Summary
CNAME records, which map an alias to a canonical domain, significantly affect DNS records, especially for email deliverability. TXT records like SPF, DKIM, and DMARC are generally preserved, but MX records MUST point to A records, not CNAMEs, to avoid delivery failures. If a domain uses a CNAME, the original domain's SPF record is disregarded, and the destination's SPF takes precedence. A CNAME subsumes all records at its level, redirecting DNS resolution. CNAMEs disrupt email configurations, associating services with the new domain. Improper CNAME usage conflicts with MX records and email routing, and it's not recommended on the root domain. Ensure DMARC policies resolve correctly, and DKIM keys are different from the domain. A CNAME record causes the original domain's SPF record to be ignored, with the destination's SPF taking precedence.
Key findings
- MX Record Restriction: MX records MUST point to A records, not CNAMEs; using CNAMEs causes mail delivery failures.
- SPF Override: A CNAME causes the original domain's SPF record to be ignored, with the destination's SPF taking precedence.
- CNAME Subsumption: A CNAME supersedes all records at its level, except for NS and SOA, redirecting DNS queries.
- Email Configuration Disruption: CNAMEs disrupt email configurations, linking services to the new domain.
- Root Domain Issues: CNAMEs are not recommended on the root domain due to potential interference with essential records.
Key considerations
- MX Record Configuration: Ensure MX records point directly to A records for proper mail routing.
- SPF Record Alignment: Align SPF records at the CNAME destination with sending practices.
- DKIM Key Security: Use DKIM keys different from the domain for better security.
- Domain-Level Application: Understand that a CNAME will supersede all other record types at its level, except for NS records and SOA.
- Consider DMARC implications: Ensure DMARC policies resolve correctly without CNAME-related issues, especially when using subdomain delegation.
What email marketers say
13 marketer opinions
CNAME records, while useful for aliasing one domain to another, can significantly impact DNS records crucial for email deliverability. While TXT records like SPF, DKIM, and DMARC, are generally preserved when an A or CNAME record is modified, issues arise when MX records are involved. MX records should point directly to A or AAAA records, not CNAMEs, to avoid mail delivery problems. Pointing a domain with an SPF record to a CNAME will cause the original domain's SPF record to be ignored, and the destination's SPF record will apply. A CNAME will subsume all records at the level at which it is applied, so when a DNS resolver encounters a CNAME, it replaces the name with the canonical name and restarts the resolution process, affecting all record types at that particular name. CNAME disrupts configurations related to email, which means that all the services previously linked to the origin domain will now be associated with the new domain. Therefore, using CNAMEs improperly leads to conflicts, particularly with MX records and email routing. It is generally not recommended to put a CNAME record on the root of a domain.
Key opinions
- MX Record Conflicts: MX records must point to A or AAAA records, not CNAMEs. Using a CNAME for MX records can cause mail delivery failures.
- SPF Record Overriding: Pointing a domain with an SPF record to a CNAME causes the original SPF record to be ignored; the destination's SPF record takes precedence.
- CNAME Subsumption: A CNAME record replaces all other records at the same level, which can disrupt existing DNS configurations.
- Email Configuration Disruption: CNAME usage can disrupt existing email configurations, impacting all services linked to the origin domain.
- Root Domain Issues: Using a CNAME record on the root domain is generally not recommended because it can interfere with other essential DNS records, such as those for email (MX records).
Key considerations
- Email Impact: Carefully consider the impact on email delivery when implementing CNAME records, particularly regarding MX and SPF records.
- DNS Standard Compliance: Ensure that DNS configurations adhere to standards, avoiding CNAMEs where other record types, like MX, are required.
- Domain-Level Application: Understand that a CNAME will supersede all other record types at its level, except for NS records and SOA.
- Alternative Solutions: Evaluate alternative domain masking solutions instead of CNAMEs if email delivery is critical.
- Subdomain Delegation: When using subdomain delegation, ensure the domain used in DMARC policies resolves correctly without CNAME-related issues.
Marketer view
Email marketer from EasyDMARC explains that While DMARC records themselves are TXT records and don't directly conflict with CNAMEs on other subdomains, the domain used in your DMARC policy (e.g., for reporting) should resolve correctly without CNAME-related issues, especially if you're using subdomain delegation.
27 Mar 2023 - EasyDMARC
Marketer view
Email marketer from DNSimple states that a CNAME record essentially redirects one domain or subdomain to another. While convenient, using CNAME records improperly can lead to conflicts with other records, particularly MX records needed for email routing. They advise against using a CNAME record for the root domain.
11 Oct 2023 - DNSimple
What the experts say
3 expert opinions
CNAME records significantly impact SPF records. If a domain sending email uses a CNAME, the original domain's SPF record is ignored, and the SPF record at the CNAME's destination must be correctly configured; otherwise, SPF authentication will fail. When generating DKIM keys, ensure they differ from the domain to prevent spam when using CNAME records.
Key opinions
- SPF Override: A CNAME record causes the original domain's SPF record to be ignored, with the destination's SPF taking precedence.
- SPF Configuration: The destination of a CNAME must have a properly configured SPF record to ensure email authentication.
- DKIM Key Security: For enhanced security, DKIM keys should differ from the domain, especially when using CNAME records, to prevent spam.
Key considerations
- SPF Record Alignment: Ensure the SPF record at the CNAME destination is correctly aligned with sending practices.
- Proper DNS Setup: Verify that DNS records, especially SPF, are appropriately configured at the CNAME's destination.
- DKIM Best Practices: Implement DKIM keys that are different from the domain for better security and spam prevention, especially in CNAME configurations.
Expert view
Expert from Spam Resource explains that if a domain uses a CNAME record, the SPF record associated with the original domain will be disregarded and the SPF record for the CNAME destination will apply instead.
15 May 2022 - Spam Resource
Expert view
Expert from Word to the Wise explains when creating DKIM keys, the best practice is to set them to be different than the domain. And with a CNAME this also prevents sending spam in the customers name.
10 May 2022 - Word to the Wise
What the documentation says
4 technical articles
CNAME records map alias names to canonical domain names, redirecting DNS lookups. While useful, standards like RFC 1034 and best practices from Google Workspace and Digital Ocean emphasize that MX records must point directly to A records, not CNAMEs. Using CNAMEs for MX records can cause mail delivery failures due to resolution issues.
Key findings
- CNAME Redirection: CNAME records redirect DNS lookups to a canonical domain name.
- MX Record Restriction: MX records must point to A records, not CNAME records.
- Mail Delivery Issues: Using CNAMEs for MX records can cause mail delivery failures.
- DNS Resolution Problems: CNAMEs cause issues resolving email to the correct location
Key considerations
- MX Record Configuration: Ensure MX records point directly to A records for proper mail routing.
- DNS Standards Adherence: Adhere to DNS standards and best practices to avoid mail delivery problems.
- Record Compatibility: Understand the restrictions on using CNAMEs with MX records to prevent resolution issues.
Technical article
Documentation from Digital Ocean explains that MX records must point to an A record, not a CNAME. CNAME records are usually employed to map one domain to another, and will cause issues for mail to resolve to the CNAME and then the location, so email can fail
28 Jul 2024 - Digital Ocean
Technical article
Documentation from RFC 1034 specifies that when a CNAME record is present, the DNS resolver should replace the CNAME record with the canonical name and restart the query. The standard also implies CNAME records should not co-exist with other record types for the same name.
17 Aug 2022 - RFC Editor
How do SPF, DKIM, and DMARC email authentication standards work?
Can DKIM be set up on a subdomain, and which domain should be used for signing?
Are SPF, DKIM, and DMARC records necessary for transactional email servers not used for marketing?
How can I ensure email compliance with Yahoo/Google rules including DMARC, SPF, and FcrDNS?
Are SPF, DKIM, and DMARC as important in B2B as in B2C email marketing?
Does a DMARC record need to be associated with the _dmarc subdomain?
How do SPF, DKIM, and DMARC affect email deliverability with Cvent?
Do SPF and DKIM records need to be aligned for all email service providers?
What are SPF, DKIM, and DMARC, and when are they needed?
Can I use DMARC with shared IP addresses?
