57

Let's say I have a domain that I run a web application on, for example cranketywidgets.com, and I'm using Google Apps for handling email for people working on that domain, for example, support@ cranketywidgets.com, jane@cranketywidgets.com, joe@cranketywidgets.com and so on.

Google's own mail services aren't always the best for sending automated reminder emails, comment notifications and so on, so the current solution I plan to pursue is to create a separate subdomain called mailer.cranketywidgets.com, run a mail server off it, and create a few accounts specifically for sending these kinds of emails.

What should the MX records and A records look like here for this?

I'm somewhat confused by the fact that MX records can be names, but that they must eventually resolve to an A record. What should the records look like here?

cranketywidgets.com - A record to actual server like 10.24.233.214

cranketywidgets.com - MX records for Google's email applications

mailer.cranketywidgets.com - MX name pointing to server's IP address

I would greatly appeciate some help on this - the answer seems like it'll be obvious, but email spam is a difficult problem to solve.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Chris Adams
  • 709
  • 3
  • 11
  • 18

3 Answers3

87

You should never point your MX to a IP address to be RFC compliant. Make an A record for the IP address instead and point the MX record to it.

Then the zone should look like this,

    @               IN      MX      1       ASPMX.L.GOOGLE.COM.
    @               IN      MX      5       ALT1.ASPMX.L.GOOGLE.COM.
    @               IN      MX      5       ALT2.ASPMX.L.GOOGLE.COM.
    @               IN      MX      10      ASPMX2.GOOGLEMAIL.COM.
    @               IN      MX      10      ASPMX3.GOOGLEMAIL.COM.
    @               IN      MX      10      ASPMX4.GOOGLEMAIL.COM.
    @               IN      MX      10      ASPMX5.GOOGLEMAIL.COM.
    @               IN      A       10.24.233.214
    mailer          IN      A       10.24.233.214
    mailer          IN      MX      10      mailer.cranketywidgets.com.
Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Oli
  • 104
  • 5
  • 7
13

Do you intend for people to send mail to addresses at @mailer.crankywidgets.com? If not, then you don't need MX records for it. MX plays no role in mail sent from that domain.

Setting up a separate mail server to send mail from addresses @mailer.crankywidgets.com is the right path, and you should set up a proper A record, PTR if the host is dedicated, and SPF records saying that that given IP address is allowed to send mail for the domain.

If all the mail sent out is intended to be notification style, you can set the reply-to address to something like "noreply@crankywidgets.com" and then blackhole that on Google Apps.

The only thing I can see a MX record buying you here is a slightly different SPF record, as you can say "the MX (email receiver) hosts for this domain are also allowed to send mail from this domain". But SPF is versatile enough to say "this arbitrarily named host is allowed to send mail from this domain" too.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
James F
  • 6,549
  • 1
  • 25
  • 23
  • 9
    For anyone stumbling across this, you should setup MX records on the subdomain regardless of whether you intend to receive messages. This will ensure that domain verification can happen. Providers such as iCloud require this to accept messages. – Matt Apr 07 '19 at 05:29
4

As mail is a minefield.

PTR <-> A <-> MX

records should match for perfect reverse lookups on some spam mail filters.

https://en.wikipedia.org/wiki/Reverse_DNS_lookup

nelaaro
  • 584
  • 4
  • 9
  • 25