Mail Exchange Records
This section describes the design decisions associated with Microsoft 365 Mail Exchange Records for system(s) built using ASD's Blueprint for Secure Cloud.
Estimated reading time: 2 minutes
Mail Exchange (MX) records specify the mail server responsible for accepting mail on behalf of the domain. The record is a resource in the Domain Name System (DNS), and it is possible for a single domain to have multiple MX records. Multiple records are largely configured for availability, redundancy, and load balancing reasons.
Note
MX records should be maintained within the Australian Protective Domain Name (AUPDNS) service - as per ASD’s Gateway Security Guidance Package: Gateway Technology Guide.
Cloud native deployments
Design Decisions
| Decision Point | Design Decision | Justification |
|---|---|---|
| Authoritative DNS MX Record | This is the ingress point for the mail for the organisation, the mx records will point to the organisation gateway. | |
| Mail Exchanger/s | <Mail Gateway> | This is the ingress point for the mail for the organisation, the mx records will point to the organisation gateway. |
Hybrid deployments
Design Decisions
| Decision Point | Design Decision | Justification |
|---|---|---|
| Authoritative DNS MX Record | Configured | If the organisation hosts mail for more than one domain a MX record for each is required. These records are listed. |
| Mail Exchanger/s | Configured | If the organisation requires its on-premises mail gateways to continue to be used, the Virtual IP (VIP) of the gateways is used. |
Related information
Security & Governance
- None identified
Design
Configuration
- None identified