MX (Mail Exchange) records direct email traffic to the correct mail servers, with priority values determining the order servers are tried.
How MX records work
- When sending email to [email protected], the sender's server queries DNS for example.com's MX records.
- DNS returns a list of mail servers with priority values (lower = higher priority).
- The sender connects to the highest-priority server; if unavailable, tries the next.
- The receiving server accepts the email for local delivery.
MX record format
example.com. IN MX 10 mail1.example.com.
example.com. IN MX 20 mail2.example.com.
example.com. IN MX 30 backup.example.com.
Priority values
- Lower numbers = higher priority (tried first).
- Equal priorities = random distribution (load balancing).
- Higher numbers = backup servers used when primary fails.
- Typical values: 10, 20, 30 (allows room for additions).
Common configurations
- Cloud email: Points to provider (aspmx.l.google.com, mail.protection.outlook.com).
- Email gateway: Points to security vendor for filtering before delivery.
- Hybrid: Mix of cloud and on-premises servers.
- Backup: Secondary MX at higher priority for redundancy.
Security implications
- Changing MX records affects all email routing for the domain.
- Attackers may monitor MX records to identify email infrastructure.
- Misconfigured MX records can cause email delivery failures.
- SPF records must authorize MX servers to send email.
Related Tools
Related Articles
View all articlesCheck Point Harmony vs Proofpoint: Choosing Email Security for Google Workspace
Compare legacy Secure Email Gateways (SEG) like Proofpoint with modern API-based email security solutions like Check Point Harmony for Google Workspace environments. Learn why architecture matters for cloud email protection.
Read article →
SOC Alert Triage & Investigation Workflow | Complete Guide
Master the complete SOC alert triage lifecycle with this practical guide covering SIEM alert handling, context enrichment, threat intelligence correlation, MITRE ATT&CK mapping, and incident escalation. Learn industry frameworks from NIST, SANS, and real-world best practices to reduce MTTC by 90% and eliminate alert fatigue.
Read article →
Data Breach Response & Notification Workflow | GDPR & HIPAA
Master the complete data breach response workflow from detection to recovery. This comprehensive guide covers GDPR 72-hour notification, HIPAA breach reporting, forensic investigation, regulatory compliance, and customer notification strategies with practical tools and legal frameworks.
Read article →
How do I troubleshoot DNS resolution failures?
DNS failures prevent websites and services from loading. Learn systematic troubleshooting approaches to diagnose and resolve DNS resolution issues.
Read article →Explore More Networking
View all termsBGP (Border Gateway Protocol)
The routing protocol that exchanges network reachability information between autonomous systems, forming the backbone of Internet routing.
Read more →DNS
The Domain Name System translates human-readable domain names into IP addresses that computers use to connect to websites and services.
Read more →DNSSEC (DNS Security Extensions)
A suite of specifications that add cryptographic authentication to DNS responses, preventing DNS spoofing and cache poisoning attacks.
Read more →Domain Name System (DNS)
The hierarchical naming system that translates human-readable domain names into IP addresses.
Read more →IP Address Geolocation
The process of determining the geographic location of an internet-connected device using its IP address.
Read more →MAC Address
A unique hardware identifier assigned to network interfaces for local network communication.
Read more →