DNS • Email Security • Authentication • Identity Design

Dual-Domain Email Authentication and Professional Identity Design

I designed and implemented a dual-domain email and identity setup using Google Workspace, separating my homelab environment from my professional presence. I configured DNS and authentication standards across both domains to ensure reliable email delivery, prevent spoofing, and maintain consistent security policies while keeping lab and professional identities clearly isolated.

DNS Records Google Workspace SPF DKIM DMARC

Environment

Dual-Domain Design

One domain (homelabdaddy.com) was used for lab services and experimentation, while a second domain (iantisdale.com) was dedicated to professional communication.

Google Workspace

Google Workspace was configured to manage email across both domains, requiring consistent DNS and authentication configuration.

DNS Management

DNS records were configured and maintained for both domains, ensuring proper mail routing, verification, and authentication.

Email Authentication Standards

SPF, DKIM, and DMARC were implemented across both domains to ensure email integrity, prevent spoofing, and improve deliverability.

Problem

Using a single domain for both lab experimentation and professional communication can create risk and confusion. Lab environments often change, break, or expose services during testing, which is not appropriate for a professional identity. I needed a way to separate these environments while maintaining consistent and secure email authentication across both domains.

Why This Matters

Email authentication is required for modern deliverability and trust.
Unprotected domains can be spoofed, damaging reputation and security.
Separating lab and professional identity reduces risk and prevents accidental exposure.

Approach

I separated my homelab and professional identity into two domains with different roles. The lab domain was used for testing and services, while the professional domain was kept stable and controlled for communication. I then applied consistent DNS structure and email authentication standards across both domains to ensure reliability and security.

Implementation

Configured DNS for two domains with different roles: homelab and professional.
Set up Google Workspace to manage email across both domains.
Configured MX records for proper mail routing on each domain.
Implemented SPF (Sender Policy Framework) on both domains to control authorized senders.
Enabled DKIM (DomainKeys Identified Mail) to sign outgoing email for each domain.
Configured DMARC (Domain-based Message Authentication, Reporting, and Conformance) policies, starting in monitoring mode before moving toward stricter enforcement.
Validated DNS propagation and confirmed consistent behavior across both domains.

Validation

Verified successful email delivery without spam filtering issues.
Confirmed SPF, DKIM, and DMARC alignment using test messages and headers.
Ensured both domains were correctly recognized and validated by Google Workspace.
Tested sending and receiving across multiple providers to confirm trust.

Outcome

The final design created a clear separation between lab and professional identity while maintaining secure and reliable email authentication across both domains. The professional domain remains stable and trusted, while the lab domain can be used for experimentation without impacting communication or reputation.

Key Lesson

One of the biggest lessons from this project was that separating environments is just as important for identity and communication as it is for infrastructure. Keeping lab and professional domains isolated reduces risk, prevents accidental exposure, and makes it easier to maintain consistent security and reliability.

What I'd Improve Next

Move DMARC from monitoring to stricter enforcement policies over time.
Review DMARC reports to detect unauthorized sending attempts.
Document DNS configurations as a reusable template.
Expand email security practices across other services and systems.

← Back to Projects