← RFC Reference

DNS and Mail Routing

Email Concepts Encyclopedia
ELI5: Imagine you want to send a letter to someone at a company. You don’t know the exact building, so you call the company’s switchboard (DNS) and ask “where should I send mail?” (MX query). They give you a list of mail rooms ranked by preference. You try the first one. If it is closed, you try the next. If the company has no switchboard listing, you try the main office address (A record). If they’ve put up a sign saying “no mail accepted” — that’s a Null MX.

How DNS drives the entire email delivery path — MX records, priority and failover, A/AAAA fallback, Null MX, PTR records, and the DNS records that every sending domain needs.

The Mail Routing Algorithm

When a sending server needs to deliver a message to user@example.com, it follows this algorithm, defined in RFC 5321 Section 5:

  1. Query MX records for example.com
  2. If MX records exist, sort by priority (lowest number = highest preference)
  3. For each MX hostname, resolve its A and/or AAAA records to get IP addresses
  4. Try connecting to the highest-priority MX. If it fails, try the next one.
  5. If no MX records exist (NODATA response), fall back to the domain's A/AAAA record and attempt delivery there
  6. If the MX record is a Null MX (0 .), the domain does not accept mail — generate a permanent failure
  7. If the domain does not exist at all (NXDOMAIN), generate a permanent failure

MX Records

The MX (Mail Exchanger) record is the primary DNS record type for mail routing. It maps a domain to one or more mail servers with priorities:

$ dig +short MX example.com
10 mx1.example.com.
20 mx2.example.com.
30 mx-backup.example.com.

Each record has two parts:

Priority and failover

In the example above, the sender tries mx1.example.com first (priority 10). If that server is unreachable, returns a 4xx temporary error, or the connection times out, the sender tries mx2.example.com (priority 20), then mx-backup.example.com (priority 30).

If multiple MX records share the same priority, the sender should randomize among them. This provides load balancing:

10 mx1.example.com.
10 mx2.example.com.
10 mx3.example.com.

Here, all three servers have equal priority. The sending server picks one at random for each delivery attempt, distributing load across all three.

MX must point to a hostname, not an IP

An MX record's exchange field must be a hostname. It cannot be an IP address (RFC 5321 is explicit about this). The hostname itself must resolve to an A and/or AAAA record. It must not be a CNAME — while some resolvers tolerate MX targets that are CNAMEs, this is technically forbidden and causes interoperability problems.

MX must not point to a CNAME

This is a common misconfiguration. If mx1.example.com is a CNAME pointing to mail.provider.com, some sending servers will fail to deliver. Always use A/AAAA records for MX targets.

A/AAAA Fallback

If a domain has no MX records at all (not even a Null MX), the sending server falls back to the domain's A or AAAA record and attempts SMTP delivery there. This is called the "implicit MX" rule.

; No MX records for tiny-domain.com
tiny-domain.com. IN A 198.51.100.50

The sending server will attempt to deliver to 198.51.100.50 on port 25. This works, but it is considered bad practice for any domain that actively sends or receives mail. Always publish explicit MX records.

The fallback only applies when there are zero MX records. If MX records exist but all MX hosts are unreachable, the sender does not fall back to the A record — it queues the message for retry.

Null MX: "This Domain Does Not Accept Mail"

RFC 7505 defines the Null MX — a way to explicitly declare that a domain does not accept email:

no-mail.example.com. IN MX 0 .

The single dot (.) as the exchange, with priority 0, means "do not attempt delivery." The sending server should immediately generate a permanent failure (5.1.2 — bad destination system) rather than wasting time connecting.

Use Null MX for:

Without a Null MX, senders will fall back to the A record and waste time attempting connections that will never succeed.

PTR Records: Reverse DNS

A PTR record maps an IP address back to a hostname. It is the reverse of an A record:

; Forward lookup
mail.example.com. IN A 198.51.100.42

; Reverse lookup
42.100.51.198.in-addr.arpa. IN PTR mail.example.com.

PTR records are not part of the MX routing algorithm, but they are critical for deliverability. Most major mailbox providers check the PTR record of the connecting server's IP address:

PTR records are managed by the owner of the IP address block (typically your hosting provider or ISP), not through your domain's DNS. You may need to contact your provider to set or change PTR records.

DNS Records Every Sending Domain Needs

Here is the complete set of DNS records for a domain that sends email through a service like Mailer To Go:

; MX records (for receiving mail)
example.com. IN MX 10 mx1.example.com.
example.com. IN MX 20 mx2.example.com.

; A records for MX hosts
mx1.example.com. IN A 203.0.113.10
mx2.example.com. IN A 203.0.113.11

; SPF record (who can send as this domain)
example.com. IN TXT "v=spf1 include:_spf.mailertogo.com -all"

; DKIM public key (for signature verification)
mtg._domainkey.example.com. IN CNAME mtg._domainkey.mailertogo.com.

; DMARC policy
_dmarc.example.com. IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"

; MTA-STS policy (enforce TLS for incoming mail)
_mta-sts.example.com. IN TXT "v=STSv1; id=20260311"

; TLSRPT (TLS failure reporting)
_smtp._tls.example.com. IN TXT "v=TLSRPTv1; rua=mailto:tls-reports@example.com"

For a domain that sends but does not receive mail (e.g., a subdomain used for transactional email):

; Null MX (does not accept mail)
notifications.example.com. IN MX 0 .

; SPF, DKIM, DMARC as above
notifications.example.com. IN TXT "v=spf1 include:_spf.mailertogo.com -all"
mtg._domainkey.notifications.example.com. IN CNAME mtg._domainkey.mailertogo.com.
_dmarc.notifications.example.com. IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"

TTL Considerations

DNS records have a Time To Live (TTL) that controls how long resolvers cache them. For mail-related records:

When making DNS changes, reduce the TTL before the change (wait for the old TTL to expire), make the change, verify, then increase the TTL back to the operational value.

DNSSEC and Mail

DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records, preventing spoofing and cache poisoning. For email, DNSSEC is particularly important because:

Without DNSSEC, a network attacker can forge DNS responses and redirect or intercept email. DNSSEC adoption for email domains is increasing but not yet universal.

SRV Records for Email Submission

RFC 6186 defines SRV records that mail clients can use to automatically discover submission and IMAP/POP servers:

_submission._tcp.example.com. IN SRV 0 1 587 mail.example.com.
_imaps._tcp.example.com. IN SRV 0 1 993 imap.example.com.
_pop3s._tcp.example.com. IN SRV 0 1 995 pop.example.com.

These are used for mail client autoconfiguration — when a user types their email address, the client queries SRV records to find the correct server, port, and protocol. This is separate from MX-based server-to-server routing.

What Can Go Wrong

Missing MX records

Without MX records, senders fall back to your A record. If your web server is not running an SMTP server on port 25, mail delivery fails after timeout. Always publish explicit MX records, or a Null MX if you don't accept mail.

MX pointing to a CNAME

As noted above, this is technically invalid. Some senders will follow the CNAME; others will fail. Use A/AAAA records for all MX target hostnames.

Circular MX references

If example.com has an MX pointing to mail.example.com, and mail.example.com has its own MX pointing back to example.com, mail can loop. MX targets should be leaf hostnames with A/AAAA records only.

Missing PTR record

Your sending IP has no reverse DNS, or it resolves to a generic ISP hostname. Major mailbox providers (Gmail, Microsoft, Yahoo) will defer or reject your mail. Ensure your sending IPs have PTR records that resolve forward to the same IP.

DNS timeout during delivery

If the recipient domain's DNS servers are slow or unreachable, the sending server cannot resolve MX records. The message is queued for retry. Persistent DNS failures eventually result in a bounce (typically after 4-5 days). There is nothing you can do as a sender — this is the recipient's infrastructure problem.

SPF record exceeds DNS UDP limit

DNS responses over UDP are limited to 512 bytes (or 4096 with EDNS0). A very long SPF record with many include: directives may be truncated. The resolver falls back to TCP, which adds latency and may fail if the DNS server does not support TCP. Keep your SPF record concise.

Debugging DNS for Mail

Essential commands for diagnosing mail routing issues:

# Check MX records
$ dig MX example.com +short
10 mx1.example.com.
20 mx2.example.com.

# Verify MX targets resolve to IPs
$ dig A mx1.example.com +short
203.0.113.10

# Check PTR (reverse DNS)
$ dig -x 198.51.100.42 +short
mail.example.com.

# Verify forward-confirmed reverse DNS
$ dig A mail.example.com +short
198.51.100.42

# Check SPF record
$ dig TXT example.com +short | grep spf
"v=spf1 include:_spf.mailertogo.com -all"

# Check DKIM public key
$ dig TXT mtg._domainkey.example.com +short
"v=DKIM1; k=rsa; p=MIIBIjANBgkqh..."

# Check DMARC policy
$ dig TXT _dmarc.example.com +short
"v=DMARC1; p=reject; rua=mailto:dmarc@example.com"

# Check for Null MX
$ dig MX no-mail.example.com +short
0 .

Key Takeaways

Further Reading

Related RFCs

RFC 5321
SMTP — Mail Routing (Section 5)
RFC 1035
Domain Names — Implementation
RFC 7505
Null MX — No Service for Domain
RFC 6186
SRV Records for Email Submission
RFC 7672
DANE — SMTP Security via TLSA
Guide
How SMTP Really Works
Guide
Email Authentication Explained