One of the less well understood components of a working email system is the MX record. I do find a lot of IT administrators looking after Exchange servers who don’t really understand what an MX record is and how they work.

DNS Fundamentals

MX stands for “mail exchanger”. An MX record is a type of DNS record, so any understanding of MX records has to begin with an understanding of the fundamentals of the Domain Name System (DNS).

The most important role of DNS for the majority of us is translating names into IP addresses so that network communications can occur.

For example, when you type www.microsoft.com into your web browser, DNS is used to look up that name to determine the IP address of the server to connect to. The domain name in this example is microsoft.com.

So if that is how a simple web browser connection is made, what about when somebody sends email to an @microsoft.com address?

Again DNS comes into play, but this time the look up is slightly different. The sending mail server will look up the MX record in DNS by following a sequence along these lines:

  1. Look up the authoritative name servers for microsoft.com
  2. Query the microsoft.com name servers for the MX records
  3. Look up the names of the MX records in DNS to get their IP addresses

If you were to run your own manual DNS lookup of the MX records for microsoft.com it would look something like this:

C:\>nslookup
Default Server:  UnKnown
Address:  10.0.1.9

> set type=mx
> microsoft.com
Server:  UnKnown
Address:  10.0.1.9

Non-authoritative answer:
microsoft.com   MX preference = 10, mail exchanger = mail.messaging.microsoft.com

mail.messaging.microsoft.com    internet address = 94.245.120.86

So the IP address of the “mail exchanger” for microsoft.com is 94.245.120.86.

MX Preferences

You may notice the “MX preference” in the output above and wonder what that is referring to. To better explain it here is another DNS lookup for the google.com domain.

> google.com
Server:  UnKnown
Address:  10.0.1.9

Non-authoritative answer:
google.com      MX preference = 30, mail exchanger = alt2.aspmx.l.google.com
google.com      MX preference = 50, mail exchanger = alt4.aspmx.l.google.com
google.com      MX preference = 40, mail exchanger = alt3.aspmx.l.google.com
google.com      MX preference = 20, mail exchanger = alt1.aspmx.l.google.com
google.com      MX preference = 10, mail exchanger = aspmx.l.google.com

alt2.aspmx.l.google.com internet address = 74.125.115.27
alt1.aspmx.l.google.com internet address = 74.125.91.27
aspmx.l.google.com      internet address = 74.125.157.27

Notice that there are multiple MX records each with a different preference value. The preference is basically a way of setting the priority of each MX record. The lowest preference is the MX with the highest priority, ie the one that a sending mail server should try first.

The purpose of multiple MX records is to either:

  • Provide some load balancing by using multiple MX records with the same preference set
  • Provide a backup MX that can be used if the primary one is unavailable

The backup MX may be another mail server in your organization at a secondary site that has less bandwidth available to it. Or it could be a server hosted by a third party that provides backup MX services. Either way the purpose is to give sending email systems somewhere to send messages rather than have to store them and retry later.

Where Should Your MX Records Point?

Once you understand what an MX record does you then need to consider where your MX record should actually be pointing. Here are a few real world examples of where to point your MX records.

If your organization receives email directly then your MX record would point to a public IP address for your firewall or internet-facing email server (eg Edge Transport server).

Email Fundamentals: What is an MX Record, and How Do They Work?

If your organization uses a hosted cloud service for email filtering, then your MX record would point to their IP address (or an array of IP addresses depending on which service you are using).

Email Fundamentals: What is an MX Record, and How Do They Work?

Those are just two examples. There are numerous different scenarios that exist such as hybrid cloud/direct combinations, ge0-distributed networks, and so on. However in my experience with customers these are the two most common scenarios.

By now you should have a basic understanding of what an MX record is and how they work. If you have any questions please feel free to ask them in the comments below.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Vivaan

    Thank you for the information.

  2. Al Harlow

    We were using a mail server where our web site is hosted. We implemented Microsoft365, moving our email account to MS365. However, our blast email service on the original web hosted server stopped working. I have added the old server address to the spf1 section of a txt record, leaving the entry for ms365 in place. Also added an MX record with the old IP address. None of this works while ms365 Outlook continues to be ok. What am I missing?

  3. Haydn

    We use an application to generate emails in bulk. In side the application we point to our main mx servery (aspmx.l.google.com) supplied by google. But email to any google address never arrives. What are we missing?

  4. Jonathan Walker

    Hello, my organization currently uses Microsoft O365 as our email provider but we also use a 3rd party email filter, so our MX records point to them. We would like to stop using the 3rd party filter and just point our MX records to O365, how/what is the best way to accomplish this. Thanks

    1. Guylaine

      Hello,

      The best way is to replace the actual third party antispam by EOP .

  5. vikram kumar

    I have been searching about roadrunner email settings for iphone then finally, when I read this Article I get to know the correct information about it and I found this information is relevant. You have an ample amount of knowledge and that describes it very clearly and I thank you for giving me this type of knowledge and it helps me a lot.

  6. Lebo

    Hi Paul i need help i’m having external email in my organization under office 365 bouncing and the error code we have is 5.0.0 and 5.7.1 how does one fix such issue or what step should i be taking to solve this problem?

  7. Nathan Raymond

    Hello Paul,

    We are changing internet providers the MX records will not be changing just the Public IP. Will I have to create an MX record for the Public IP or keep the current MX record and when the cutover for Internet happens should email resume normally? Thanks in advance

    1. Ather

      THE MX record will surely need to be changed to your new ISP Public IP address .Also, you have to inform him to create the srv record for your MX record.

  8. Davis

    Any way to find out who would be administrator over an account that didn’t have permission to do so and if so is there anything that can be done about it?

  9. alee

    Thanks a bunch.
    My client ‘s primary email server is mimecast. However, they would like to use Amazon Ses to send out marketing emails.
    To use SES i have to plugin the MX record settings provided by SES. Client doesn’t want to move from mimecast as they are happy with it.
    Can i use SES only to send outgoing emails and Mimecast continues to serve as incoming Server?
    Or is there anyother solution?

    Thanks in advance.

  10. Peter

    Hi Paul, hope you can help me. We have been running for quite awhile with pref 05 to our exchange server and pref 10 for fallover if the exchange server has problems (emails that cannot get thru to exchange are stored until it gets backup and running.
    We are moving to O365 and have pref 40 setup for this. we are preparing for switchover we will disconnect our old exchange server but the emails will get diverted to the fallover box. Is the best solution get rid of the pref 10 record a couple of days earlier than the switch over to stop any diverts

  11. Mani Prabu

    Can u kindly explain me what is the purpose of NS record in DNS ? And how it will be used?

  12. Lydia

    Hello, I have a SBS 2011 with Exchange Server 2010 for the network. I need to add an additional email domain to our current system. How do I update the mx record to just add the additional domain? Thank you!

    1. Avatar photo
      Paul Cunningham

      Each domain has its own MX records. So if you have a new domain, you will need to create an MX record in that domain’s public DNS zone.

  13. Sam Wang

    Dear Paul,

    I have 2 MX records for my mail servers.

    If the first priority server is busy,
    and the second server is down.
    and then?
    The remote client will retry back to the first priority server?

    Any help would be appreciated !!!

    1. Avatar photo
      Paul Cunningham

      Sending servers will keep retrying your MXes until they find one that work, or until they expire the message from their queue.

  14. Panos Kontogiannis

    Dear Paul,
    we are in the middle of a migration process from ES2010 to ES2013, we have setup a new ES2013 multi-role server and we are in a co-existance state.

    We have configured the Send Connector, but the emails sent to external addresses are stuck in the Transport Queue (internal emails sent/delivered without problem)
    – An message delay error appears with 400. 4.4.7 code.
    – In the SMTP logs, we noticed that the local-endpoint is blank.

    We think that there is a DNS problem related to IPv6.
    – In ES2010 the IPv6 is disabled.
    – What type of IPv6 records should be specified in the DNS? (MS Windows Server 2008 R2 version) ?
    – In ES2013 we have three NICs (for default SMTP, ASMTP Relay, and AutodiscoveryRedirect) with IPv6 enabled…

    Any help would be appreciated !!!

    1. Avatar photo
      Paul Cunningham

      it’s recommended to leave IPv6 enabled, so I would start there. But if you absolutely must disable it for some reason you must ensure you’ve done it correctly.

      https://blogs.technet.microsoft.com/rmilne/2014/10/29/disabling-ipv6-and-exchange-going-all-the-way/

      I don’t understand from your description where the emails are actually getting stuck. It would also be helpful to know the full text of the error code.

      The multiple NICs on the Exchange 2013 server is unusual and could well be a problem if they’ve been misconfigured as well. Removing the extra NICs and making sure any extra DNS registrations are cleaned up would be a useful troubleshooting step.

  15. Bagyanth

    So, currently we have it set to use my server as nameserver… and if email is hosted at Godaddy, we point email DNS record back to godaddy…

    For those domains, Is it possible to keep NAMESERVER at godaddy and just point web traffic to our server?

    This way even if my server is down for whatever reason which has been happening lately, at least email would work?

    Thank you.

    1. Avatar photo
      Paul Cunningham

      Yes, you can use any DNS provider you like to host your DNS zone, such as GoDaddy, AWS Route 53, DNSimple, and many others.

      You can host your email wherever you like and it doesn’t need to be the same provider. Your email will deliver wherever your MX records point.

  16. jaidy

    Dear expert
    I want to know that is it possible to publish my compny,s mx records on global dns servers for external world to comunicate with my mail server, without involving any third party hosting service rather using my company,s local dns

    1. Avatar photo
      Paul Cunningham

      Yes, you can host your own DNS server if you want. Not sure what advantages you see with that approach, as reliable DNS hosting is difficult and is quite cheap from external providers. Amazon Route 53 for example only costs a few dollars per year.

      1. jaidy

        Its kinda stupid question but I am curious abt how will my dns server records will be published on global dns servers,and people across the world will know that abc.com exist

        1. Avatar photo
          Paul Cunningham

          1. You register a domain name. Some domain registrars also provide free DNS hosting and you can just start creating DNS records with them, but you can choose to host your DNS zone anywhere you like.

          2. If you’re going to host the DNS zone elsewhere, such as with Amazon Route 53, you sign up for that service and create the zone. They will provide you with the Name Server (NS) records to configure for your domain.

          3. You update the NS records with your domain registrar, using the information provided by your DNS host.

          4. You create any DNS records you need in the zone.

  17. badrus

    Hi Poul

    I have problem to run O365 and Qmail booth in same domain
    we do booth if MX in Qmail user in O365 can’t receive email from external and from Qmail user, and if MX on O365 user from Qmail can’t send to O365 user.

  18. Shane F

    I’m a bit confused here on our set up. I’ve just discovered that when sending an email to an outside account the headers show the From as our internal exchange server and internal IP. For all of my receive connectors the FQDN is set as my exchange server. Our mx record is set as our external domain name. So what is controlling this and how can I resolve it? Thank you.

      1. Shane F

        Thanks. But if it’s normal why do some organizations reject email to servers that it can not reach? One organization in particular that won’t accept our messages says it’s because our server isn’t internet routable is why our messages get’s rejected from their servers. We had a problem with sending to aol.com accounts and I assume it was because of the same problem. Aol.com eventually released them after a few days and we never got any confirmation as to why. Just my assumption.

        1. Avatar photo
          Paul Cunningham

          When your server connects to another server, it announces itself by saying HELO or EHLO and provides a host name. For example…

          HELO mail.exchangeserverpro.net

          The receiving server does a bunch of stuff to tell whether you are likely to be a spammer or not. One of the things is to to a DNS lookup on that host name. If that host name isn’t resolvable (e.g. your server is saying “HELO server.domain.local”) then some servers will reject on that basis.

          If your server announces itself as “HELO mail.exchangeserverpro.net” and that is resolvable, but it resolves to a completely different IP or IPs other than the one your server connects from, that is also a signal that you might be a spammer and some servers will reject on that basis.

          There’s also reverse DNS/PTR that needs to be in place. The IP your server connects from (the public IP that it gets NATed to by your firewall) should resolve to *something*, not necessarily the same name as the HELO, but it must resolve to something. Typically your ISP puts that PTR record in place for you.

          There’s also SPF to consider, explained here:

          https://www.practical365.com/a-sender-policy-framework-spf-primer-for-exchange-administrators/

          So all up there are many things that mail admins need to get right in order to be able to send email reliably on today’s internet. I cover the above points in a bit more detail in this ebook, if you’re interested:

          https://www.practical365.com/ebooks/exchange-server-troubleshooting-companion/

          1. Shane F

            Great info, thank you.

  19. unos

    Hi
    I have installed exchange server 2013 and every thing works fine. I want to sent mail with different domains as sender which I did it . Now, I want to set MX record for any accepted domain . could you give me a hint how to do it ?

  20. Flemming WIlton Hansen

    Hi Paul,
    This may be off topic, but I have made a big F..Up.
    I am new to exchange & Office365.

    I have 3 persons using a Office365 acount and have made all the DNS records at their Domainhost (UnoEuro.com) to point at office365.
    It has however been giving me a lot of troubles, because there are oyher people using that domain, but is not using Office365, they just have an IMAP account to their mail. Therefore they only recive some of their mails.
    Now I have added a new domain to the Office365 account and want to migrate the 3 -Office365 users mail & calendar content, to their new account in the new domain, can I do that in Admin Office365 ?

    Ex. Move content from LKM@PETER.com to LKM@PAUL.com ?

    Hope you understand my danish- english 🙂

  21. SANCS

    Hi Paul

    I finally solved the issue .I was making mistake while configuring the Zone file of Go daddy.

    Your videos were the best tool for this Lab Practice. They gave me the necessary knowledge.

    Thanks for your effort!!

    Cheers mate!!

    SANCS

  22. SANCS

    Hi Paul,
    I still need some help. Please correct me where I have gone wrong.
    After going through your tutorial I did the following things on the above scenario.

    I purchased a domain with go daddy. (say abc.com) and abc.com is the root domain name of my Active Directory Domain Service.

    My Windows server 2012 and exchange 2010 server IP are the same: say 10.1.1.50
    They are both connected to the internet via Netgear ADSL router. Public IP say 27.33.168.90
    I port forwarded the SMTP (port 25) to 10.1.1.50 (server IP) on my ADSL router.

    My exchange server name is say: dc01.abc.com

    On my DNS I created MX record and put the Exchnage server FQDN say: dc01.abc.com
    Host A record as dc01- FQDN dc01.abc.com and pointed to server IP 10.1.1.50

    Now on DNS Zone file of go daddy………I added the following

    For MX record:
    Host :@ points to my exchange server :dc01.abc.com

    For A record:
    Host:@ points to the public IP of my ADSL modem: 27.33.168.90

    Finally on the server configuration option of Exchange I have configured receive connectors.
    I have created users and assigned mailbox to them.

    Are those steps enough to send the email from gmail or hotmail to my exchange server user mail box user now? I am still not able. Please help me by correcting me.

    With regards,

    SANCS

  23. SANCS

    Thanks for the response Paul.Cheers!

  24. SANCS

    Hi Paul…..on the same issue which I mentioned above- the root domain(say abc.com) which I gave to my windows server 2012 domain controller and the exchange server forest is already a registered domain unfortunately. Do I have to build everything from scratch?

    With regards

    SANCS

    1. Avatar photo
      Paul Cunningham

      No. You can have a different AD namespace than your Exchange namespaces. For example, AD can have a namespace of domain.local and Exchange can use a namespace of brandname.com instead.

      As a general recommendation you shouldn’t use domain names that you don’t own, even just for internal namespaces or for test labs. But it will be fairly harmless if it’s just a test lab.

      So if you wanted to rebuild it you could, but it’s not a hard requirement.

  25. SANCS

    Much appreciate Paul……..You have made things much simpler…….Those videos are hugely helpful mate!!!

  26. SANCS

    Hi Paul,

    I am a beginner to Exchange Server. In my home lab I have installed windows server 2012 and installed exchange 2010 SP3 trial version on the same server. I also have the DNS on the same server. My environment is physical not virtual. My server is directly connected to Internet via netgear modem router. I successfully configured the exchange server so that I can send email from outlook 2010 to gmail or hotmail.
    Please give me some advice on how should I configure exchange or DNS to receive email from gmail or hotmail to the outlook. I searched on google but I feel lost. Please provide me some advice or any concise link so that I can study and implement.

    With regards,

    SAN

  27. Kimble

    Hi Paul,

    Great article and very helpful comments as well.

    I have a common scenario where we have an MX record that points to a SaaS provider for email filtering. Recently our SaaS provider went offline for 24 hours and we didn’t receive email or were able to send e-mail during that time. Luckily the provider was pooling the emails and delivered them once their network came back online.

    What I want to do is put the power back in our hands and have a way to failover from the SaaS and go directly to us, bypassing the filter in the event this issue occurs again.

    Changing the MX record in DNS takes too long to propagate so that is not the best solution. Is there a way to do this?

    Thanks,
    Kimble

    1. Kimble

      I was doing some research. Would using round robin MX records with priorities solve this issue? For example:

      10 example.com 192.168.1.1
      10 example.com 192.168.1.2
      20 example.com 192.168.1.3

      The mail server sending the message would try either one of the 10 records first, then try the other, then try the 20 record if the first two failed.

      1. Avatar photo
        Paul Cunningham

        Every MX record you publish can potentially be used by senders, so if you publish a “bypass” MX record permanently then you can expect senders (including spammers) to bypass your SaaS email security provider regularly.

        If you want to be able to change your MX records faster set a very low TTL on those records in your DNS zone. 30 minutes would probably be reasonable in your case, but you can go even lower if you want to.

        1. Kimble

          Good points and thank you for the feedback. I’ll give the TTL a try

  28. Simon

    Hello Paul,

    Using SBS2011 and Exchange 2010 which works fine.
    I am tripping over the disconnect between an MX record of mail.domain.com.au and the receive (and send) connectors FQDN of remote.domain.com.au. There is an A record for remote and mail pointing at same IP address.
    I do not understand how this works.
    Ultimately I would like to put another 2 domains onto this server.. but first thing is first.

    Would you please point me in the right direction to understanding this difference.

    Regards
    Simon

  29. NJ Bhanushali

    Ok. Thank you.

  30. NJ Bhanushali

    Hello,

    Thank you.
    Can I differentiate Exchange Server and Other Server(gmail, yahoo etc.) on the base of MX Record?
    Is there any common different which identify that this is Exchange Server on the base of MX Record?

  31. NJ Bhanushali

    I have checked few General Domains and few Exchange Domain. Exchange server provide only 1 mxRecord and it start with either mx1 or smtp1 or webmail.
    Does exchange always provide 1 mxRecord?

    1. Avatar photo
      Paul Cunningham

      Exchange doesn’t provide MX records. You configure MX records in DNS yourself. You can configure as many as you need.

  32. Md. Ramin Hossain

    All Domain mail send and received ok. but hotmail and yahoo.com didn’t received my mail due 400.4.4.7 error. DNS working perfectly. What i can do? Please advice me.

  33. FARIS

    Hi, Paul,

    Thank you for this article. and was much helpful to get idea about MX Records.
    Could you describe me where should i assign my mail server PUBLIC IP in exchange environment.
    Eg; MX — mail.tiptop.com 212.85.76.25, do i need to configure this IP in any NIC to communicate with internet.

    Would appreciate to clear my doubts.

    Thanks & Regards,
    FARIS

  34. Roger Wilkening

    Hi Paul,
    Very good post!
    I’m really new into DNS settings and can’t get what I want to accomplish.
    I have two domain names. The website of domain1.com is in a remote server and I want to receive emails from the domain1.com in the domain2.com without going thru the email server of domain1.com.
    I went to the registrar and pointed the MX record of domain1.com to mail.domain2.com.
    Then I logged into the cPanel of domain2.com but I don’t see anything about domain1.com on the MX records.
    What I’m missing?
    Thanks!

  35. Michael Kirkpatrick

    My server public MX records resolve just fine – but apparently the Microsoft connectivity analyzer only queries public MX records. When a third party spam filter is involved (like Postini or Greenviewdata) their tool fails to actually identify my problems (I get 100% success with the connectivity tool but mail still fails to deliver while throwing cryptic PRX errors). I don’t know if I am looking at routing issues, service failures, auth issues, protocols/port mismatch, phase of the moon, who is sleeping with who, current shade of chocolate, etc.. Exchange 2013 feels like bloated rush to market code hoping for the next daily critical update; just my .02 cents.

    1. Avatar photo
      Paul Cunningham

      As an externally hosted service all the ExRCA can do is look up your MX records in public DNS, and try to send mail to them. Any routing that occurs beyond that is invisible to the ExRCA.

  36. Muhammad Usama

    Hi Paul,

    I have 2 CAS Servers that will be receiving email. So, should I create 2 MX records on Public dns. And with same priority or different priority. If one CAS server will get down, then the sending server will use another MX record to deliver the email to second Server. Thanks.

  37. WASIL

    Thankyou for this Post.

    I found where i did a mistake.

    Public DNS
    Company Dns Zone File at GoDaddy

    Record Type -Host A
    Host: @ – Points To: Godaddy Default IP
    Host: Admin – Points To: Godaddy Default IP
    Host: Mail – Points To: CAS IP Address
    Host: Mail1 – Points To: EDGE IP Address

    Record Type-MX
    Priority: 0 – Host: @ – Mail1.company.com

    Now i have check MX from MX Toolbox and everything is working fine.
    the below article were very helpful.
    http://www.petri.com/configure_mx_records_for_incoming_smtp_email_traffic.htm

    Now i am going to test mail routing.

  38. WASIL

    Hi Paul,
    I have bought a domain from godaddy.com and now i want to configure DNS for Exchange System.
    I have Hosted MBx, CAS, HT on Box1 and ET on Box2.
    When i bought this domain (company.com) its by default pointing to some IP Address i thinks its godaddy IP beacuse i have bought Domain, Email and Web hosting subscription services.
    Now i have created a Host A with mail.company.com and mail1.company.com
    Host: Company.Com – Points To: Godaddy Default IP
    Host: Mail.Company.Com – Points To: CAS IP Nated with Public IP on Firewall (443,80 Allowed)
    Host: Mail1.Company.com – Points To: EDGE IP Nated with Public IP (25 smtp allowed)
    On MX
    Host: EDGE IP – Points to: Mail.Company.Com
    There is no Reverse Lookup Entry yet has been created.
    Could you please advise if there is anything you think needs to be changed.
    Because when i try to resolve the record using MX Toolsbox, it could not find MX mail.company.com.

  39. Narasimha

    Hi All,

    I joined to new organization as a exchange admin, their the previous admin was left the company with out intimation, Can someone tell me how to check the complete mail routing process in exchange server 2010 and how to find the exact MX record in the domain and where the Mx records is configured

    Thanks,
    Narasimha Sumanth?

  40. Dave Curtis

    Hello Paul,

    I’m dealing with an MX Preferences for Gmail Apps set up in Webstarts.com that looks just like your example above, only with 10 as ASPMX.L.GOOGLE.COM, 20 as ALT1.ASPMX.L.GOOGLE.COM etc etc, and beneath that as the CNAME Mail ghs.google.com.

    Webstarts no longer has any access to that as it was set up by them years ago when it was free, and the company I’m dealing with has no access to anything but getting their emails (through Gmail).

    My primary problem is that Webstarts doesn’t permit WordPress installations, so I set it up on Hostmonster and changed the IP for the A and the @ records – but not the MX records and the two companies (Hostmonster and Webstarts) are providing me with different sets of instructions. Hostmonster’s instruction won’t keep mail going to the Gmail account, and Webstarts advice can’t be implemented in Hostmonster because the proper record fields are lacking. The client *is* getting emails – but there’s a secondary problem tied closely to the primary problem.

    The secondary problem is that I’m using Gravity Forms to send help requests to my client’s email addresses – and they don’t go through to their domain email addresses – even if I send them from another domain. They still don’t go through if I forward them to a free Gmail account (which does work with forwarding from the form) and THEN re-forward them to their company emails set up with the Google MX settings – I keep getting hard bounces. However, I have also set up a “webmaster” account, then forwarded the form to the free webmaster from the domain webmaster and *then* set up the free Google Webmaster to forward to my personal email accounts in Google, in Hotmail, and on one of my own hosted domain emails and all of them work just fine – to me – but not to the company using the Google account App emails.

    What I get is a hard bounce if I sent the form results to any and all of the company emails saying that there is no such email account. So I go into the filters section of their Gmails and there are no filters, nothing in spam, no way to adjust or allow emails from the Gravity form.

    I’m out of ideas or options and nowhere on the web am I seeing anything helpful that I can implement because the Hostmonster DNS MX records don’t have the same names for the fields I’m seeing for Google, and there aren’t enough of them.

    Any advice would be appreciated. This is the third week I’m spending on getting this problem resolved.

    1. Avatar photo
      Paul Cunningham

      Some web hosts have default configs on the server you’re being hosted on such that all email is delivered to the local server, regardless of the MX records you have in DNS. The assumption they are making is that customers will use the free email accounts hosted on the server. Which many do.

      If they are providing you a CPanel interface for your account there is an MX setting in there where you can tell it to always deliver locally vs always use the MX record.

      Saying you’re getting a hard bounce is part of the info someone would need. The info in the bounce message is important, it will say which server rejected the message (eg was it a Google server or a Hostmonster server…).

      Really this is something you should be able to sort out using their support. If you contact them and say that you want to use Google Apps only, and that you’ve got the the MX records Google asks for in place, and that you’re still getting a bounce message, they should be able to help you.

      If not, find a web host with better support.

      1. David Curtis

        Thanks Paul, I was able to sort it out with your help by recreating all of the MX record fields in Hostmonster, deleting all of the Hostmonster free mail account defaults, and then switching the whole Webstarts DNS over with a simple full NS change. What an ordeal to achieve (what should have been) a simple goal! I thank you for providing the clarity I needed to resolve this.

  41. david

    Hi paul
    I am a affiliate marketer actually I will facing a ip black listing problem due to hit a trap ( trap mean a email id basically is used for tracking a email sender activities by some organization like spam house. Sorbs like this) because of trap I am loss my server.
    I have concern with senior mailer they are suggest me if you want to remove trap(tracking email id or domain) from your mailings data so MX record is only way to found a trap in you mailing data
    That’s why I request you please guide me how to found it and remove from my emailing data list. Please reply you suggestions its beneficial for me

    Thanks in Advance
    David

    1. Avatar photo
      Paul Cunningham

      If you’re hitting spam traps then your email acquisition method is bad. I can’t help you clean up your list, that is your job.

  42. ez

    Hi Paul,

    Need advice from you. We have web and mail server using one public ip. Our smtp, pop3 and imap configuration using abc.com

    Now we like to have new public ip for webmail. What is the impact for changing the ip address. Especially our smtp pop3 and imap configuration for client using mail software i.e outlook.

    Another question is since we want to use new public ip for webmail. We want to create new imap hostname e.g imap.abc.com pop3.abc.com and smtp.abc.com and we want to remain old imap configuration abc.com for existing client that been configured at their outlook.

    What is your best solution for this migration?

    Thanks in advance.

  43. porbar

    We currently have SBS2003 running EXCH2003 and our ISP (Time Warner) host our email and we see 2 MX records on our account for our domain at our web host (Network Solutions) . We use the POP3Connector to download emails from the ISP and the SMTP connector is configured to “Use DNS to route each address space on this connection.”

    We are now moving to Exchange 2013 (on separate hardware) and would like to continue having our ISP host our email. We do have a static IP but not sure how to host our own mail or if we should–small office, 10 mailboxes max. We created our Send Connector to use the MX records option and have not done anything with the Receive connectors.
    Right now these two Exchange servers our on same Internet connection, using the 1 Static IP (with two routers). The internal domain names are different.
    How can we test Send/Receive of our email, both internally & externally, on the new Exchange 2013 server without interfering with mail flow on the 2003 box? We plan to create two “fake” user accounts with exchange 2013 mailboxes for our testing. Note, no mailboxes that are in use on the 2003 server will be added to the Exch 2013 server during testing.
    Thanks!

    1. Avatar photo
      Paul Cunningham

      For 10 mailboxes an on-premises Exchange 2013 server is overkill. Have you considered Office 365?

      To answer your question, you just need to point an MX record for an email domain (any email domain, a test one is fine as long as you configure Exchange 2013 to accept it) to your public IP and NAT that IP to your Exchange 2013 server for port TCP 25.

  44. christopher

    hello Paul,

    i have just installed exchange 2010 and i pointed my Mx records to the public ip address of my server, but still i cannot receive emails, currently my host is godaddy and i want to use my exchange server for both incoming and outgoing mails, i tried to added mx record in godaddy dns manager but still i cannot receive emails, is there anything my ISP needs to do on my public IP address?

    kindly assist

    1. Avatar photo
      Paul Cunningham

      If you’ve just made the change it might just be a DNS caching/propogation delay.

      Or it might be your ISP blocking inbound TCP 25, or your firewall blocking it.

      Go to exrca.com and run the inbound SMTP test and see what it says about it.

  45. Million

    Hi Paul,

    Well Am using Microsoft ISA server 2004 and configured it with Edge Firewall, I have A Domain Controller of windows server 2012 (DNS + AD), I also install and configured Microsoft 2003 Exchange server for mail, I have a routable IP on the External side of the ISA Server, I have configured the Isa server as follow …… first i allow a DNS protocol from My Internal Domain controller to the local host, along with i point the Internal domain controller to forward queries to the internal interface of my ISA server, and inter configured my Isa server Stub DNS to forward queries to My ISP DNS server, and then I configured MX record in My internal Domain Controller DNS server to point to My Exchange server, and then I configured the Inbound and outbound SMTP mail server rule in the ISA server Firewall policy rule, Now after doing the above procedure … I can send email to any mail server available on the internet .. but i just can’t receive any, Please help what should I do … or just any idea on my case would help ..and thnx in advance.

    1. Avatar photo
      Paul Cunningham

      External servers find you by doing an MX record lookup in DNS. They need to be able to find your MX record in publicly accessible DNS servers. So wherever your public DNS servers are, that is where you need to add the MX record so that people can send you email.

  46. Vikram Patil

    Hello Paul,

    I need your help, recently my organization has taken backup ISP (internet lease Line) now we need to configure this line as backup line,so how can i configure this line is backup line.can you provide me step by step configuration then we can follow the steps and configure.
    Because if my first internet line goes down that time we can not access exchange server,this hamper on my business.

    please send me step by step configuration for 2nd internet line.

    1. Avatar photo
      Paul Cunningham

      Add an MX record in your DNS that points to the IP address of the backup internet connection.

      1. Vikram Patil

        Hi Paul,

        My MX record point to godaddy so how to add my 2nd ISP address in to DNS.
        And how it will work if my first line goes down. can you send the details so i can configure send connector and receive connector as well as MX and DNs.

        Thank you for help and support.

  47. Fred Quansah-Haylse

    Hello Paul,

    Thanks for this great article.

    i am however facing a challenge receiving emails from external domains on my email server (icewarp messaging server). i can however send emails from my internal domain to external domains. An MX lookup (MXtoolbox.com) also shows that MX records point to my public IP address.

    An SMTP email server test however gives a result of reverse DNS failed. What could be the problem please?

    kind regards.

  48. Shadab Ahmad

    Hi Paul
    we have an issue with only one specific domain when ever the users from there end send email to us the emails are delivered to our another mail server which is hosted with godaddy.My question is if I have the least priority of my mx record why the emails are being sent to godaddy hosted server.

    1. Avatar photo
      Paul Cunningham

      If one of your MX records points to GoDaddy then you should expect some mail to go to that server. Fiddling with the MX priorities won’t stop that from happening.

      1. jmox

        Could you explain a bit more about? I have Exchange Online and QMail Server, I do not know why it’s happen, but it does and so often.

        The priority is set to delivery the mails to Exchange Online, and the connectors and DNS Records are properly configured.

        Thank you.

        1. Avatar photo
          Paul Cunningham

          What more do you need to know? If you have multiple MX records, expect the sending servers to make use of all of those MX records. If your MX records point to two separate email systems, mail will deliver to both systems. It will be random and unpredictable, and you can’t stop it as long as you have MX records pointing at both systems.

  49. Mostafa

    Thank You Paul for your quick response so what shall I do if I want the incoming message deliver on both servers

  50. Mostafa

    Hi Paul;
    I have an exchange server running and I have mx record pointing to this mail server lets call it xmail.abc.com
    we are planning to add another mail server but its Linux based and its zimbra mail server lets call it zmail.abc.com.
    I want the incoming mail reached each server is this line dns configuration right?

    xmail A xxx.xxx.xxx.12
    zmail A xxx.xxx.xxx.13

    abc.com MX preference = 10, mail exchanger = xmail.abc.com

    abc.com MX preference = 10, mail exchanger = zmail.abc.com

    My question if I make same mx preference 10 and 10 can my users receive mail at the 2 servers ? and if one server crash can my users find emails at the other server?

    Regards

    1. Avatar photo
      Paul Cunningham

      No, the sending server will pick one MX each time and send email to that server only. It will not send the same message to both servers at the same time.

  51. Julian

    Hi Paul,

    Thanks for your article. Can I please ask a question – I am moving my website to a new host but the MX records are staying the same (= Microsoft Exchange). I will add the MX records to the new web host’s DNS interface before changing the DNS records to the new web host’s Nameserver details. I know that changing MX server can bring several hours of email downtime but here I am not changing the MX server – I am just copying the MX records from one host to another. So should I expect some period of email downtime ie delivery failures?

    Thank you…

    1. Avatar photo
      Paul Cunningham

      If the MX isn’t actually changing I would not expect any downtime.

      1. David Curtis

        I did this late last year and it went smooth as glass until two days ago when I had to unasigjn and reassign the domain (and the MX records went poof). Then I just went to the name registrar’s and swithched the DNS back to them and (for the Google mail accounts to work) and pointed the A record IP address toward the new hosting. Either works. That was quicker and easier though as long as the IP remains static.

  52. jhon

    Hi Paul,

    I have uploaded new website on apache server. which supports only pop but no smtp service. so, not going to use their server but point my mX to (domain 0 aspmx.l.google.com) by default.

    I have set MX Record through domain name panel..which too provide MX exchange server.
    I do also permission to use another MX service (say awesome= pop/Imap/smtp all with webspace for my domain)

    Please suggest how to configure MX record for both “awesome MX’ and “l.google.com”

    Regards,

    prompt reply will be appreciated.

    1. Avatar photo
      Paul Cunningham

      I don’t understand what you mean by “awesome MX”.

      If you want to use Google for hosting your mail set up your MX records to point to them by following the instructions they provide.

  53. Roushan Khan

    Hello Paul,

    Got some clear ideas on MX entries for mail routing.
    I would like to know, can I have two mail services in one domain.

    I am currently using qmail SMTP services on a linux server and I want to migrate only 50% of my users in MS Exchange. Is it recommended or I will face big issues while handling two admins.

    And how can i integrate the both server into one domain.

    Please guide me.

    Regards,
    Roushan
    +918286535813

  54. Joe Pacheco

    Hi,
    We are installing exhange on server and house our email . We have web.com as our pop provider. So we changed the DX priority of the pop to lowest. The higher priority to the server. We figure if emails or server is down the emails will stay with web.com. However, the emails still go to the pop account and not the exchange setup one.

  55. Sid

    Hi Paul

    Thanks for this article. I have created my external MX record and thats fine. I have an edge transport server in the DMZ and a Hub Transport server in the private network. Do I need to set up an internal Alias or MX records called mail.mydomain.com on my internal DNS server for my Hub transport or Edge server?

    thanks, Sid

      1. Sid

        Thanks, i figured it out and got it working.
        Great website, thanks.

  56. Kamran

    Hi Paul,

    I have installed new exchange 2010 envirnament. created a send and recieve connector for direct communication to the internet. Our network manager has changed the MX record. The internal email flow is working fine but external email is not working. That is, if i send email from internal user to yahoo, it doesn’t work. Also it doesn’t work if I send email from external email to internal.

    when I check the queue viewer, the email send to yahoo.com says delivery type dnsconnectordelivery and they status is retry, please help???

    Many thanks in advance.

    Muhammad Kamran.

    1. Avatar photo
      Paul Cunningham

      My guess would your firewall is not allowing SMTP traffic in and out between the internet and your Exchange server.

      1. David Curtis

        SMTP is out, POP is in. Two different ports.

Leave a Reply