Skip to main content

Setting up Zoho Mail for email inboxes

Zoho Mail is used for email inboxes (as opposed to Amazon SES, which is used for sending automatic emails such as activation emails and the like).

Below are the steps to get Zoho Mail working, which are fairly standard for any email provider.

Step 1: Verify domain ownership

As normal, Zoho Mail requires you to verify you own your domain. This means adding a TXT file to your DNS records; for Amazon Route 53 this is fairly simple. Take the txt name and value ZohoMail provides, and go to:

Route 53 Dashboard -> Hosted Zones -> <your website domain>

Note that if a TXT record for the root domain already exists (i.e. not a subdomain like subdomain.yourwebsite.com), you will need to modify that record instead of creating a new one. Add or modify the record as required, wait for the changes to propagate, then return to Zoho Mail and click verify. (It can take a little longer than the Route 53 propagation checker displays).

Step 2: Configure MX records

Within the Email Configuration area for your domain on Zoho Mail, there are four configuration items to set. First is the MX records which tell the DNS provider which servers can accept mail for your domain.

Follow the steps provided by Zoho Mail; if you have existing MX records, you will need to modify them instead of creating a new one. In Route 53, the different priority values can be put on separate lines in the same MX record. Wait for the changes to propagate and then verify on Zoho Mail.

Step 3: Configure SPF records

Similar to the above, this time involving a TXT record. Add it, wait for propagation, and verify.

Step 4: Configure DKIM authentication

For this, you need to choose a selector, effectively a subdomain that will be used for authenticating emails from this particular provider (i.e. Zoho Mail). For Deserted Chateau, this is zohomail_.domainkey, but the only important point here is that it must be unique for your domain. In particular, if Amazon SES is set up for email sending, it will use a DKIM selector as well, and you need each selector to be separate. Use 2048-bit signing.

The TXT record required to set up DKIM is straightforward on most sites but not on Route 53, where there's a minor pitfall: Route 53 has a limit on the length of TXT entry values. You need to split the value string for the TXT record into two pieces, each with double quotes around them, as detailed here: https://repost.aws/knowledge-center/route53-resolve-dkim-text-record-error

After that, it's another case of modifying/adding the record, waiting for propagation, and verifying on Zoho Mail.

Step 5: Configure DMARC

Set the action taken by DMARC to "do nothing", the aggregate and forensic email addresses to your main address at Zoho Mail, leave the policy percentage at default (100), and use relaxed rules for SPF and DKIM alignment.

Generate the TXT record, add it to Route 53, wait for propagation and verify it on Zoho Mail.

Back to top