Yes. Even if you never send an email from @callasist.cloud, you should set up basic records for it to prevent others from spoofing your server's name and to improve your server's reputation.
Here is the short list of records you need:
These records identify your "hardware" to the world.
mail.callasist.cloud → [Your Server IP] (Mandatory).
[Your Server IP] → mail.callasist.cloud. (Mandatory – set this in your VPS provider's dashboard, not your DNS manager).
v=spf1 a -all (Recommended – tells the world this domain only sends mail from its own IP, or none at all).
v=DMARC1; p=reject; (Recommended – prevents anyone else from using your server's domain name).
These records allow your server to send and receive mail for your users.
@ → mail.callasist.cloud (Priority 10).
v=spf1 mx a:mail.callasist.cloud -all (Mandatory).
Copy the key generated by docker-mailserver for this domain (Mandatory).
v=DMARC1; p=quarantine; (Mandatory).
Do you need DKIM for callasist.cloud? No, because you aren't signing emails with that domain.
Do you need SPF/DMARC for callasist.cloud? Yes. It’s a "security lock" for your server's name so spammers can't impersonate your server.
Deliverability: Major providers (Gmail/Outlook) check if the Sending Domain (codingpanda.com) is fully authenticated and if the Server Host (mail.callasist.cloud) has a valid A and PTR record.