diff --git a/playbooks/dns.yml b/playbooks/dns.yml
index e594d51..95e0e6d 100644
--- a/playbooks/dns.yml
+++ b/playbooks/dns.yml
@@ -16,6 +16,33 @@
       # robotns3.second-ns.com.
       - "193.47.99.3"
       - "2001:67c:192c::add:a3"
+    mailbox_mx:
+      - 10 mxext1.mailbox.org.
+      - 10 mxext2.mailbox.org.
+      - 20 mxext3.mailbox.org.
+    mailbox_spf: >-
+      "v=spf1 include:mailbox.org"
+    mailbox_dkim_keys:
+      - name: MBO0001
+        data: >-
+          "v=DKIM1; k=rsa; "
+          "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2K4PavXoNY8eGK2u61"
+          "LIQlOHS8f5sWsCK5b+HMOfo0M+aNHwfqlVdzi/IwmYnuDKuXYuCllrgnxZ4fG4yV"
+          "aux58v9grVsFHdzdjPlAQfp5rkiETYpCMZwgsmdseJ4CoZaosPHLjPumFE/Ua2WA"
+          "QQljnunsM9TONM9L6KxrO9t5IISD1XtJb0bq1lVI/e72k3mnPd/q77qzhTDmwN4T"
+          "SNJZN8sxzUJx9HNSMRRoEIHSDLTIJUK+Up8IeCx0B7CiOzG5w/cHyZ3AM5V8lkqB"
+          "aTDK46AwTkTVGJf59QxUZArG3FEH5vy9HzDmy0tGG+053/x4RqkhqMg5/ClDm+lp"
+          "ZqWwIDAQAB"
+      - name: MBO0002
+        data: >-
+          "v=DKIM1; k=rsa; "
+          "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxEKIg2c48ecfmy/+r"
+          "j35sBOhdfIYGNDCMeHy0b36DX6MNtS7zA/VDR2q5ubtHzraL5uUGas8kb/33wtrW"
+          "FYxierLRXy12qj8ItdYCRugu9tXTByEED05WdBtRzJmrb8YBMfeK0E0K3wwoWfhI"
+          "k/wzKbjMkbqYBOTYLlIcVGQWzOfN7/n3n+VChfu6sGFK3k2qrJNnw22iFy4C8Ks7"
+          "j77+tCpm0PoUwA2hOdLrRw3ldx2E9PH0GVwIMJRgekY6cS7DrbHrj/AeGlwfwwCS"
+          "i9T23mYvc79nVrh2+82ZqmkpZSTD2qq+ukOkyjdRuUPck6e2b+x141Nzd81dIZVf"
+          "OEiwIDAQAB"
   roles:
     - role: dns/master
       domain: banananet.work
@@ -28,6 +55,38 @@
         # limit CA
         - type: CAA
           data: 0 issue "letsencrypt.org"
+        # Mailbox Mail configuration
+        - domain: bca8c01774fd59c9756c68532174fd5b85762fee # domain verification
+          type: TXT
+          data: 7a99f795a552c812b55c7f809920bf25db96137b
+        - type: MX
+          data: "{{ mailbox_mx }}"
+        - type: TXT
+          data: "{{ mailbox_spf }}"
+        - domain: "{{ mailbox_dkim_keys[0].name }}._domainkey"
+          type: TXT
+          data: "{{ mailbox_dkim_keys[0].data }}"
+        - domain: "{{ mailbox_dkim_keys[1].name }}._domainkey"
+          type: TXT
+          data: "{{ mailbox_dkim_keys[1].data }}"
+        - domain: _dmarc
+          type: TXT
+          data: v=DMARC1;p=none
+        - domain: autoconfig
+          type: CNAME
+          data: mailbox.org.
+        - domain: _autodiscover._tcp
+          type: SRV
+          data: "0 0 443 mailbox.org."
+        - domain: _submission._tcp
+          type: SRV
+          data: "10 10 465 smtp.mailbox.org."
+        - domain: _imaps._tcp
+          type: SRV
+          data: "10 10 993 imap.mailbox.org."
+        - domain: _hkps.tcp
+          type: SRV
+          data: "10 10 443 pgp.mailbox.org."
         # other entries
         - domain: _minecraft._tcp.wg
           type: SRV