Using mail.example.com for the MX DNS record

Flame

5/15/24, 11:59 PM

I was wondering why I couldn't get the mailing on my domain ("example.com" below) to work.

The hosting provider states that I have to use s18.myexampleprovider.com (having IP 123.123.123.123) as the MX value if I have my domain externally (which I have; this configuration works), but why doesn't it work (can't connect) when I assign mail.example.com as the MX value and have an A record for this subdomain that points to the IP of s18.myexampleprovider.com? Is a hostname required because an IP could house multiple mail servers? If so, is there a way to make it work with mail.example.com so setup for mailclients is more straightforward?

Non-working configuration:

Type	Name	Content
A	mail.example.com	123.123.123.123 (which is s18.myexampleprovider.com)
MX	example.com	mail.example.com

Working configuration:

Type	Name	Content
MX	example.com	s18.myexampleprovider.com

139

1 + 0

domain-name-system

mx-record

Score:2

Server

Keith Langmead

5/16/24, 5:34 AM

OK, so there are two issues here.

With the MX record itself, with most providers you likely can't just point your own A record to their mail server because it will break secure SMTP connections. The provider will have an SSL certificate on the server(s) at s18.myexampleprovider.com to secure the connection used to delivery email from the 3rd party to your provider. If you set your MX record to mail.example.com, any 3rd parties trying to deliver email to you via your email provider will make the connection, the test of the SSL connection will fail (since the SSL certificate contains s18.myexampleprovider.com not mail.example.com and drop the connection rather than deliver the email, since it will look like it's been directed to an invalid server.
If your concern is regarding setting up your users then the MX records aren't relevant. MX records are used to tell 3rd parties where to deliver email for your domain, NOT for your users to specify the server to which they connect to receive email. The email provider will likely also specify a server address for you to connect to for receiving email, and it will often be something completely different to the MX record, for instance they might specify that as mail.myexampleprovider.com and be pointed at completely different servers (depending on the size of the provider). You could in theory point your mail.example.com at THAT address, but you'd again have the issue that they'd be unable to connect securely to the mail server to receive their mail due to the SSL certificate not matching again, and they'd get loads of SSL errors. They could potentially click through them regardless, but aside from be terrible security, that sounds way more hassle for your users than them simply having to type a slightly longer address ONCE when they setup their email.

The only way around all that would be to get your provider to include your mail.example.com address in their SSL certificate so the connection security worked, but I doubt many providers would support that.

+ 2

Esa Jokinen

5/16/24, 5:40 AM

By default, SMTP accepts any certificate. That is unless MTA-STS ([RFC 8461](https://www.rfc-editor.org/rfc/rfc8461.html)) has made it mandatory to use trusted certificates or there is a DANE binding ([RFC 6698](https://www.rfc-editor.org/rfc/rfc6698)).

Nikita Kipriyanov

5/17/24, 5:01 AM

You can configure your MTA so it will check and refuse untrusted certificates even without STS. I think this is gray area and it is reasonable to require the name of the MX to be listed in its certificate.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Using mail.example.com for the MX DNS record

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.