RFC 2821 and the “implicit MX” rule: Can you really get mail without an MX record?

by Bharat Suneja

This question has been asked frequently enough, so it makes sense to clarify another SMTP myth that many IT folks hold dear:

No MX records = no email

Yes, mail can indeed be delivered to a domain even if it does not have MX records.

Let’s take a look at what RFC 2821 says:
– Once the domain is identified SMTP must perform a DNS lookup and first attempt to locate an MX record.
If no MX records are found but an A record is found, it is treated as if it was associated with an implicit MX record with a preference of 0 pointing to that host – also known as the “implicit MX” rule.
– Further, if MX records are indeed found but mail delivery to these fails, the “implicit MX” rule to use the A record should not be used and the situation reported as an error, unless one of the the MX records actually points to the host in the A Record.
– Finally, if more than one MX records are found with same preference values, an SMTP sender should rotate between these.

For instance, we try sending a message to [email protected], and the domain does not have any MX records, as the following test shows:

Nslookup cannot resolve MX record:

C:\>nslookup -type=mx somedomain.com

somedomain.com
     primary name server = ns1.ispserver.net
     responsible mail addr = dns.ispserver.net
     serial = 2006040700
     refresh = 28800 (8 hours)
     retry = 7200 (2 hours)
     expire = 604800 (7 days)
     default TTL = 86400 (1 day)

However, there’s an A record (same name as the domain, designated as [email protected], or the A record that you see as (same as parent folder) in Windows Server DNS management console) that resolves:

C:\>nslookup somedomain.com
Non-authoritative answer:
Name: somedomain.com
Address: 64.40.201.25

If the host that this A record points to accepts SMTP mail on the well-known (tcp) port 25, you can deliver mail to this domain without any MX records.

To create an A record for your domain using Windows Server’s DNS management console, leave the (host) Name field blank when creating the new A record, and enter an IP address to map it to.

Nevertheless, not having MX records is not a good practice. Think about the implication it has on your DNS server— the sending host will first try to lookup MX records, and then lookup an A record for your domain. You’re inviting extra load to your DNS server(s) by not having MX records.

MX records also allow you to route inbound mail to more than 1 hosts using the preference value to load-balance or failover.

{ 2 comments… read them below or add one }

Devin L. Ganger January 11, 2007 at 4:43 am

I’ll note that you can actually have multiple A records, so you can achieve a single tier of load balancing using implicit MX behavior. More and more these days, having multiple tiers of MX handlers is just inviting your lower-priority MX machines to get spammed, thus bypassing a lot of your message hygiene functionality.

I should also note that the extra load on the DNS servers may not be that much; they’re going to return the results of the A record lookup anyway (unless the MX record points to a host in a zone not on your servers), so you’re saving at most an incoming query packet.

But all that aside, yes — I’ve always been an advocate of not relying on default behavior. If you want something to happen a particular way, say so. That way you don’t change something down the road and get an unpleasant surprise because you failed to think of the consequences.

Reply

liegerm May 22, 2008 at 8:04 am

Is there a way of increasing the timeout used by Exchange 2003 when it looks up an MX record? I can tell from the event logs and by using nslookup that our Exchange server sends to the A record address of a couple of recipient domains because it doesn’t get a fast enough response.

Any suggestions appreciated!

Reply

Leave a Comment

{ 1 trackback }

Previous post:

Next post: