An MX (Mail eXchange) record is a type of DNS record that gives one or more host names of the email servers that are responsible for and authorized to receive email for a given domain. If the MX record has more than one host name, each name has a number that tells which is the most preferred host and which hosts to try next if the most preferred host is not available.
When an email server sends email, it first does a DNS query for the MX record of the recipient’s domain. When it gets the response, the sending email server knows the host names of authorized mail exchangers for the recipient’s domain. To get the IP addresses associated with the MX host names, a mail server does a second DNS lookup for the A record of the host name. The response gives the IP address associated with the host name. This lets the sending server know what IP address to connect to for message delivery.
Many anti-spam solutions, including those used by most major ISP networks and web mail providers such as AOL, MSN, and Yahoo!, use a reverse MX lookup procedure. Different variations of the reverse lookup are used, but the goals are the same: the receiving server wants to verify that the email it receives does not come from a spoofed or forged sending address, and that the sending server is an authorized mail exchanger for that domain.
To verify that the sending server is an authorized email server, the receiving email server tries to find an MX record that correlates to the sender’s domain. If it cannot find one, it assumes that the email is spam and rejects it.
The domain name that the receiving server looks up can be:
Before the receiving server continues the transaction, it makes a DNS query to see whether a valid MX record for the sender’s domain exists. If the domain has no valid DNS MX record, then the sender is not valid and the receiving server rejects it as a spam source.
Because outgoing connections from behind your XTM device can show different source IP addresses when your XTM device uses multi-WAN, you must make sure that your DNS records include MX records for each external IP address that can show as the source when you send email. If the list of host names in your domain’s MX record does not include one for each external XTM device interface, it is possible that some remote email servers could drop your email messages.
For example, Company XYZ has an XTM device configured with multiple external interfaces. The XTM device uses the Failover multi-WAN method. Company XYZ’s MX record includes only one host name. This host name has a DNS A record that resolves to the IP address of the XTM device primary external interface.
When Company XYZ sends an email to [email protected], the email goes out through the primary external interface. The email request is received by one of Yahoo’s many email servers. That email server does a reverse MX lookup to verify the identify of Company XYZ. The reverse MX lookup is successful, and the email is sent.
If a WAN failover event occurs at the XTM device, all outgoing connections from Company XYZ start to go out the secondary, backup external interface. In this case, when the Yahoo email server does a reverse MX lookup, it does not find an IP address in Company XYZ’s MX and A records that matches, and it rejects the email. To solve this problem, make sure that:
MX records are stored as part of your domain’s DNS records. For more information on how to set up your MX records, contact your DNS host provider (if someone else hosts your domain’s DNS service) or consult the documentation from the vendor of your DNS server software.
About Using Multiple External Interfaces
About Policy Properties