How long does DNS propagation take?

Usually 5–30 minutes; worst case 48 hours. Most registrars publish almost instantly, but some users may continue resolving the old records until their local DNS cache expires. Use whatsmydns.net or `dig` to check propagation in real time.

Can I use Cloudflare DNS with SigmaDSA?

Yes. Cloudflare works well, but set the proxy status to "DNS only" (grey cloud) for the mail-related records — MX, A `mail`, autodiscover. Cloudflare's proxy doesn't support port 993/465 mail traffic. The website A records can stay proxied (orange cloud) if you want Cloudflare's CDN.

I added all records but Verify All shows failures.

Common causes — (1) typo in the record value (especially DKIM, which is a long key), (2) registrar appended the apex domain to the value (your `mail.yourdsa.com` became `mail.yourdsa.com.yourdsa.com`), (3) DNS not yet propagated (wait an hour, retry), (4) Cloudflare proxy enabled for mail records. Click the failed record's detail to see what was returned vs expected.

Do I need both SPF and DKIM and DMARC?

For best deliverability, yes. SPF lists who can send for your domain; DKIM cryptographically signs messages; DMARC says what to do with messages that fail SPF/DKIM. Without all three, modern providers (Gmail, Outlook) tag your emails as suspicious or send them to spam.

DNS & Domain — SigmaDSA Help

The DNS records you need to add at your domain registrar (GoDaddy, Cloudflare, Namecheap, etc.) to wire up your public website and custom email domain. Click Verify All once the records are live.

The DNS & Domain page (/settings/dns) lists every DNS record you need to add at your domain registrar to make the website and email work. The records auto-populate after you configure Email Domain and add your domain on Website. You paste them at your registrar, wait for propagation, then click Verify All.

DNS Settings page with Website, Email, Security records grouped into cards and Verify All button highlighted — DNS Settings: (1) Website records (A), (2) Email records (MX/A/CNAME/SRV), (3) Security records (SPF/DKIM/DMARC), (4) Verify All button.

The records — what each one does

Website (2 records)

Type	Name	Value	Purpose
A	`@`	`82.27.1.23`	Apex domain points at the SigmaDSA web server.
A	`www`	`82.27.1.23`	`www` subdomain → same server. Both `yourdsa.com` and `www.yourdsa.com` resolve.

Email (4 records)

Type	Name	Value	Purpose
MX	`@`	`mail.yourdsa.com` (priority 10)	Routes incoming `*@yourdsa.com` mail to your SigmaDSA mail server.
A	`mail`	`82.27.1.23`	`mail.yourdsa.com` subdomain → mail server IP.
CNAME	`autodiscover`	`mail.yourdsa.com`	Outlook auto-configuration.
SRV	`_autodiscover._tcp`	`0 443 mail.yourdsa.com`	Fallback auto-config for clients that don't use CNAME.

Security (3 records — SPF / DKIM / DMARC)

Type	Name	Value	Purpose
TXT	`@`	`v=spf1 mx a ip4:82.27.1.23 ~all`	SPF — authorises the mail server to send for your domain.
TXT	`_dmarc`	`v=DMARC1; p=quarantine; rua=mailto:postmaster@yourdsa.com`	DMARC — anti-spoofing policy + aggregate report destination.
TXT	`default._domainkey`	`v=DKIM1; k=rsa; p=<long key>`	DKIM — signing key for outgoing email integrity.

How to add the records at your registrar

The exact UI varies by registrar but the concepts are universal.

GoDaddy

DNS Management → Records section → Add. Each row maps:

Type → Type (A, MX, CNAME, SRV, TXT).
Host → Name (@, www, mail, etc.).
Points to / Value → Value.
TTL → 1 Hour (default).

Capability	Requires
Public website live at your domain	Website A records verified + Publish toggled on (under Website page)
*Send/receive email at `@yourdsa.com`**	MX + mail-A records verified
Outlook auto-configures with email + password	CNAME `autodiscover` + SRV records verified
Outgoing email lands in customer inbox (not spam)	SPF + DKIM + DMARC records all verified
Customer mailbox shows the "verified domain" indicator	DMARC `p=quarantine` or `p=reject` policy

Common issues

MX value got domain appended — registrar requires either bare hostname OR fully-qualified with a trailing dot. Set to mail.yourdsa.com. (with trailing dot) at Cloudflare and Namecheap; mail.yourdsa.com (no dot) at GoDaddy and Google Domains.
DKIM TXT too long error — split into 255-char chunks at most registrars; Cloudflare allows up to 2048 chars in one value. If split, surround each chunk with quotes: "first-chunk" "second-chunk".
SPF ~all vs -all — ~all (soft fail) is the default — failing-SPF mail still arrives but gets flagged. After deliverability is stable, switch to -all (hard fail) to fully reject spoofed mail.
DMARC p=none for first month — if you're worried about over-quarantining your own legitimate mail, start with v=DMARC1; p=none; rua=... to monitor. Switch to p=quarantine once aggregate reports show no false positives.

Permission gating

Admin role. The Verify All action is non-destructive — no permissions needed for end users.

DNS & Domain

The records — what each one does

Website (2 records)

Email (4 records)

Security (3 records — SPF / DKIM / DMARC)

How to add the records at your registrar

GoDaddy

Cloudflare

Namecheap

Google Domains / Cloudflare Registrar

Verify

Click Verify All

Status per record

Re-run after fixing failures

What works after all records verified

Common issues

Permission gating

Next steps

On this page