Manual DNS configuration

What is DKIM?
DKIM configuration with Fastmail
DKIM support during migration
Full list of DNS records

This page provides details on advanced domain setup options and is meant for more technical users. DNS is a complicated system that can break your website and/or mail delivery, so we strongly suggest that you do not make any changes to your DNS unless you have an understanding of DNS, or are following explicit instructions.

Looking for basic domain information or setup instructions?

Want more information about DNS?

What is DKIM?

DKIM is an email authentication standard that allows us to sign email you send with a particular domain. It's also used by the receivers of the email to confirm that the email was signed by that domain and hasn’t been changed. All email sent by Fastmail is DKIM signed.

In the original design of DKIM, the domain that signed the email had no particular relationship to the domain in the From address of the email. This was particularly useful for large email providers like us. We have 10,000′s of domains, but would sign all email with just our "generic" messagingengine.com domain.

However, this is now changing. Standards like DMARC explicitly link the domain of the email address in the From header to the DKIM signing domain.

It's best for email sent from your custom domain to be signed by that domain. If you host your DNS with Fastmail (our recommended option in the domain set up guide), then we handle this automatically for you. If you only point your MX records to us, you will have to manually set your DKIM records. You can do this on the control panel supplied by your domain registrar.

If you'd like to learn more about this, see our blog post about email anti-spoofing history and future.

DKIM set up with Fastmail

Fastmail uses three CNAME records to support DKIM signing, which lets us sign emails using the DKIM selectors "fm1", "fm2" and "fm3". The records are in the form (with {mydomain.com} replaced by your domain name):

Type	Selector	Value
CNAME	`fm1._domainkey`	`fm1.{mydomain.com}.dkim.fmhosted.com`
CNAME	`fm2._domainkey`	`fm2.{mydomain.com}.dkim.fmhosted.com`
CNAME	`fm3._domainkey`	`fm3.{mydomain.com}.dkim.fmhosted.com`

This configuration means Fastmail will automatically rotate public/private keys on your behalf to keep up with current best practices.

Fastmail does not DKIM sign emails until we have verified that the domain is correctly set up (with all three CNAME records). If you've recently added the above values to your DNS records, but aren't seeing that DKIM is active on your domain, you can force a check. To do so, click the Recheck DNS button in the Settings → Domains screen. This check prevents DKIM signing failures when the receiving side tries to lookup the public signature and fails to find it. We regularly check each domain to see if the correct public key CNAME records are being published.

DKIM support during migration

If you’re transitioning from another provider to Fastmail, you can use our custom DNS to publish the DKIM record of the previous provider with its selector as well as our own during the transition. You can also do the same if you're transitioning away from Fastmail.

Full list of DNS records

This is the full list of DNS records we can publish for you. You can choose to disable any of these. The information is also available on the Settings → Domains screen, in the Show DNS Settings section.

All entries have a 1 hour TTL.

Websites

Allows you to host websites at http://{mydomain.com} from your Fastmail file storage.
A {mydomain.com} 66.111.4.53
A {mydomain.com} 66.111.4.54

Standard Mail

Allows you to receive email at standard addresses, e.g. user@{mydomain.com}.
MX {mydomain.com} 10 in1-smtp.messagingengine.com
MX {mydomain.com} 20 in2-smtp.messagingengine.com

Subdomain Websites

Allows you to host websites at subdomains, including http://www.{mydomain.com}, from your Fastmail file storage.
A *.{mydomain.com} 66.111.4.53
A *.{mydomain.com} 66.111.4.54

Subdomain Mail

Allows you to receive email at subdomain addresses, e.g. foo@user.{mydomain.com}.
MX *.{mydomain.com} 10 in1-smtp.messagingengine.com
MX *.{mydomain.com} 20 in2-smtp.messagingengine.com

Webmail Login Portal

Allows you to log in to your account at http://mail.{mydomain.com}.
A mail.{mydomain.com} 66.111.4.147
A mail.{mydomain.com} 66.111.4.148

Allow mail at subdomains

An 'A' record hides the wildcard subdomain MX record. This overrides that to allow receiving email addressed to foo@mail.{mydomain.com}.
MX mail.{mydomain.com} 10 in1-smtp.messagingengine.com
MX mail.{mydomain.com} 20 in2-smtp.messagingengine.com

DKIM

Allows us to sign the mail you send so receivers can verify it's from you. This is important to ensure your message is not classified as spam. Note you'll need to add all three.
CNAME fm1._domainkey.{mydomain.com} fm1.{mydomain.com}.dkim.fmhosted.com
CNAME fm2._domainkey.{mydomain.com} fm2.{mydomain.com}.dkim.fmhosted.com
CNAME fm3._domainkey.{mydomain.com} fm3.{mydomain.com}.dkim.fmhosted.com
Deprecated, for old domains only:
- CNAME mesmtp._domainkey.{mydomain.com} mesmtp.{mydomain.com}.dkim.fmhosted.com

SPF

Allows receivers to know you send your mail via Fastmail, and other servers.
TXT {mydomain.com} v=spf1 include:spf.messagingengine.com ?all

Client email auto-discovery

Allows email clients to automatically find the correct settings for your account.
SRV _submission._tcp.{mydomain.com} 0 1 587 smtp.fastmail.com
SRV _imap._tcp.{mydomain.com} 0 0 0 .
SRV _imaps._tcp.{mydomain.com} 0 1 993 imap.fastmail.com
SRV _pop3._tcp.{mydomain.com} 0 0 0 .
SRV _pop3s._tcp.{mydomain.com} 10 1 995 pop.fastmail.com
SRV _jmap._tcp.{mydomain.com} 0 1 443 jmap.fastmail.com

Client CardDAV auto-discovery

Allows CardDAV clients to automatically find the correct settings for your account.
SRV _carddav._tcp.{mydomain.com} 0 0 0 .
SRV _carddavs._tcp.{mydomain.com} 0 1 443 carddav.fastmail.com

Client CalDAV auto-discovery

Allows CalDAV clients to automatically find the correct settings for your account.
SRV _caldav._tcp.{mydomain.com} 0 0 0 .
SRV _caldavs._tcp.{mydomain.com} 0 1 443 caldav.fastmail.com