How to Add MX Records in DigitalOcean DNS - Step-by-Step Guide
Complete guide to adding MX records in DigitalOcean's DNS management for Google Workspace, Microsoft 365, and other email providers.
DigitalOcean is primarily known as a cloud infrastructure provider, but it also offers free DNS management for any domain you add to your account. If you're hosting your website on a DigitalOcean Droplet and using their nameservers, you'll manage your MX records through the DigitalOcean control panel.
This guide walks you through adding MX records in DigitalOcean's DNS, whether you're connecting Google Workspace, Microsoft 365, or any other email provider.
How DigitalOcean DNS Works
DigitalOcean's DNS service is available to any DigitalOcean account holder at no extra cost. You don't need a Droplet or any other DigitalOcean resource to use it, though most people use it alongside their infrastructure.
To use DigitalOcean DNS, your domain's nameservers must point to DigitalOcean:
ns1.digitalocean.com
ns2.digitalocean.com
ns3.digitalocean.com
If your nameservers point somewhere else (like your domain registrar), then your DNS records at DigitalOcean won't have any effect. You can check where your nameservers point by looking up your domain at your registrar or running a WHOIS lookup.
DigitalOcean is DNS only, not a registrar
DigitalOcean doesn't sell domain names. You'll register your domain at a registrar (like Namecheap, GoDaddy, or Hover) and then point its nameservers to DigitalOcean if you want to manage DNS there. MX records, A records, and everything else are configured in the DigitalOcean control panel.
Before You Start
Make sure you have:
- A DigitalOcean account (free to create)
- Your domain added to DigitalOcean's networking section
- Your domain's nameservers pointing to DigitalOcean (configured at your registrar)
- The MX record values from your email provider (hostnames and priorities)
If you haven't added your domain to DigitalOcean yet, you'll do that as part of the setup below.
Adding Your Domain to DigitalOcean
If your domain isn't already in DigitalOcean's DNS management:
Step 1: Log into the DigitalOcean control panel at cloud.digitalocean.com.
Step 2: Navigate to Networking in the left sidebar, then click the Domains tab.
Step 3: Enter your domain name in the "Enter domain" field and click Add Domain. If you have a Droplet, you can optionally select it to auto-create an A record, but this isn't required for email setup.
Step 4: DigitalOcean will create a DNS zone for your domain and show you the three nameservers listed above. Update your nameservers at your domain registrar to point to DigitalOcean. This step can take up to 48 hours to propagate, so plan accordingly.
Adding MX Records
Once your domain is set up and nameservers are pointed to DigitalOcean:
Step 1: From the Networking > Domains page, click on your domain name to open the DNS record editor.
Step 2: You'll see a form at the top of the page for adding records. Select MX from the record type dropdown.
Step 3: Fill in the fields:
- Hostname: Enter
@for your root domain (yourdomain.com). If you want MX records for a subdomain, enter the subdomain name instead. - Mail server: Enter the mail server hostname from your email provider. DigitalOcean requires a trailing dot on hostnames (e.g.,
aspmx.l.google.com.). If you forget it, DigitalOcean typically appends your domain name, which would result in an incorrect value. - Priority: Enter the priority number specified by your email provider.
- TTL: The default of 1800 seconds (30 minutes) works well.
Step 4: Click Create Record.
Step 5: Repeat for each additional MX record your provider requires.
Don't forget the trailing dot
DigitalOcean's DNS interface requires a trailing dot on mail server hostnames. Enter aspmx.l.google.com. (with the dot) not aspmx.l.google.com. Without the dot, DigitalOcean may append your domain name to the hostname, creating an invalid record like aspmx.l.google.com.yourdomain.com.
Adding Google Workspace MX Records
For Google Workspace, add these five records:
| Hostname | Mail Server | Priority |
|---|---|---|
| @ | aspmx.l.google.com. | 1 |
| @ | alt1.aspmx.l.google.com. | 5 |
| @ | alt2.aspmx.l.google.com. | 5 |
| @ | alt3.aspmx.l.google.com. | 10 |
| @ | alt4.aspmx.l.google.com. | 10 |
Remember the trailing dot after each hostname.
Adding Microsoft 365 MX Records
Microsoft 365 typically needs one MX record:
| Hostname | Mail Server | Priority |
|---|---|---|
| @ | yourdomain-com.mail.protection.outlook.com. | 0 |
Replace yourdomain-com with your domain using hyphens instead of dots. Find the exact value in your Microsoft 365 admin center under Settings > Domains.
Adding Other Email Provider MX Records
Common configurations for other providers (remember the trailing dots):
Zoho Mail:
@ → mx.zoho.com. (priority 10)
@ → mx2.zoho.com. (priority 20)
@ → mx3.zoho.com. (priority 50)
ProtonMail:
@ → mail.protonmail.ch. (priority 10)
@ → mailsec.protonmail.ch. (priority 20)
Fastmail:
@ → in1-smtp.messagingengine.com. (priority 10)
@ → in2-smtp.messagingengine.com. (priority 20)
Always verify current values in your email provider's documentation.
Removing Old MX Records
If your domain has existing MX records you need to remove:
- Find the MX records in the DNS record list below the add-record form
- Click the More menu (three dots) on the right side of the record
- Select Delete and confirm
Remove all old MX records before or immediately after adding new ones to prevent email from being split between providers.
Verifying Your MX Records
After adding your records and waiting for propagation, verify the setup.
Check with the free MX lookup tool at mxrecordchecker.com. Enter your domain and confirm that all expected MX records appear with the correct hostnames and priorities.
Send a test email from an external account (Gmail, Outlook, etc.) to an address at your domain. If it arrives at your email provider, the MX records are working.
Check your email provider's setup tool. Google Workspace, Microsoft 365, and most other providers offer a setup wizard that verifies your DNS configuration is correct.
If records don't appear right away, remember that DNS propagation can take up to 48 hours, especially if you recently changed nameservers to DigitalOcean. Most propagation completes within a few hours.
DigitalOcean DNS for Developers: Common Scenarios
DigitalOcean's DNS is popular with developers who host applications on Droplets. Here are some common email scenarios for this audience:
Running a web app with no email hosting. If your Droplet serves a website but you don't host email there, you still need MX records pointing to whatever service handles your email (Google Workspace, Microsoft 365, etc.). Without MX records, any contact forms or account verification flows that rely on receiving email at your domain won't work.
Sending transactional email from your app. Services like Mailgun, SendGrid, or Amazon SES handle outgoing email. These don't use MX records (they use SPF, DKIM, and often CNAME records instead). You still need MX records for incoming email. MX and transactional email DNS records are separate and don't conflict.
Using a subdomain for app email. If your app sends email from [email protected], you might set up MX records for the app subdomain separately. In DigitalOcean, enter app as the hostname instead of @ when creating the MX record.
Troubleshooting DigitalOcean MX Issues
Records show in DigitalOcean but not externally. Confirm your domain's nameservers actually point to DigitalOcean (ns1/ns2/ns3.digitalocean.com). If nameservers still point to your registrar, DNS records at DigitalOcean won't be served.
Mail server hostname looks wrong in the record list. If you see something like aspmx.l.google.com.yourdomain.com in your record list, you forgot the trailing dot when creating the record. Delete the incorrect record and recreate it with the trailing dot.
Email bouncing or not arriving. Check that the mailbox exists at your email provider and that the domain is verified there. MX records route email to the server, but the server needs to be configured to accept it.
Changes not taking effect. DigitalOcean's default TTL is 1800 seconds (30 minutes). After saving changes, wait at least 30 minutes before testing. External DNS caches may also need time to expire.
Additional Email DNS Records
For complete email deliverability, add these records alongside your MX records:
SPF record (TXT): authorizes servers to send email from your domain. Check yours at spfrecordcheck.com.
DKIM record (TXT or CNAME): your email provider generates this for email signing. Verify at dkimtest.com.
DMARC record (TXT): defines your authentication enforcement policy. Check at dmarcrecordchecker.com.
In DigitalOcean, add these the same way you add MX records: select the appropriate record type, enter the hostname and value, and save.