DNS, Email, and SSL Checklist for Small Business Sites

Small business owners rarely have a dedicated sysadmin — yet customers expect your site to load securely, your email to arrive reliably, and your domain to Just Work. This checklist distills the DNS, email, and SSL tasks that matter most, with free tools to verify each item in minutes.

What This Checklist Covers (and What It Does Not)

Three layers keep most small business sites online: DNS tells the internet where to find you, SSL encrypts traffic between visitors and your server, and email records route and authenticate messages sent from your domain.

This guide focuses on configuration you control at your registrar or DNS host. It does not replace legal privacy policies, PCI compliance for e-commerce, or advanced security testing. Think of it as the foundation — get these right and you eliminate the majority of "my site broke" support tickets.

Print the checklist section at the end, or run through it quarterly. Certificates expire, marketing tools add new SPF includes, and hosting migrations silently orphan old records.

DNS Essentials

DNS records are the address book for your domain. One wrong entry and your website, email, or both stop working. Use the DNS Lookup tool to inspect what the world actually sees — not just what your DNS panel claims.

Records every business site needs

Common mistakes: editing DNS at the registrar while nameservers point elsewhere (changes never take effect), leaving stale A records after migration, and duplicating conflicting TXT records for the same purpose.

If you use a website builder (Squarespace, Wix, Shopify), follow their documented nameserver or CNAME setup exactly. Hybrid setups — shop on one platform, email on another — are where MX and web records most often diverge.

Email Setup and Authentication

Email is half of your domain's reputation. Broken MX records mean lost inquiries. Missing authentication means your newsletters land in spam — or worse, attackers spoof your domain credibly.

Start with the MX Validator to confirm mail exchangers resolve and respond. Then work through authentication:

For a deeper walkthrough of SPF, DKIM, and DMARC — including example records and deployment order — read our Email Authentication Guide.

Practical tip for small teams: enable DMARC in monitoring mode (p=none) first, review reports for two to four weeks, then move to quarantine or reject once legitimate senders pass authentication.

SSL and HTTPS Basics

SSL (TLS) certificates encrypt data in transit and signal trust to browsers. Google treats HTTPS as a baseline ranking signal, and modern browsers flag HTTP sites as "Not Secure" — a poor first impression for any business.

Run the SSL Checker against your live domain and verify:

Most hosts and CDNs offer free certificates through Let's Encrypt with automatic renewal. Set a calendar reminder anyway, or subscribe to expiry alerts. Auto-renewal fails silently when DNS validation records are removed or domain ownership changes.

If you accept payments, HTTPS is non-negotiable — but even brochure sites benefit. Contact forms, login pages, and booking widgets all transmit data that deserves encryption.

How the Three Layers Interact

DNS, email, and SSL are not independent. A typical failure chain: you move the website to a new host (A record updated), switch email to Google Workspace (MX updated), but forget to add Google's SPF include. Mail sends, but receivers mark it as suspicious.

Another common pattern: you put Cloudflare in front of the site (DNS changes), while MX still points at the old cPanel server that was decommissioned. The website loads fine; email vanishes.

When changing any one layer, document the before state, update all related records in one maintenance window, and verify each service after propagation. The DNS Lookup and MX Validator tools help confirm the public view matches your intent.

Printable Checklist

Work through these items for each domain you operate:

Tick every box before a marketing push, domain purchase, or host migration. Re-run the list quarterly — configuration drift is normal, not a sign of negligence.

Verify Your Configuration

Use the free tools below to check each layer, or run a combined Website Health Check for SSL, DNS, and email authentication in one report.

Check DNS Records →

Also try: MX Validator · SSL Checker · Email Authentication Guide