This question has been asked frequently enough, so it makes sense to clarify another SMTP myth that many IT folks hold dear:
No MX records = no email
Yes, mail can indeed be delivered to a domain even if it does not have MX records.
Let’s take a look at what RFC 2821 says:
– Once the domain is identified SMTP must perform a DNS lookup and first attempt to locate an MX record.
– If no MX records are found but an A record is found, it is treated as if it was associated with an implicit MX record with a preference of 0 pointing to that host – also known as the “implicit MX” rule.
– Further, if MX records are indeed found but mail delivery to these fails, the “implicit MX” rule to use the A record should not be used and the situation reported as an error, unless one of the the MX records actually points to the host in the A Record.
– Finally, if more than one MX records are found with same preference values, an SMTP sender should rotate between these.
For instance, we try sending a message to [email protected], and the domain does not have any MX records, as the following test shows:
Nslookup cannot resolve MX record:
C:\>nslookup -type=mx somedomain.com
somedomain.com
primary name server = ns1.ispserver.net
responsible mail addr = dns.ispserver.net
serial = 2006040700
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
However, there’s an A record (same name as the domain, designated as “@”, or the A record that you see as (same as parent folder) in Windows Server DNS management console) that resolves:
C:\>nslookup somedomain.com
Non-authoritative answer:
Name: somedomain.com
Address: 64.40.201.25
If the host that this A record points to accepts SMTP mail on the well-known (tcp) port 25, you can deliver mail to this domain without any MX records.
To create an A record for your domain using Windows Server’s DNS management console, leave the (host) Name field blank when creating the new A record, and enter an IP address to map it to.
Nevertheless, not having MX records is not a good practice. Think about the implication it has on your DNS server— the sending host will first try to lookup MX records, and then lookup an A record for your domain. You’re inviting extra load to your DNS server(s) by not having MX records.
MX records also allow you to route inbound mail to more than 1 hosts using the preference value to load-balance or failover.
{ 2 comments… read them below or add one }
I’ll note that you can actually have multiple A records, so you can achieve a single tier of load balancing using implicit MX behavior. More and more these days, having multiple tiers of MX handlers is just inviting your lower-priority MX machines to get spammed, thus bypassing a lot of your message hygiene functionality.
I should also note that the extra load on the DNS servers may not be that much; they’re going to return the results of the A record lookup anyway (unless the MX record points to a host in a zone not on your servers), so you’re saving at most an incoming query packet.
But all that aside, yes — I’ve always been an advocate of not relying on default behavior. If you want something to happen a particular way, say so. That way you don’t change something down the road and get an unpleasant surprise because you failed to think of the consequences.
Is there a way of increasing the timeout used by Exchange 2003 when it looks up an MX record? I can tell from the event logs and by using nslookup that our Exchange server sends to the A record address of a couple of recipient domains because it doesn’t get a fast enough response.
Any suggestions appreciated!
{ 1 trackback }