How to change DNS without breaking email
A safe order of operations when moving web hosts, adding Cloudflare, or switching to Microsoft 365 — keep mail flowing.
Inventory first
List every service using your domain: website, Microsoft 365 or Google mail, CRM, accounting portal, DKIM selectors, verification TXT records, and VPN or remote access hostnames. Missing one TXT record can break a payment gateway or newsletter platform silently.
Lower TTL before cutover
A day or two before major changes, drop TTL on records you will move from 3600 seconds to 300–900 so corrections propagate faster. Document the old and new values in a shared sheet your IT partner and web agency can see.
Email-specific order
For Microsoft 365 migrations, add required MX, autodiscover, and CNAME records before removing old mail hosting. Add SPF and DKIM, keep DMARC on p=none until mail flow is verified, then tighten. Never delete old MX until inbound test messages succeed on the new platform.
Validate after propagation
Send test mail to and from major providers (Gmail, Outlook, mobile data). Run DNS and email authentication checks. Watch for 24–48 hours of odd deliverability while caches expire — that is normal, not always misconfiguration.
Try it now
Run the related tools
Need a hand?
Run the tools. Then talk to us.
Use our free diagnostics to see what is wrong, then get Melbourne IT support for the fix.
Keep reading
More guides
Domain expiry and DNS basics
How registration, nameservers and records fit together — and how to avoid your site and email going dark overnight.
- Registration vs DNS hosting
- Records you should know
What is DNS?
How the internet finds your website and delivers your email — explained without jargon for business owners.
- DNS in plain language
- Why businesses should care