Is it safe to email DNS records?

9 Marketer opinions 3 Expert opinions 6 Technical articles 3 Resources

Summary

Experts, marketers, and documentation agree that emailing DNS records is generally safe because this information is publicly accessible. However, a strong consensus exists regarding the risk of including sensitive information, such as DKIM private keys, credentials, or API keys, in such emails. Using secure channels is highly recommended, even for DNS records, due to the possibility of eavesdropping and the potential increase in the attack surface. If only standard DNS records are shared, the risk is considered low, but caution and secure practices should always be prioritized.

Key findings

DNS Records Public: DNS records are designed for public accessibility and distribution.
Low Risk for Records Alone: Emailing only DNS record values presents a minimal security risk.
High Risk with Sensitive Data: Including private keys, credentials, or API keys significantly increases the risk of data interception and misuse.
Attack Surface Increase: Sending data over email, even public data, slightly increases the potential attack surface.
Eavesdropping Possible: Email communication is susceptible to eavesdropping, regardless of the data's public nature.

Key considerations

Prioritize Secure Channels: Always opt for secure communication methods when sharing DNS information.
Exclude Sensitive Data: Ensure emails only contain DNS records and explicitly exclude private keys, credentials, and API keys.
Encryption if Possible: Consider using encryption for email communications containing DNS records for added security.
Confirm Recipient: Verify the recipient's identity and the necessity of providing them with the information.

What email marketers say
9Marketer opinions

The consensus is that emailing DNS records themselves poses a low risk, as they are inherently public information. However, transmitting credentials, private keys, or any sensitive data required to manage DNS zones via email is strongly discouraged due to the risk of interception and potential misuse. Secure communication channels are always preferable, and caution should be exercised even when emailing DNS records to ensure no sensitive information is inadvertently included.

Key opinions

Public Availability: DNS records are designed to be publicly accessible.
Low Risk: Emailing DNS records themselves presents a minimal risk.
Credential Security: Sending DNS management credentials via email is a significant security risk.
Attack Surface: Sending information over email slightly increases the attack surface.

Key considerations

Secure Channels: Prefer secure communication channels for transmitting DNS information.
Sensitive Data: Ensure emails do not contain passwords, private keys, or other sensitive data.
Encryption: Consider using encryption when emailing DNS records for added security.
Recipient Confirmation: Confirm the recipient's identity and need for the information.

Marketer view

Email marketer from InformationSecurity.StackExchange.com states that if the data being emailed is strictly DNS record data that has no passwords or keys it is low-risk, sending authentication keys would be a major risk.

January 2025 - InformationSecurity.StackExchange.com

Marketer view

Email marketer from TechForums.com says that there isn't significant risk in sending DNS records via email but advises caution. Suggests confirming the recipient and using encryption if possible.

May 2021 - TechForums.com

Marketer view

Email marketer from Reddit believes that while DNS records are publicly available, sending them over email does slightly increase the attack surface. He suggests that while the risk is low, more secure methods of communication are preferable, especially for sensitive records.

October 2022 - Reddit

Marketer view

Email marketer from Web Hosting Talk states that there's generally no harm in emailing DNS records since they are publicly accessible anyway. However, he emphasizes that you should never email credentials to access your DNS settings.

July 2024 - Web Hosting Talk

Marketer view

Email marketer from ServerFault.com cautions against sending DNS management credentials via email but suggests sending just the records is fine, although not ideal.

February 2022 - ServerFault.com

Marketer view

Marketer from Email Geeks explains DNS records are inherently publicly available, though sending them in clear text via email might make them easier to exploit if an attacker accesses the email. This person also goes on to say that forwarding the email wouldn’t let them use the domain for their own purposes without DNS access. Also sending DNS records via email is fine, sending DNS hosting credentials via email is NOT fine.

February 2023 - Email Geeks

Marketer view

Email marketer from Quora responds that while the DNS information itself is public, sending records via email presents a small risk. Secure protocols are favored for important data transfers.

April 2023 - Quora

Marketer view

Email marketer from StackExchange explains that emailing DNS records poses a minimal risk as they are not sensitive data. The main concern should be the access credentials to the DNS management panel, which should never be shared via email.

August 2022 - StackExchange

Marketer view

Email marketer from HostingAdvice.com recommends ensuring that any email communication of DNS records doesn't include passwords or private keys. The records themselves are relatively safe, but credentials are not.

July 2023 - HostingAdvice.com

What the experts say
3Expert opinions

Experts generally agree that emailing DNS records themselves is relatively safe, as this information is typically public or close to it. However, there's a strong caution against including any sensitive information like DKIM private keys, credentials, or API keys in those emails. Using a secure channel is always the best practice, but if only the standard DNS records are being shared, the risk is considered low.

Key opinions

DNS Records are Public: Most DNS record information is either public or nearly public.
DKIM Keys are Private: DKIM private keys should never be emailed.
Sensitive Data Risk: Emailing credentials or API keys alongside DNS records is risky.

Key considerations

Secure Channels: Use secure methods to share DNS information whenever possible.
Avoid Sensitive Info: Ensure emails only contain the DNS records themselves and no sensitive information.

Expert view

Expert from Email Geeks advises to not email your DKIM private key, but anything else is public already.

April 2022 - Email Geeks

Expert view

Expert from Word to the Wise explains that sending DNS records via email carries some risk, especially if those records include credentials or API keys. It's better to share the DNS information through a secure channel, but if you are sending the records themselves, it is relatively safe.

March 2024 - Word to the Wise

Expert view

Expert from Email Geeks says it's fine to email DNS records, DNS isn’t entirely public, but it’s close enough nobody puts anything sensitive in it.

December 2021 - Email Geeks

What the documentation says
6Technical articles

The documentation consistently states that while DNS records themselves are designed to be public and emailing them poses a minimal risk, it is critical to avoid transmitting sensitive information, such as credentials, private keys, or API keys, via email. Secure channels are always the recommended method for sharing DNS configuration details.

Key findings

DNS Records are Public: DNS records are inherently designed for public distribution.
Low Risk for Records: Emailing DNS record values alone introduces minimal risk.
High Risk for Credentials: Transmitting credentials or sensitive data via email is a major security risk.
Eavesdropping Risk: Even with public data, there's always a risk of eavesdropping on email communication.

Key considerations

Use Secure Channels: Always prefer secure channels for sharing DNS configuration information.
Avoid Sensitive Data: Ensure that emails containing DNS information do not include any private keys, credentials, or API keys.

Technical article

Documentation from NIST advises that while DNS data is generally public, transferring it via secure channels is always preferable. Avoid sending sensitive DNS management information via email to prevent interception.

November 2024 - NIST.gov

Technical article

Documentation from ICANN outlines that DNS records are designed to be publicly available and distributed. While emailing them directly doesn't introduce major risk, avoiding transmission of private keys or credentials via email is critical.

May 2024 - ICANN.org

Technical article

Documentation from Cloudflare outlines that while DNS records themselves are not secrets, best practices dictate avoiding transmitting sensitive information through insecure channels like email. Cloudflare recommends using secure methods to share configuration information.

March 2022 - Cloudflare

Technical article

Documentation from DNSSEC explains that while DNS records are public, the risk of eavesdropping is there. Sending sensitive DNS keys or login info is not safe. However, sending plain DNS records is generally ok.

May 2023 - DNSSEC.net

Technical article

Documentation from DNSimple suggests that the risk in emailing DNS records is minimal if you're only sending the record values themselves. However, transmitting credentials or API keys through email is highly discouraged due to the risk of interception.

December 2023 - DNSimple

Technical article

Documentation from Microsoft explains while DNS records are generally public, it's a security risk to send credentials or any sensitive information required to manage DNS zones via email. This document refers to internal security policies around data handling.

July 2022 - Microsoft

Understanding DNS Records in Email - MailerSend

DNS records ensure you send and receive emails in a secure, reliable way and provide benefits like advanced tracking options. Continue reading to learn more.

MailerSend

Help! Lost My DNS Records, Not Getting Email - DNS & Network ...

Hello there!! I just starting using Cloudflare last week in order to use Kajabi. My website is working, however, I can not receive emails. I believe I accidentally deleted my DNS records when I made the switch. My domain is through Google Domains. Can someone look at my DNS records to see why I can’t get the emails? I tried to add some of them back but no luck. I also see the note “An A, AAAA or CNAME record was not found pointing to the root domain.” I’m not sure how to do that since I do not ...

Cloudflare Community

Using GoDaddy email and setting up Netlify DNS records - Support ...

Domain address: www.fcdigitall.com Hi everyone, I have DNS issues and i will try to explain in details. My domain is bought from GoDaddy and my website fcdigitall.com is hosted by Netlify. I have contacted the customer support from GoDaddy and they said that I have to update the below Records in the DNS in Netlify. Record type :- MX Name/host :- @ Value ;- fcdigitallcom.mail.protection.outlook.com Priority :- 0 Record type :- TXT Name/host :- @ Value :- v=spf1 include:secureserver.net -...

Netlify Support Forums

How do I add a TXT record to a DNS configuration for Google Postmaster?

How do I configure DNS records to send emails from two different ESPs using the same subdomain?

How do I properly set up SPF and DKIM records for email marketing, including handling multiple SPF records, IP ranges, bounce capturing, and Google Postmaster Tools verification?

How do I properly set up a DMARC record on Wix and when should I change the policy?

How do I configure reverse DNS (rDNS) with multiple IP addresses for email sending?