diff --git a/docs/setup/deployment/email-dns.md b/docs/setup/deployment/email-dns.md
new file mode 100644
index 0000000000000000000000000000000000000000..5ab650367af69d7575f43ece8fa040debf6d2b64
--- /dev/null
+++ b/docs/setup/deployment/email-dns.md
@@ -0,0 +1,49 @@
+# DNS
+
+In order to operate, Hypha presents two different interfaces.  One is a general
+website frontend, and the other is the application interface. A future version
+of Hypha will remove that general website frontend, so we ignore it in setting
+up new Hypha deploys.
+
+The application interface operates on its own subdomain.  Typically, this is
+`apply.example.com`.  We will provide you with an IP address.  We ask that you
+add an A record to your DNS configuration so that requests to
+`apply.example.com` get routed to that provided IP address.  If you prefer,
+'apply' can be replaced with another subdomain.
+
+# Email
+
+Hypha sends email to its users for password management and other purposes.  In
+order to accomplish this, it needs to be able to send email from a valid email
+address at a valid domain.  There are three possible domains for our purposes.
+We present them from easiest and most favorable to least desirable.
+
+ * `example.com` - we can send mail from your main domain.  The big advantage of
+   this is that you probably already have mail working for your domain.  All you
+   need to do is create a user account (e.g. `apply@example.com` or
+   `bot@example.com`) and give us password access to that account.  Note that
+   for gmail-backed email with 2FA enabled, we would need an "App-specific
+   password" because Hypha cannot do two-factor login into your email.
+
+ * `apply.example.com` - we can send mail from the application interface's
+   domain.  This is clear enogh to users but might require significant setup for
+   you.  We would need you to configure your mail server to send mail from
+   `apply.example.com` and configure your DNS to validate that mail (via DKIM
+   and SPF).
+
+ * `opentechstrategies.com` - we can send email from Open Tech Strategies.  This
+   has the benefit of requiring no work on your side to create a valid email
+   address and provide us with credentials.  This has the downside of hypha
+   emails coming from an unexpected domain, which will confuse users.
+
+In addition to the above, hypha has support for mailgun.  We can delegate
+sending mail to mailgun fairly easily.  If you are already using mailgun, we'll
+hook into it.  If not, the additional work of setting up mailgun might not be
+worth the effort here.
+
+Note that no matter what domain Hypha sends from, it is important that email be
+configured correctly so it does not often get mis-identified as spam.  This
+usually requires setting DKIM and SPF records.  If you are using gmail-based
+email, you probably already have this set, but please check your DNS settings to
+make sure.
+