Free email hosting for custom domain

Hello, internet traveller! In this post I hope to cover the steps required to easily setup free email hosting for a custom domain, e.g., me@someone.com, AND sign outbound emails to prevent tricksters spoofing emails from your domain.

You’ve bought a snazzy new domain for yourself, and now you’re eyeing up a beautiful short email address such as hi@rob.pw, but you don’t want to run mail server software yourself for obvious reasons. That’s cool, good on you for taking the judo-solution.

The approach is simple, and fortunately there are many free email hosting providers out there that will take up your domain, and safely handle your emails!

Prior to writing this article, I was using Outlook.com to send/receive emails meant for my domain; however, apparently Outlook.com no longer support custom domains, so I won’t be covering this method.

The adventure begins #

In this guide I’ll be using Zoho Mail, since they offer free email hosting without adverts, and you’ll get 5GB of storage - how superb! Let’s begin.

Head over to https://mail.zoho.com, click on ‘Get Started’ and then select the Free Plan (or cheat - http://mail.zoho.com/biz/mailsignup.do?plan=free ). Enter your domain details, including the primary email address you wish to use for the domain, don’t worry, you can add more later! You’ll use this email address to log into Zoho Mail, so ensure to type it correctly. They will also ask you to enter a ‘Contact Email’, this should be an email address which is separate from your domain, just incase.

Once completed, you’ll be taken to the ‘Verify Domain’ part of the setup process, this is where you prove that you own the domain. You can either create a CNAME record, a TXT record, or upload a HTML page to a specific address ( someone.com/zohoverify/verifyforzoho.html ).

Creating a CNAME entry is quite simple, the entry will be -similar- to:
zb13341162.someone.com zmverify.zoho.com

Or if you’re using TXT:
someone.com zoho-verification=zmverify.zoho.com

Next you’ll add your users for the domain, you only need one to get started, for simplicities sake why not make this the email address you used earlier.

Skip ‘Groups’, unless you have a real reason for using it (e.g., you’re a small business, with multiple people managing one email address).

‘Change MX Records’: Now we venture into fun, technical territory, but it’s all simple DNS stuff so don’t fret! There’s a guide over at: https://adminconsole.wiki.zoho.com/set-up/Configure-Email-Delivery.html#step0 which runs through the steps in all the detail you’ll need. Saying that, I’ll summarise quickly. Create two MX records for the root of your domain, e.g., someone.com, these two MX records point to Zoho’s servers and tell the email sender who will be handing mail for that domain.

The records should look something like:
someone.com IN MX (10) mx.zohomail.com.
someone.com IN MX (20) mx2.zohomail.com.

Where IN MX (Y), Y being the priority. If you can set a lower priority, then feel free to do so, but it’s not absolutely required.

Wait about 10 minutes for the DNS records to propagate (DNS entries are cached around the internet to speed up access of websites), now try sending an email to the address you just created. HOPEFULLY, you should receive the test email in your new shiny inbox, sending an outbound email should always work (but it might get caught by the spam guard, which is what we’re going to fix now).

Congratulations!! You are now done configuring basic free email hosting for your custom domain. However, I, or any other computer savvy user can spoof emails from your domain and it look authentic - uh oh, read on and we’ll solve that issue.

Part two, email spoof prevention #

Signing emails and avoiding being caught by spam filters: Email providers such as GMail, Outlook, etc, all use various systems for verifying that the sent email actually originated from the domain, and was sent by the owner of that address. Without these checks, it is completely possible to spoof an email from an address, and it would look legitimate. For instance, at the time of writing GCHQ do not use DKIM (one such email signing method, the successor to DomainKeys) in their outbound emails, which means it is possible to spoof an email from @gchq.gov.uk and it will arrive in your inbox - oops. Whereas with email signing, it would arrive in spam, since the email provider can see that the email did not originate from the sender, and hence is fake.

Let’s get started. #

The email ownership methods we’ll be covering are: DomainKeys and SPF. DomainKeys uses a Private Key to sign your messages, and a Public Key so that people can check the message was signed by your Private Key. Normally you would have to generate these keys yourself, but Zoho Mail provides built-in support for this, we just need to follow some simple steps to get it up and running.

DomainKeys setup.. #

In Zoho Mail, navigate to: Control Panel > Mail Administration > Org Settings > DomainKeys. Once there, select your domain, then type ‘zoho’ into the TXT Record name. The full txt record will look something like zoho._domainkey.someone.com, we’ll add this DNS entry in a minute. Click on ‘Generate new record’ and the large textarea will now contain a DNS Record value, in the following format:

k=rsa; t=y; p=

Now, navigate to your DNS entries and enter a new TXT Record. The host will be zoho._domainkey.someone.com, the type is TXT, the value is that which is in the textarea - as shown above.

t=y; indicates that we’re still testing the DomainKeys record, and should be removed from the value once we’ve confirmed that our emails are being correctly signed.

Now, click ‘Begin authentication’, Zoho will now start signing your emails using a hidden private key belonging to your account.

Create a new email and send it to check-auth2@verifier.port25.com, this is a free service that will verify that the DomainKeys signing works, hopefully you’ll receive an ‘Authentication Report’ email back with results similar to:

DomainKeys check details: #

Result: pass
ID(s) verified: header.From=me@someone.com

If not, wait about 10 minutes and try again, failing that it’s time to go back and figure out what went wrong.

Once working, remove t=y;

Now, let’s move onto SPF verification, this is a secondary authentication method which will further proof that the email originated from your domain/IP.

SPF setup.. #

Create another TXT Record for your domain, this time in the format:

Host:
someone.com
Value:
v=spf1 mx include:zoho.com ~all

This essentially says: ‘Any email claiming to be from someone.com, and doesn’t originate from zoho.com is fake and can be classed as SPAM’.

Again, send an email to: check-auth2@verifier.port25.com, hopefully the results will come back as yet another beautiful pass, simlar to:

SPF check details: #

Result: pass
ID(s) verified: smtp.mailfrom=me@someone.com

If not, wait it out and try again, or figure out what went wrong.

That completes the guide, I hope everything worked out and you’re now looking at a beautiful new inbox, with the ability to send signed emails.

If you need any help, don’t hesitate to contact me at hi@rob.pw, configured using exactly the same process as this.

With love,
Rob PW.

 
11
Kudos
 
11
Kudos

Now read this

Pukka.news : ambition brief.

Pukka.news will be a platform and network dedicated to: (discovery of, contribution to, and support for) the production of authentic and trustworthy news reporting by independent journalists anywhere on earth. At present, mainstream... Continue →