How to set up email for your own domain

You can host the email for your domain(s) with FastMail, providing you have an Enhanced/Premier personal account, or a business/family account. Our pricing table lists how many domains and aliases each account type may have.

Business and family accounts can create users in their own domain. Personal accounts must remain in one of the FastMail domains. This just means you have to use your FastMail username to log in: you can still send and receive mail exclusively with an alias at your domain.

Set up

  1. Go to the Advanced → Virtual Domains screen if you have an Enhanced/Premier personal account, or go to Manage → Virtual Domains if you have a Business or Family account.
  2. Add your domain(s) (e.g. yourdomain.com) in the "Virtual Domains" section. Just type the domain into the text box on the left, then click the "Add" button on the right. You can ignore the other columns for now (there's a detailed description of each of them below).

  3. In the "Virtual Aliases" section, add the email addresses you wish to receive mail for at your domain(s) (e.g. info@yourdomain.com). Leave the "Target" for the domain address(es) as your FastMail address. See our aliases help page for more information on the other options available.
  4. Point the DNS records of your domain(s) to us. Log in to the control panel supplied by your domain registrar, then either:

    1. At your registrar, look for where you can change the "name servers" for your domain. You want to make sure there are only two values, and that the two values are:

      • ns1.messagingengine.com
      • ns2.messagingengine.com

      With this option, we host your DNS and automatically make sure all the correct entries are set for your email. We also provide a control panel for full customisation of your DNS records should you need it. Our nameservers are fast, reliable and secure, and our web interface for managing DNS is simple, but powerful enough to allow any number of records of any type.

    2. Alternatively, you can just set the mail exchanger records for your domain (MX records) to point at us. Use these as the mail exchanger servers:

      • in1-smtp.messagingengine.com (first, priority=10)
      • in2-smtp.messagingengine.com (second, priority=20)

      If you want email for sub-domains to come to us as well, you also need to set the MX records for *.yourdomain.com to the above values as well.

      Some DNS providers require that you put a . on the end of the MX server names (e.g. in1-smtp.messagingengine.com. rather than in1-smtp.messagingengine.com). Try the version without a . first, and if the DNS provider appends anything, try the version with the . appended.

      We recommend that you choose option 1 (host your nameservers with us) if possible so we can ensure that all the appropriate DNS records are set up automatically for reliable email sending and receiving.

      If you choose to just point your MX records at us, please see the section below on setting up DKIM for your domain. If you don't do this, it's much more likely that some systems will mark email you send as spam. We handle this automatically for you if you host your nameservers with us.

That's it! It may take up to a day for the changes to propagate across the internet (see our note below on TTL values), although normally it's a lot faster: just a matter of minutes. Messages sent to the aliases you added above should now arrive in your Inbox.

While you're all set up to receive mail sent to your domain now, to send mail with the From address at your domain, you now need to create a personality with the address you wish to use.

DNS column

The DNS column shows whether we think the MX records for the domain currently point to us:

You can use this information to confirm that the MX records for your domain are correct.

Subdomain column

When you use a your own domain, you can control how FastMail handles sub-domain addressing for your domain. The last column on the domains screen labelled Subdomain? a@b.dom as: controls this. The options are:

When sub-domain addressing is disabled for your domain, this can mean two things:

Mirrored domains

With email, it's easy to have multiple domains that "mirror" each other. So you might have example.com and example.com.au, and you want any email address for example.com to work for example.com.au as well. To set this up:

  1. Pick a "primary" domain (say example.com), and create all your domain aliases and accounts in that domain.
  2. Create a single alias in your alternate domain with the special * value (e.g. *@example.com.au) and set the target of that alias to *@example.com. Then any valid email address at example.com, will also be valid at example.com.au. Note that this only works for email addresses; for websites, you have to explicitly create the website for each domain, or set up a redirect to the primary domain.

DNS TTL (time to live) times

When you change the DNS nameservers or MX records for your domain, it can take a while before everywhere gets the new values. This is because DNS entries have a TTL (time to live) value associated with them, which tells systems how long they can cache a DNS value. Usually this value is something like 10 minutes or an hour, but it can be many days. Once a system has cached a value, there's no way to force it to be cleared, you just have to wait the TTL time for the entry to expire.

Generally this isn't a problem, but it can be worth checking the TTL times on your existing DNS entries at your current DNS host before you change them to us. One way to ensure that the change over is fast is to do the following.

  1. Log in to your existing DNS provider.
  2. Check the current TTL time for your domain (either NS or MX records depending on what you're changing) and note this down.
  3. Change the TTL time for your domain to 5 minutes.
  4. Now wait for the old time-to-live you noted in step 2. This will ensure that the old value expires from all caches on the internet, and any new lookups have the new TTL value.
  5. Make the DNS changes you want (e.g. change the nameservers to point to us).
  6. Within 5 minutes (because of the TTL value you set in step 3), all caches on the internet should have the new values.
  7. At this point, you can increase the TTL times on your domain again to improve overall performance and help be nice on the internet infrastructure.

DKIM

DKIM is an email authentication standard that allows you to sign email you send with a particular domain, and for receivers of the email to confirm that the email was signed by that domain and hasn’t been altered. All email sent by FastMail is DKIM signed.

In the original design of the DKIM, the domain that signed the email had no particular relationship to the domain in the From address of the email. This was particularly useful for large email providers like us. We have 10,000′s of domains, but would sign all email with just our "generic" messagingengine.com domain. However, this is now changing. Standards like Author Domain Signing Practices explicitly link the domain of the email address in the From header to the DKIM signing domain. Also Gmail shows any email sent with a From domain that’s different to the DKIM signing domain with an extra "via messagingengine.com" notice next to the sender name.

It's therefore better for email sent from your custom domain to be signed by that domain. If you host your DNS with FastMail (our recommended option 1 in step 4 of the domain set up guide above), then we handle this automatically and you do not need to do anything. If you only point your MX records at us, however, you will have to set this up separately.

Set up DKIM signing with your domain

You only need to do this if you only host your MX records with us. If you host your name servers with us, we will do all this for you.

  1. Go to the Advanced → Virtual Domains screen if you have an Enhanced/Premier personal account, or go to Manage → Virtual Domains if you have a Business or Family account.
  2. Scroll to the bottom and you'll see the DKIM signing keys section. There will be a different DKIM key for each domain you have.
  3. Log in to your DNS provider and create a new TXT record for each domain listed. Use the value in the Public Key column as the TXT record data to publish.

Important: Note that you have to add the TXT record for the domain name shown in the DKIM signing keys section, which will be mesmtp._domainkey.yourdomain.com. Do not add it for the base domain name yourdomain.com, that won’t work.

As every DNS provider is different, we are unable to offer more specific instructions on how to create a TXT record with them. If you are having difficulty, please contact your DNS provider directly for assistance.

Initially each domain is marked as DKIM disabled (Enabled column = [ ]). While a domain is DKIM disabled, we won’t sign any sent emails. This is to avoid DKIM signing failures when the receiving side tries to lookup the public signature and fails to find it. We regularly check each domain to see if the correct public key TXT record is being published. If it is, we mark the domain in our database as "DKIM enabled" (Enabled column = [*]), and then begin signing sent emails.

There’s currently no way to change the public/private key used to sign emails or upload new ones. We always generate our own key pair for each domain and use the DKIM selector "mesmtp" to sign emails. This shouldn’t be a problem. If you’re transitioning from another provider to FastMail, you can use our custom DNS to publish the DKIM record of the previous provider with its selector as well as our own during the transition. Vice-versa for transitioning away from FastMail. The only other reason to change the selector would be if the private key was compromised, which should never happen as it’s stored securely within FastMail’s system.