What is needed to setup a domain for a modern organization? Just buying a domain from a registrar is not enough.

You have to:

• Decide whether you will use your registrar for DNS record management or you will use a different DNS provider (e.g. Cloudflare or Microsoft).

• Select a hosting provider where your website code will be deployed. Or deploy it to your own servers.

• Of course, the website has to be developed as well but that’s out-of-scope for this post.

• Add an A or CNAME DNS record to point to the location of your website.

• Ensure that your hosting provider gives you an SSL certificate for your domain. Or generate/buy your own from a different provider and upload that to your hosting provider.

• Ensure that there is a redirect (on the hosting provider level) or CNAME record (on the DNS provider level) to automatically go from www.mydomain.com to just mydomain.com. The www prefix was cool in 1999, but in 2023 even browsers hide it by default.

• Ensure that you redirect from port 80 to 433. Nobody wants to visit a website that does not show a lock icon in 2023.

• Does your DNS provider support DNSSEC? Domain hijacking is not a myth. You better enable DNSSEC. A couple of DNS records need to be added.

• The domain registrar stores information about you that is publicly visible. Things like your email address or physical address may appear in the records of public WHOIS databases that registrars are mandated to support. If it contains just official company data, then it’s probably OK. But quite often those records reflect private data of company owners. That’s not OK. On the other hand, many registrars support WHOIS information protection services. For extra fee, of course.

• Then you have to select a mailing provider.

• Add MX records to point to your mailing provider.

• To fight spammers who pretend to send e-mails on your behalf, you have to add an SPF record that contains a list of allowed IP addresses from which you expect to send e-mails to your clients. Even though this record format maybe a bit outdated, it is still widely supported.

• Additional protection can be reached by adding DKIM record with the public key of your mailing provider to sign messages that you send.

• To get insights into SPF/DKIM alignment from the perspective of your e-mail receivers, you may also add a DMARC record that contains policy settings and mailbox that will get reports from other mail servers.

• Those reports are quite technical, so, you may want to sign up for a DMARC service that will analyze those reports for you. For an additional fee.

• Add a BIMI record that will contain the link to your brand logo. That maybe used by mail clients and search engines to show your brand identity.

• For even better brand exposure, you may need to buy a Verified Mark Certificate (VMC) and add another entry in your DNS provider. That’s quite expensive.

• Setup MTA-STS and TLS-RPT records to ensure that messages between your SMTP servers are encrypted.

• Planning to run ads? You may have to add several TXT records to verify domain ownership at different providers.

Did I forget anything?