let’s define SPF record

This is how it looks like:

v=spf1 +a include:cloudns.net ~all

It has different mechanisms:

v=spf1 – shows that it is an SPF record and is the version 1

+a – it is authorization to the host, that it can send emails

include: authorization of the emails, that they can be sent from that particular domain

~all – this shows that, if another server sends an e-mail for your domain, it must be accepted but handled as spam. You can use -all if you want all other servers to be rejected

There can be more mechanisms like:

all – make a match of all local and remote IPs

ip4 – define a particular IPv4 address or a range of IPv4 (example: ip4:192.168.0.1 or ip4:192.168.0.0/24 for a whole network)

ip6 – set a specific IPv6 address or a range of IPv6 (example: ip6:fc00::1 or ip6:fc00::/7 for a whole network)

mx – for each MX record, it specifies all A and AAAA records

Mechanisms can have qualifiers before them:

+ – Pass, the address passed the test, accept the email (example: +mx)

–  – Hard Fail, the address failed, don’t accept the email (example: -ip4:192.168.0.1 or -all)

~ – Soft Fail, failed the test but it accept the emails, just tagged them as fails (example: ~all)

? – Neutral, no pass or fail, do whatever, probably accept email (example: ?all)

How to add SPF record

Now when you know what an SPF record is, you can watch the following video tutorial how to add it.

For more information, you can also check our wiki page about SPF record.

The benefits of adding an SPF record are clear, stop the illegal spammers from using your domain name to send a fake email and to be phishing private data. In the other hand, it will reduce dramatically the number of your email that goes directly to SPAM by recipients.

So, do that extra text and add this SPF record to your DNS for additional protection.

The post What is Sender Policy Framework, and how to setup SPF record? appeared first on ClouDNS Blog.