What Is A DNS MX Record? Why You Need It & How It Works

DNS MX Record

Fancy this for a second: you just launched yourownbrand.com. The site looks perfect, the “Contact Us” form is live, and a potential client sends your first inquiry. You wait for the email alert, but nothing arrives. A friend soon messages, “I tried emailing you and it bounced back.”

That quiet failure points to a missing piece in your DNS settings: the DNS MX record. It is the street address for your domain’s email. If it is wrong or missing, mail servers circle around, get lost, and give up.

What Is a DNS MX Record?

Think of the mail exchanger MX record as the “postal address” for your domain’s email. When someone sends a message to you@example.com, the sending mail server looks up your domain’s MX entry in DNS. That record tells the sender which mail server (and in what order) should accept the mail.

In plain terms:

User hits Send.
The sender’s mail server asks DNS, “Where do I drop this letter for example.com?”
DNS replies with one or more MX records, plus numeric priorities.
The sending server delivers to the top-priority host first, and if that fails, moves down the list.

No mail exchange record, no email.

‍

‍{{cool-component}}‍

‍

What Is a Backup MX Record?

A backup (secondary) MX record is an extra MX entry with a higher priority number, often 20 or 30. If the primary mail server times out, senders retry the backup host instead of bouncing the message. The backup can:

Be a second server at the same provider.
Sit in another data center for disaster recovery.
Point to a store-and-forward service that queues mail until the main host returns.

Why You Need MX Records

If your DNS MX record is missing or wrong, every email sent to you hits a dead end. With a proper MX entry in place you get:

Guaranteed delivery. Mail servers know exactly where to send messages.
Backup routes. A second or third MX records entry lets mail fall back to another server when the main one is offline.
Easy migrations. Point the MX list at a new provider and users never notice the switch.
Spam filtration. Some services filter junk before it touches your mailbox, but only if your mail exchange record points to them.

How MX Records Work (Priority, Host, TTL)

Every record has three parts:

Part	What it does	Example
Priority	Lower number gets tried first	10
Host	Mail server name, not an IP	mail1.example.net
TTL	How long other DNS servers cache the answer	3600 seconds

If you publish two MX records like this:

10 mail1.example.net

20 mail2.example.net

Senders try mail1 first. If it times out, they move on to mail2.

‍

‍{{cool-component}}‍

‍

Adding or Editing an MX Entry

Here’s how to change MX entries:

Sign in to your DNS host.
Open the zone editor for your domain.
Choose Add Record, pick MX.
For Name use @ to cover the root domain.
Enter a priority. Begin with 10 for the main server.
Enter the host value, for example mail.example.net.
Keep TTL at 3600 unless you plan a quick swap; then 300 helps.
Save. Remove outdated records so they do not confuse senders.
Wait for propagation. New values appear worldwide after the TTL expires.

MX for Subdomains

Creating an MX record for support.example.com (or any subdomain) works exactly like the root, but DNS will not inherit the parent’s settings; you must publish a separate entry.

Step	What to do	Example
1	Add an MX under the subdomain	Name = support Priority = 10 Host = mail.support.example.com
2	Point that host at an A/AAAA record	mail.support.example.com → 203.0.113.50
3	Keep SPF/DKIM in sync	Include the subdomain in the SPF record (`v=spf1 mx include:_spf.example.com ~all`) and create DKIM keys under `selector._domainkey.support.example.com`.

Why bother? Marketing, support, and billing teams often need separate mail flows, spam policies, or even different providers. A dedicated subdomain keeps each pipeline clean.

How to Move to a New Mail Provider Without Losing Messages

Switching providers feels scary, but a careful MX-record hand-off keeps every message safe.

Lower the TTL a day before the cut-over
In your DNS zone set the TTL of the current MX entry to 300 seconds. Short caching lets the world see new values within minutes instead of hours.
Add the new provider’s MX records while the old ones stay live
Publish the fresh DNS MX record set with a higher (worse) priority number, for example 20. Mail now prefers the old server (priority 10) but can already see the new one.
Copy or forward existing mailboxes
Use the provider’s migration tool or an IMAP sync command so the new inboxes match the old ones before traffic shifts.
Flip priorities when testing looks good
Change the new mail exchanger MX record to priority 10 and bump the old host to 20. Mail flows to the new server first and falls back to the old one if anything breaks.
Keep the old MX records for at least 72 hours
Stragglers with cached data still deliver to the old host; those messages can forward to the new address or remain reachable through webmail.
Remove the deprecated MX list after a week
Once zero mail hits the legacy server you can delete its records and raise TTL back to 3600 for stability.

Follow that order and no message vanishes during the move.

Testing Your Mail Exchanger MX Record

If you change your mail exchanger MX record and mail still bounces, run the dig command again. If the old data appears, caching is still in play. Wait until the TTL window closes.

Command line: dig +short MX yourdomain.com shows the live list.
Web tool: MXToolbox checks priorities and flags errors.
SMTP probe: telnet mail.example.net 25 ensures the server greets you.
Real mail test: Send a message from a Gmail or Outlook account and confirm arrival time.

You can also use python to query an MX record. Here’s how that would look:

import dns.resolver

answers = dns.resolver.resolve('example.com', 'MX')

for rdata in answers:

print(rdata.preference, rdata.exchange)

How MX Records Work with SPF, DKIM, and DMARC for Email Security

Your MX records tell the world where to deliver mail, but senders also judge if the message is genuine. Three TXT records handle that job:

Record	Purpose	How it links to MX
SPF	Lists hosts allowed to send mail for your domain.	Include the new provider’s outbound servers the same day you add its MX list, or replies may bounce.
DKIM	Publishes a public key; the provider signs each message with the private key.	Each key lives under `selector._domainkey.example.com`; keep old DKIM keys active until traffic fully cuts over.
DMARC	Sets the enforcement rule (`none`, `quarantine`, or `reject`) when SPF or DKIM fail.	Update the “rua” and “ruf” report addresses if those mailboxes move with the provider.

Add or update these TXT records along with the new mail exchange record so your outbound mail passes every spam filter on day one.

‍

‍{{cool-component}}‍

‍

Can MX Records Point to a CNAME?

No. RFC 2181 forbids an MX record from targeting a CNAME. The DNS MX record must reference a hostname that resolves directly to an A or AAAA address. If you see bounces saying “CNAME loop” fix the zone by:

Creating an A record like mailstore.example.net → 192.0.2.10.
Pointing the MX record to that A record’s name, never to the CNAME.

Conclusion

A properly configured DNS MX record is the map that directs every message to your inbox. Set clear priorities, point each MX entry to the correct host, and test after saving. Keep an eye on TTL values while migrating, publish supporting SPF and DKIM records, and your email just works.

Miss any of these steps and mail servers keep circling the block, envelopes in hand, looking for a door that is not there. With the right MX records in place, the door always stays open.

‍

Published on:

July 25, 2025