A friend is in the process of launching his new business. Everything was going smoothly for him until I had a quick look at his domain setup. It turns out, he was paying for email hosting twice — once through his domain registrar’s bundled service and again through Google Workspace. The kicker? Neither was set up properly, so he was missing important emails too.
This is a mistake I see all the time with startups and small businesses. The culprit? Misconfigured DNS records.
In this post, we’ll cover what DNS records are, why they matter, how to audit them, and even how they tie into the principles behind the Essential Eight cybersecurity guidelines.
What Are DNS Records?
DNS is essentially the internet’s phonebook. Instead of remembering an IP address, DNS maps human-friendly names to addresses and services. Every service — your website, email, or SaaS app — relies on the correct DNS record to function properly.
The Must-Know DNS Records for Business Owners
| Record | Purpose | Why It Matters |
| A Record | Points your domain name to your website | Ensures visitors reach the right server |
| MX Record | Directs email traffic | Prevents lost emails and accidental double-payments |
| CNAME Record | Alias for subdomains | Connects subdomains to SaaS apps or other services |
| TXT Records (SPF, DKIM, DMARC) | Email authentication and security | Prevents spoofing, phishing, and ensures email integrity |
Think of MX records like mail forwarding. If you have two mailboxes set up, your postie doesn’t know where to drop the letter.
How People End Up Paying Twice for Email Hosting
Many domain registrars (GoDaddy, CrazyDomains, etc.) bundle “free” or paid email hosting. In my freinds case, he was paying for email hosting in addition to his domain and web hosting packages. Once he had these sorted, he went and signed up for Google Workspace.
The result? Conflicting records, delivery errors, and more importantly for a small business, unnecessary costs.
How you can audit your DNS records
Auditing your DNS records is a simple but essential step to keeping your email and domain secure. Start by running your domain through a service like MXToolbox to review key records like MX, SPF, DKIM, and DMARC.
Make sure you’ve only got one active set of MX records pointing to your current mail provider—old or duplicate entries can cause delivery issues or even expose your domain to abuse. Head into your DNS manager to clean up any outdated or unused records, then test email delivery by sending messages to and from external accounts. If you spot problems, fix them by updating your SPF to include only valid mail servers, enabling DKIM, and adding a DMARC record (even in monitoring mode is better than nothing). Finally, re-run your checks in MXToolbox to confirm everything’s working as expected.
How This Supports Essential Eight Security Principles?
Even though the Essential Eight doesn’t explicitly call out DNS records, maintaining proper MX, SPF, DKIM, and DMARC settings aligns closely with several Essential 8 mitigation strategies:
- Malware & phishing mitigation: Prevents attackers from spoofing your domain, reducing the risk of malware delivered via email.
- Secure configuration hardening: Correct DNS records are part of a secure infrastructure baseline, limiting unauthorized email activity.
- Operational resilience: Ensures reliable email delivery and supports incident prevention and response.
Correct DNS and email authentication isn’t just a money-saver — it strengthens your security baseline, mitigates common malware and phishing risks, and keeps your organization aligned with the spirit of the Essential Eight.
Don’t let sloppy DNS setups cost you money or emails. Spend 10–15 minutes checking your DNS records today, and you could save hundreds a year — not to mention headaches.
Grab my free DNS Health Check Checklist to run through your own domain setup. It covers MX, SPF, DKIM, DMARC, and includes tips to align with Essential Eight principles.
Got questions or want to see a topic covered? Reach out — we love helping you tighten your security baseline.
Until next time, keep your bits tight and your baselines clean.
