Postmark DNS Setup Guide
Postmark DNS Setup Guide for DealEngineAI
This guide provides step-by-step instructions for configuring DNS records to optimize email deliverability with Postmark while maintaining compatibility with Office 365.
Prerequisites
- Access to your domain's DNS management panel
- Postmark account
- Office 365 account (if applicable)
Step 1: Configure SPF Record
SPF records tell receiving mail servers which servers are authorized to send email from your domain.
- Log in to your domain registrar or DNS provider
- Locate the DNS management section
- Find existing TXT records for your domain
- If an SPF record exists (starts with
v=spf1), you'll need to modify it - If no SPF record exists, create a new TXT record
Record Details:
- Type: TXT
- Host/Name: @ (or leave blank, depending on your DNS provider)
- Value: v=spf1 include:spf.protection.outlook.com include:spf.postmarkapp.com -all
- TTL: 3600 (1 hour) or provider default
Important: Only one SPF record can exist for a domain. If you already have an SPF record, you must merge the Postmark inclusion with your existing record, not create a second one.
If You Only Use Postmark (No Office 365)
If you don't use Office 365, use this simpler SPF record:
v=spf1 include:spf.postmarkapp.com -all
Step 2: Configure DKIM Records
DKIM adds a digital signature to your emails to verify they weren't altered in transit.
- Log in to your Postmark account
- Go to Servers → Your Server → Sender Signatures
- Click on your domain
- Find the DKIM section
- Copy the provided DKIM record
Record Details (example - your actual values will differ):
- Type: TXT
- Host/Name: pm3._domainkey (use the exact subdomain Postmark provides)
- Value: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSH5gEX... (long string provided by Postmark)
- TTL: 3600 (1 hour) or provider default
Step 3: Configure DMARC Record
DMARC tells receiving servers what to do with emails that fail SPF or DKIM checks.
- Create a new TXT record
- Use the following details:
Record Details:
- Type: TXT
- Host/Name: _dmarc
- Value: v=DMARC1; p=none; rua=mailto:dmarc@dealengineai.com
- TTL: 3600 (1 hour) or provider default
Note: Replace
dmarc@dealengineai.comwith the email address where you want to receive reports.
Step 4: Configure Return-Path (Optional but Recommended)
Return-Path ensures bounced emails are handled properly.
- Create a new CNAME record
- Use the following details:
Record Details:
- Type: CNAME
- Host/Name: pm-bounces
- Value: pm.mtasv.net
- TTL: 3600 (1 hour) or provider default
Step 5: Verify Your Configuration
After making these changes, allow time for DNS propagation (typically 15 minutes to 24 hours).
Then verify your configuration:
# Check SPF record
nslookup -type=TXT dealengineai.com
# Check DKIM record
nslookup -type=TXT pm3._domainkey.dealengineai.com
# Check DMARC record
nslookup -type=TXT _dmarc.dealengineai.com
Or use our automated tool:
python check_dns_records.py dealengineai.com
Step 6: Set Up Inbound Email Forwarding
To process emails sent to analyze@dealengineai.com:
- Log in to your Postmark account
- Go to Servers → Your Server → Inbound
-
Set the Inbound Webhook URL to:
https://your-app-domain.com/postmark-inbound(Replace with your actual app domain) -
You can also run our utility to set this up:
bash python setup_postmark_inbound.py
Troubleshooting
Common DNS Issues
- Multiple SPF Records
- Problem: You have more than one SPF record
-
Solution: Combine all SPF includes into a single record
-
Missing or Incorrect Includes
- Problem: SPF record doesn't include Postmark
-
Solution: Add
include:spf.postmarkapp.comto your SPF record -
Wrong DKIM Subdomain
- Problem: Using wrong subdomain for DKIM record
- Solution: Use exactly what Postmark provides (e.g.,
pm3._domainkey)
Verification
To verify your Postmark configuration is working correctly:
# Send a test email
python test_delivery.py your-email@example.com
# Check if inbound webhook is configured
python verify_postmark_inbound.py
For comprehensive email delivery troubleshooting, refer to the Email Delivery Guide.