Zum Inhalt springen
Personal, from the Hildesheim region
Webhosting

Set Up a Professional Email With Your Own Domain

Why info@yourbusiness.com beats free webmail: a professional image, deliverability and protection against spoofing with SPF, DKIM and DMARC.

12 min read E-MailDomainWebhostingSicherheit

A quote by email, an invoice, a quick follow-up question - the first business impression is often made in the inbox today, long before anyone opens your website. And that is exactly where the sender address reveals more than many realise. A business that writes from a free webmail address quickly looks improvised; one that uses info@yourbusiness.com appears as an established company. Around 361 billion emails are sent worldwide every day (Statista), and almost half of them, most recently 46.8 percent, are spam (Statista). For your quotes and invoices to arrive in that noise instead of disappearing into the spam folder or being forged in your name, you need more than a nice address: your own domain, a clean mailbox and three technical safeguards called SPF, DKIM and DMARC. This article explains in practical terms why your own email address makes the difference, how domain and mailbox work together, and how you get deliverability and forgery protection under control - data-minimising, GDPR-compliant and without having to become a technology expert yourself.

Professional Email With Your Own DomainEmail senderinfo@yourbusiness.comAuthenticationSPF · DKIM · DMARCInboxdelivered, not spamSPFSender Policy FrameworkChecks which servers maysend for your domainDKIMDomainKeys Identified MailSigns every emailcryptographically, tamper-proofDMARCReporting & ConformanceDefines what happens toforged messagesCombining SPF, DKIM and DMARC is the BSI recommendation against spoofing46.8%spam in global email traffic (Statista)48%of phishing emails in finance (BSI)202 bneuro cyber damage per year (Bitkom)Domain, hosting and mailbox GDPR-compliant from one source

Key takeaways

  • The sender address is a calling card: info@yourbusiness.com looks professional and strengthens your brand, while a free webmail address looks improvised and is not your property.
  • Almost half of global email traffic, most recently 46.8 percent, is spam (Statista) - without a clean setup, your invoices too can quickly land in the filter.
  • SPF, DKIM and DMARC prove that an email really comes from your domain; combining them is the BSI recommendation against spoofing and phishing (BSI).
  • Sender forgery is a real business risk: 22 percent of companies were hit by phishing attacks (Bitkom), and almost 48 percent of reported phishing emails targeted the finance sector (BSI).
  • Domain, hosting and mailbox can be set up and maintained GDPR-compliant with hosting in Germany and from one source - with no ongoing technical effort for you.

Why a Free Webmail Address Hurts Your Business

A free email address from any webmail provider is perfectly fine for private use. In a business context, however, it unintentionally sends a signal: the sender never took the step to their own address. Customers often read this subconsciously as a sign that a business is small, new or barely established. For a trades enquiry worth several thousand euro, a quote to a business partner or an invoice to a company, this first impression helps decide whether you are seen as reliable. An address like info@yourbusiness.com, by contrast, carries your name, repeats your brand with every message and works like a printed letterhead rather than a handwritten note.

The second, often overlooked point is ownership and control. A free webmail address does not belong to you but to the provider. It is tied to their terms, cannot easily be taken with you and disappears if the service is discontinued or the account is blocked. Your own domain, on the other hand, is your digital plot of land: you can create as many mailboxes as you like - info@, accounts@, contact@, name@ -, hand over addresses of departing staff cleanly and tie all your communication to an address that matches your website and web design. As the business grows, the mailbox system simply grows with it.

The Free-Webmail Trap in Business

Anyone sending business invoices and quotes from a free webmail address risks two things at once: a loss of trust with the recipient and a higher chance of landing in the spam folder. Because a private webmail address cannot be technically secured for your own company domain - the very proofs that mark an email as genuine are then missing. The address is the first building block, not the last.

Domain and Mailbox: the Building Blocks of Your Own Address

A professional email address is created from the interplay of a few building blocks that remain invisible in everyday use but have to mesh cleanly. Anyone who understands what sits behind the address can better judge what matters when setting it up - and why an email does not simply arrive on its own. Three elements form the foundation.

The Domain

The part after the @ sign, such as yourbusiness.com. The same domain carries your website and your email addresses. It is registered for you and, as long as it is renewed, is permanently your property and your brand online.

The Mailbox

The actual letterbox on a mail server where messages sit. One mailbox per address, accessible via mail program or browser. The server accepts messages, filters spam and delivers them.

The DNS Records

Signposts in the background that tell global mail traffic which server is responsible for your domain (MX record) and that it is allowed to send. This is where SPF, DKIM and DMARC live too.

These building blocks belong together, but they do not arrive coordinated from a single source by default. Anyone who gets the domain here, the mailbox there and the website somewhere else has to align the signposts by hand - one of the most common reasons emails suddenly stop arriving after a move. If everything runs on the same web hosting from Hildesheim, the parts mesh cleanly from the start.

Four Steps to Your Own Email Address

The path from idea to a working business address is manageable and almost always follows the same pattern. What matters is not that there are many steps, but that each step is completed fully and in the right order - especially the technical proofs at the end that decide deliverability.

  1. Choose and secure a domain: a good name is short, memorable and fits the business - ideally identical to your website address. If the domain is still free, it is registered and belongs to you from then on.
  2. Create mailboxes: a mailbox is set up for each address needed, such as info@, contact@ and accounts@. A thought-out scheme keeps communication tidy from the start.
  3. Connect devices and programs: set up the mailbox in the mail program on the computer, on the smartphone and in the browser, so all devices show the same, synchronised state.
  4. Secure deliverability: set SPF, DKIM and DMARC records in the DNS so receiving servers recognise that your emails are genuine. This last step is the one most often forgotten - and at the same time the most important.

When an existing address moves, a fifth, delicate step is added: switching without interruption. The old and new environments have to overlap for a transition period so that no message is lost during the changeover. That is the same care that decides between success and data loss in a website relaunch.

Deliverability: Why Emails Land in Spam

Sending an email does not mean it arrives. Because most recently 46.8 percent of global email traffic was spam (Statista), the filters of receiving servers work aggressively. With every incoming message they check how trustworthy the sender is - and in case of doubt the mail moves to the spam folder or is rejected outright. For you that means an important invoice or quote can be technically sent and yet never read, without you receiving an error message. That filters work in principle is shown by the German federal administration, which by its own account blocks 91 percent of all spam mails (BSI) - but the same strictness also hits legitimate senders who cannot identify themselves.

Whether a mail is considered trustworthy depends on several factors. The most important is authentication: can the domain prove that the message really comes from it? If that proof is missing, the spam risk rises sharply. Added to this are the reputation of the sending server, a cleanly maintained address list and avoiding typical spam markers. The following comparison shows what distinguishes a well-delivered configuration from an endangered one.

FeatureDelivers wellSpam risk
SenderOwn domain, info@yourbusiness.comWebmail address for company mail
AuthenticationSPF, DKIM and DMARC setNo proofs on file
Server reputationOwn, maintained mail serverShared, unclear origin
EncryptionConsistently via TLSUnencrypted sending
Sender forgeryMade harder by DMARCDomain easily forged

SPF, DKIM and DMARC Explained Simply

There is no magic behind the three abbreviations, just a logical interplay. Together they answer a single, decisive question for every receiving server: does this email really come from the domain it claims? You can picture them as three checks that build on each other - from proof of authorisation, through the seal, to the house rules.

SPF

The Sender Policy Framework records in the DNS which servers may send emails in the name of your domain. The receiving server compares: does the mail come from an authorised sender? Like a guest list at the entrance.

DKIM

DomainKeys Identified Mail gives every message a cryptographic signature belonging to the domain. The recipient checks it and knows: the mail really comes from you and was not altered in transit. Like a tamper-proof seal.

DMARC

Domain-based Message Authentication builds on SPF and DKIM and defines what happens to messages that fail: let through, mark or reject. DMARC also reports abuse attempts. Like binding house rules.

Why All Three Belong Together

SPF, DKIM and DMARC only take full effect together: SPF governs authorisation, DKIM secures authenticity, DMARC draws a binding conclusion from both and makes abuse visible. These three standards have become established worldwide for server authentication, and combining them matches the current recommendation of the German Federal Office for Information Security on email security (BSI). Set correctly, they improve deliverability and make forgery harder at the same time.

An email without authentication is like a letter without a sender - it gets delivered when there is room, but nobody relies on it. Only the proof turns a message into robust business communication.

Web Agency Hildesheim

Protection Against Spoofing: When Criminals Write in Your Name

Spoofing means that strangers send emails as if they came from your address. For local businesses this is not a distant threat but a concrete risk: invoices sent in your company's name with a changed bank account, forged quotes or phishing to your own customers damage exactly the trust you have built over years. The Verbraucherzentrale (German consumer advice centre) regularly warns about forged invoices by email that contain real company and customer data and therefore look deceptively authentic (Verbraucherzentrale). Without DMARC, your domain is an easy target for such forgeries.

The size of the field is shown by the figures. 22 percent of companies were most recently hit by phishing attacks, 21 percent by attacks on passwords (Bitkom). Almost 48 percent of the phishing emails reported by consumers targeted the finance sector (BSI), where forged senders are especially rewarding. The total damage to the German economy from theft, espionage and sabotage is around 289 billion euro a year, of which about 202 billion euro is caused by cyberattacks alone (Bitkom). The fact that modern phishing emails generated by artificial intelligence are becoming increasingly credible (Bitkom) makes technical forgery protection all the more important - the human eye alone is less and less enough.

DMARC Protects Your Name, Not Just Your Mailbox

The greatest benefit of DMARC lies not in what lands in your own inbox, but in what criminals can send to others in your name. A cleanly set DMARC rule instructs receiving servers to reject forged messages from your domain. That protects your customers, your business partners and thus your reputation - even from attacks you never get to see yourself.

Data Protection: Hosting and Mailbox in Germany

Emails almost always contain personal data - names, addresses, invoice details, sometimes health or contract information. This brings every mailbox within the scope of the General Data Protection Regulation. Article 32 requires appropriate technical and organisational measures according to the state of the art to protect this data. Encryption in transit and at rest, access protection and traceability are not optional here but mandatory. Where your messages physically sit and who technically processes them is therefore a data protection question, not a matter of taste.

Hosting located in Germany simplifies these requirements considerably: the data is directly subject to European data protection law, the complicated assessment of third-country transfers is avoided, and a data processing agreement cleanly regulates who may do what with the data. In practice this means short paths, clear responsibility and fewer legal grey areas. Anyone who already takes their website's data protection seriously - for example with a GDPR-compliant cookie banner - should not leave out the mailbox, because that is often where the most sensitive data sits.

Mailbox Upkeep Is Also Data Protection

Up-to-date server software, consistent TLS encryption, strong passwords with two-factor protection and orderly access rights feed directly into Article 32 of the General Data Protection Regulation. Email security and data protection are two sides of the same coin here. Whether further obligations apply to your specific case should be checked legally on an individual basis.

Set It Up Yourself or Have It Set Up?

In principle, an email address with your own domain can be set up yourself. The question is how much time and nerves the technical details cost in the end - especially the DNS records for SPF, DKIM and DMARC, where a small typo means either that mails are rejected or that the protection is ineffective. The following comparison sorts the two paths.

AspectSet up yourselfFrom one source
Time requiredLearning DNS and mail serversHandled by the provider
SPF, DKIM, DMARCError-prone without experienceSet cleanly and tested
Move without downtimeRisky during operationPlanned and seamless
Data protectionYour own responsibilityHosting in Germany with contract
When problems ariseSearching in forumsA fixed point of contact

Across more than 50 web and hosting projects (project experience) a clear pattern emerges: it is not the one-off creation of a mailbox that overwhelms small businesses, but the invisible details of deliverability and the smooth move of an established address. Anyone who wants to hand that over is mainly buying peace of mind - and the certainty that the proofs are correct. How such services fit into the overall budget is shown by the article on what a website costs in 2026.

Email, Domain and Hosting From One Source

Business communication runs most smoothly when domain, hosting, website and mailbox are not pieced together from four sources but set up and maintained jointly. Then the building blocks mesh from the start, deliverability is secured from the beginning, and for questions there is a fixed point of contact instead of shifting responsibilities. This is the same idea behind ongoing website maintenance and security: set up cleanly once, then run reliably.

  • Register a suitable domain or take over an existing one
  • Create mailboxes to a clear scheme and set them up on all devices
  • Set, test and document SPF, DKIM and DMARC for good deliverability
  • Plan the move of an existing address without interruption
  • Operate hosting in Germany with a data processing agreement
  • Ongoing upkeep and a fixed point of contact from the Hildesheim region

A clean mailbox is also the basis for the enquiries a good website generates actually reaching you. Anyone working in parallel on visibility on Google or currently weighing up whether a new site is better built with a website builder or an agency should not treat email as a side issue - it is the channel through which business ultimately runs. New sales routes such as click and collect for local retailers also depend on order and confirmation emails arriving reliably.

The Address Is the Start, Deliverability Is the Goal

Having your own email address is the first step, but not the whole journey. Only when domain, mailbox and the three protection standards work together does a nice address become reliable business communication that appears professional, arrives safely and is protected against forgery.

Sources and Studies

This article is based on data from: the German Federal Office for Information Security (BSI, The State of IT Security in Germany 2025 as well as recommendations on email security with SPF, DKIM and DMARC), Bitkom (Wirtschaftsschutz 2025), Statista (share of spam in global email traffic and daily email volume) and Verbraucherzentrale (warnings about forged invoices and phishing emails). Legal reference: Article 32 of the General Data Protection Regulation (GDPR). The figures quoted are averages and guideline values and can vary by sector, provider and starting point; figures marked (project experience) are based on our own web and hosting projects.