What Is Mail Exchange in Networking?
Also known as: Mail Exchange, MX record, DNS MX record, Network+ exam, email routing
This page mentions older exam versions. See the Current Exam Context and Legacy Exam Context sections below for the updated mapping.
On This Page
Quick Definition
When you send an email to someone@example.com, your email system needs to find the server that handles incoming mail for example.com. The Mail Exchange (MX) record is like a signpost in the DNS that tells email servers where to deliver the message. Without an MX record, email delivery to that domain would fail or get lost. It also includes a priority number so that if the main mail server is down, a backup server can be used.
Must Know for Exams
Mail Exchange records are a frequent topic in the CompTIA Network+ exam (exam code N10-008), particularly in the domain of network operations and DNS. The exam objectives explicitly mention that candidates must be able to explain the purpose and function of common DNS record types, including MX records. You may be asked to identify the record type that enables email routing or to troubleshoot why email is not being delivered to a particular domain. The A+ exam (220-1101 and 220-1102) also touches on MX records in the context of networking and email configuration, though in less depth than Network+.
In the Network+ exam, questions often require you to interpret a DNS zone file and identify which record type is missing. For example, a scenario might describe a company that cannot receive email but can browse websites. The correct answer would be that the MX record is missing or misconfigured. Another common question type involves prioritisation: given multiple MX records with different preference values, which server will be tried first? The correct answer is the one with the lowest preference number.
For the A+ exam, MX records appear in troubleshooting scenarios related to email client configuration. A user might report that they cannot receive email, and you need to check whether the domain's MX records are resolving correctly. While the A+ exam focuses more on endpoint support, understanding MX records helps candidates answer questions about DNS troubleshooting tools like nslookup or dig. Some exam questions present a simple scenario: a small business is setting up email and asks which DNS record is needed. The correct answer is the MX record. Knowing the exact syntax and purpose of MX records will help you pass both exams and demonstrates a fundamental understanding of how email works at the network level.
Simple Meaning
Imagine you live in a large apartment building, and the building has a central mail room where all letters and packages are first delivered. To get your mail, the postal service needs to know the address of the building and which specific apartment you live in. In the world of email, a domain name like "example.com" is the building, and the mail room is the mail server that receives all incoming email for that domain. The Mail Exchange (MX) record is the official notice posted on the front door of the building that says, "Deliver all mail for this building to the mail room at 123 Main Street."
When someone sends an email to you@example.com, their email server does not just guess where to send it. It first looks up the DNS records for example.com. Specifically, it asks the DNS for the MX records. Those records provide the hostname (and sometimes the IP address) of the mail server that is authorised to accept email for that domain. The MX record also includes a priority number. A lower number means higher priority. If the main mail server (priority 10) is unreachable, the sending server will try the next one (priority 20), and so on. This ensures reliable delivery even if one server fails.
Think of the priority like a set of escalators in a train station. The first escalator (priority 10) is the main route. If it is broken, people are directed to the second escalator (priority 20). Without MX records, email servers would have no way to know which server handles incoming mail for a domain. They might try to deliver to the domain's web server, which would reject the email, or the email could bounce back as undeliverable. MX records are fundamental to email routing and are one of the most critical DNS records for any organisation that uses email.
Full Technical Definition
A Mail Exchange (MX) record is a resource record in the Domain Name System (DNS) that specifies which mail server (or multiple mail servers) is responsible for accepting email messages on behalf of a recipient's domain. MX records are defined in RFC 5321 (Simple Mail Transfer Protocol) and RFC 1035 (DNS specifications). Each MX record contains two primary fields: a preference value (a 16-bit integer) and the hostname of the mail exchange server.
The preference value, also called priority, determines the order in which mail servers should be tried by a sending Mail Transfer Agent (MTA). Lower preference numbers indicate higher priority. For example, a domain might have two MX records: one with preference 10 pointing to mail1.example.com and another with preference 20 pointing to mail2.example.com. When an MTA wants to deliver an email, it will query the DNS for MX records, sort them by preference (lowest first), and attempt to connect to the highest-priority server. If that server is unreachable or refuses the connection, the MTA will try the next server in order. This provides redundancy and load balancing.
MX records do not directly contain IP addresses. Instead, they point to the hostname of the mail server, which must then be resolved via an A (address) record or AAAA record to obtain the actual IP address. This indirection allows mail server administrators to change the IP address of a mail server without updating every MX record. In large organisations, multiple MX records with the same priority can be used for load balancing across several servers.
From a technical perspective, the MX record is only used during the SMTP conversation when the sending MTA determines where to connect. It is not used after the connection is established. The receiving mail server may use other DNS records, such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance), to verify the legitimacy of incoming messages, but the MX record remains the first stop for email routing. In modern IT environments, MX records are managed through DNS hosting providers, and changes typically take effect after the time-to-live (TTL) period expires. Incorrect MX records are a common cause of email delivery failures, which is why they are often one of the first items checked during email troubleshooting.
Real-Life Example
Think of a large office building with several reception desks. The building has a main reception desk on the first floor, and a backup reception desk in the basement. Every courier delivering packages to the building must first check the directory board in the lobby. That board tells them, "Deliver all packages to the main reception desk first. If the main desk is closed, go to the basement desk." The directory board is the MX record. The main reception desk is the primary mail server (priority 10). The basement desk is the backup mail server (priority 20).
Now suppose you work in that building and someone sends you a package. The courier looks at the directory board and sees the instructions. They take the package to the main reception desk. If the main desk is open and accepts the package, the delivery is successful. If the main desk is closed (server down), the courier checks the second instruction and goes to the basement desk. The package is still delivered because the backup system works. If both desks are unavailable, the courier will try again later and eventually return the package to the sender if delivery keeps failing.
In the digital version, your email is the package. The courier is the sending email server. The directory board is the MX record in DNS. The main reception desk is your primary mail server, perhaps an on-premises Microsoft Exchange server or a cloud service like Google Workspace. The backup desk could be a secondary mail server in another data centre. The priority numbers on the MX records are like the numbers on the directory board: 10 for the main desk, 20 for the backup. This step-by-step analogy shows exactly how MX records ensure reliable email delivery, even when servers fail.
Why This Term Matters
Mail Exchange records are the foundation of email deliverability. Without correctly configured MX records, an organisation cannot receive any email from the internet. This has immediate and serious consequences: customers cannot contact support, invoices cannot be sent to clients, and internal communications may fail. For IT professionals, managing MX records is part of everyday system administration, whether you run a small business email server or administer a large enterprise with thousands of mailboxes.
In real IT work, MX records are crucial during email migrations. For example, when an organisation moves from an on-premises Exchange server to Microsoft 365, one of the final steps is to update the MX records to point to Microsoft's mail servers. A mistake in the priority or hostname can cause email to be delivered to the old server, resulting in lost messages or double delivery. Similarly, when setting up a third-party email security service like Mimecast or Proofpoint, the MX records must be changed to route email through the security service first, which then forwards clean messages to the internal mail server.
Cybersecurity is another area where MX records matter. Attackers sometimes try to spoof a domain's MX records to redirect email to their own servers, a form of domain hijacking. DNS security measures like DNSSEC (DNS Security Extensions) help protect MX records from being tampered with. For system administrators, monitoring MX record changes is a best practice to detect unauthorised modifications. In cloud environments, MX records are often managed via DNS providers like Route53, Cloudflare, or Azure DNS, and must be kept in sync with changes to mail server IPs. Without a firm understanding of MX records, an IT professional can easily cause widespread email outages, making this topic essential for the Network+ and A+ certifications and for everyday work.
How It Appears in Exam Questions
In certification exams, questions about Mail Exchange records appear in several distinct patterns. The first pattern is identification questions. A typical question might read: "Which type of DNS record is used to direct email messages to a specific mail server?" The answer choices include A, AAAA, CNAME, MX, and TXT. The correct choice is MX. Another variation gives a partial DNS zone file and asks the candidate to select the missing record to enable email delivery.
Scenario-based questions are very common. For example: "A company recently moved its email hosting to a new provider. Users report that they cannot receive email from external senders. The website works fine. What is the most likely cause?" The answer options might include missing A record, incorrect MX record, or firewall blocking port 25. The correct response involves checking the MX record pointing to the correct mail server.
Configuration questions require you to interpret preference values. For instance: "A domain has two MX records: mail.example.com with priority 10 and backup.example.com with priority 20. If the primary mail server is offline, which server will the sending MTA attempt to use next?" The answer is backup.example.com. Some exams might ask you to choose the correct configuration for load balancing, such as setting two MX records with the same priority.
Troubleshooting questions often involve tools. A question may ask: "After running nslookup, you see that the MX record for example.com returns mail.otherdomain.com. What is the problem?" This could indicate a misconfiguration or unauthorized change. Candidates must understand that MX records should point to servers the domain owner controls.
Finally, architecture questions might relate to email security. For example: "A security administrator wants to route all inbound email through a spam filter before it reaches the internal mail server. How should the MX records be configured?" The answer is to set the highest priority MX record to point to the spam filter's mail server, and a lower priority record pointing to the internal server as a backup. Understanding these question patterns helps learners focus their study on practical applications of MX records.
Practise Mail Exchange Questions
Test your understanding with exam-style practice questions.
Example Scenario
A small company named "Blossom Flowers" has just registered the domain blossomflowers.com. They want to set up email for their employees using a third-party email service called PetalMail. The company's IT technician, Maria, needs to configure the DNS records for the domain. She already set up the A record to point the website to the hosting server. However, when she sends a test email from her personal Gmail account to info@blossomflowers.com, she gets a bounce-back message saying the domain does not accept email.
Maria realises the problem: she forgot to add the Mail Exchange (MX) record. She logs into the DNS management console and creates an MX record with the hostname mail.petalmail.com and a priority of 10. She also adds a backup MX record with priority 20 pointing to backupmail.petalmail.com. After waiting for the DNS changes to propagate (which can take a few minutes to several hours, depending on the TTL), she sends another test email. This time, it arrives successfully in the info@blossomflowers.com inbox.
This scenario demonstrates exactly how MX records are used in a real IT situation. Without the MX record, the sending email server has no instruction on where to deliver the message. Even though the website works, email fails. By adding the correct MX records, Maria ensures that all incoming email for the domain is routed to PetalMail's server, and the backup record provides reliability if the primary server goes down. This is a classic example that appears in many exam scenarios.
Common Mistakes
Thinking that an MX record contains the IP address of the mail server directly.
MX records contain the hostname of the mail server, not the IP address. The sending MTA must then perform a separate DNS lookup (A or AAAA record) to resolve that hostname to an IP address. Storing an IP address in an MX record would break the standard and make it harder to change IPs later.
Always use the fully qualified domain name (FQDN) of the mail server in the MX record, such as mail.example.com. The corresponding A record should point to the mail server's IP address.
Believing that a higher priority number means a more important server.
In MX records, lower priority numbers mean higher priority. The sending MTA tries the record with the lowest preference value first. A record with priority 20 is tried after a record with priority 10. This is opposite to how many people intuitively think of rankings.
Remember the rule: the smaller the number, the higher the priority. Priority 1 is tried before priority 10.
Confusing MX records with A records when troubleshooting email issues.
An A record maps a hostname to an IP address for any service, including websites. MX records specifically indicate which server handles email delivery for the domain. If the A record is correct but the MX record is missing, email will fail even though the website may work.
Use nslookup or dig to query specifically for MX records (e.g., nslookup -type=mx example.com). Do not rely solely on the A record when troubleshooting email problems.
Setting multiple MX records without considering load balancing or failover.
If all MX records have the same priority and point to different mail servers, the sending MTA will randomly choose one. This can cause unpredictable load distribution and may not provide proper failover. Without a priority difference, a server that is down might still be tried.
For failover, assign different priorities (e.g., 10 and 20). For load balancing, assign the same priority to multiple servers, but ensure those servers are equally capable and monitored. Test your configuration thoroughly.
Forgetting to update MX records after changing email providers.
If you switch from one email hosting service to another but leave the old MX records in place, incoming email will still be routed to the old provider, causing delivery failures or lost messages. This is a common mistake during email migrations.
Always update the MX records to point to the new provider's mail servers before or immediately after the migration. Verify the records with a DNS lookup tool and send test emails.
Exam Trap — Don't Get Fooled
The exam presents a scenario where a domain has an A record and a CNAME record but no MX record. The question asks why email delivery fails. Many learners choose answers related to the web server configuration or firewall rules, ignoring the missing MX record.
Remember that different services use different DNS record types. For email, the MX record is mandatory. When troubleshooting email delivery, always check the MX record first, not the A record.
In exams, if you see a question about email failing while the website works, immediately think "missing or incorrect MX record." Practice with nslookup and dig to verify MX records in your lab environment.
Commonly Confused With
An A record maps a domain name to an IP address and is used for general hostname resolution, including websites. An MX record specifically designates the mail server for a domain and includes a priority value. The A record does not indicate which service the server provides, while the MX record directly tells email servers where to deliver messages.
blossomflowers.com has an A record pointing to 192.0.2.1 for its website. But its MX record points to mail.petalmail.com. A visitor browsing the website will use the A record, but email will go to the MX record's target.
A CNAME record creates an alias that maps one domain name to another domain name. It is often used for 'www' subdomains. An MX record cannot be a CNAME; it must point directly to an A or AAAA record. Using a CNAME in an MX record can cause email delivery issues because the DNS resolution may fail or behave unexpectedly.
If you set www.blossomflowers.com as a CNAME for blossomflowers.com, the web address works. But you cannot set the MX record to point to a CNAME like mail.blossomflowers.com if that is an alias; instead, the MX record must point to the actual hostname like mail.petalmail.com.
A TXT record stores text information for various purposes, such as SPF, DKIM, and DMARC email authentication policies. While both MX and TXT records are related to email, they serve different functions. MX records handle routing, while TXT records provide verification and security instructions. A common mistake is confusing the two when configuring email security.
blossomflowers.com needs an MX record to route email, and a TXT record with an SPF value to verify that only mail.petalmail.com is allowed to send email on behalf of the domain. Both are necessary for proper email operation but they do different jobs.
Step-by-Step Breakdown
User sends an email
Alice composes a message to bob@blossomflowers.com and clicks send. Her email client (MUA) hands the message to her outgoing mail server (MTA), which is responsible for delivering the email to the recipient's domain.
Sending MTA queries DNS for MX records
The sending MTA extracts the domain part of the email address (blossomflowers.com) and performs a DNS lookup for MX records associated with that domain. This is done using a standard query type set to 'MX'.
DNS returns the MX records
The authoritative DNS server for blossomflowers.com responds with a list of MX records. Each record contains a preference number and the hostname of a mail server. For example, priority 10 pointing to mail.petalmail.com and priority 20 pointing to backup.petalmail.com.
Sending MTA sorts and selects the highest-priority server
The MTA sorts the MX records by priority (lowest number first). It then attempts to connect to the first server in the list, which is the primary mail server at mail.petalmail.com.
MTA establishes an SMTP connection
The sending MTA performs a second DNS lookup to resolve the hostname mail.petalmail.com to an IP address using an A or AAAA record. Once it has the IP address, it opens an SMTP connection on port 25 (or port 587 for submission) and transfers the email message.
Primary server accepts or rejects the message
The receiving mail server (mail.petalmail.com) accepts the email if it is configured to accept mail for blossomflowers.com. If the server is unavailable or refuses the connection, the sending MTA will try the next server in the list (backup.petalmail.com) after a timeout.
Email is delivered to Bob's mailbox
Once the receiving mail server accepts the message, it stores it in Bob's mailbox. Bob can then retrieve it using IMAP, POP3, or a webmail interface. The entire process from sending to delivery is guided by the MX records configured for the domain.
Practical Mini-Lesson
Mail Exchange (MX) records are one of the most critical DNS record types for any organisation that uses email. As an IT professional, you need to understand not only what they are but also how to configure, verify, and troubleshoot them in real-world environments. Let us walk through the practical aspects.
When you configure MX records for a domain, you typically do so in the DNS management interface provided by your domain registrar or DNS hosting service. The fields you fill in include the record name (often left blank or set to @ to represent the root domain), the record type (MX), the priority (a number between 0 and 65535), and the target hostname. The target must be a fully qualified domain name (FQDN) ending with a dot, such as mail.petalmail.com. Many DNS providers automatically append the dot, but it is good practice to understand the syntax.
For reliability, you should always configure at least two MX records with different priorities. For example, set the primary mail server with priority 10 and a secondary or backup server with priority 20. This ensures that if the primary server fails or is under maintenance, email will still be delivered via the secondary server. Be aware that the secondary server must be configured to accept email for the domain; otherwise, it will reject messages, and the sending MTA will not try further servers.
Troubleshooting MX records is a common task. Use tools like nslookup (on Windows) or dig (on Linux and macOS) to query MX records. For example, the command nslookup -type=mx example.com returns the MX records for that domain. If the output is empty or shows an incorrect hostname, you know there is a problem. Another useful tool is the online MX lookup service, which can check your domain from an external perspective. Common issues include: pointing to a hostname that does not have an A record, using a CNAME in the MX record (which is not recommended), or having a priority that is too high (making the server appear as a backup when it should be primary).
In cloud and hybrid environments, MX records become part of larger email workflows. For example, if you use Microsoft 365, the MX record should point to Microsoft's mail protection servers (e.g., mail.protection.outlook.com). When integrating a third-party spam filter, the MX record points to the filter's servers, and the filter then forwards email to your internal mail server. This requires careful configuration because the internal server must be configured to accept mail only from the spam filter, not directly from the internet.
A common mistake many IT professionals make is forgetting to update MX records after changing email providers. This can cause email to be silently lost or bounced. Always plan DNS changes carefully and monitor email flow during the transition period. Additionally, keep in mind that DNS propagation can take time (up to 48 hours depending on TTL), so make changes well in advance of a cutover.
Finally, security is an important consideration. MX records themselves do not provide security, but they work alongside other DNS records like SPF, DKIM, and DMARC to authenticate email and prevent spoofing. As an IT professional, you should be able to explain how MX records fit into the broader email ecosystem. Understanding MX records thoroughly will help you in both day-to-day administration and in passing certification exams like Network+ and A+.
Memory Tip
To remember that MX records route email, think of the letter 'M' in 'MX' for 'Mail.' The lower the priority number, the higher the chance the server will be tried first. Keep this in mind: smaller number equals bigger priority.
Covered in These Exams
Current Exam Context
Current exam versions that test this topic — use these objectives when studying.
N10-009CompTIA Network+ →220-1101CompTIA A+ Core 1 →200-301Cisco CCNA →220-1101CompTIA A+ Core 1 →PCAGoogle PCA →Legacy Exam Context
Older materials may mention these exam versions, but learners should use the current objectives for their target exam.
N10-008N10-009(current version)Related Glossary Terms
An A record is a DNS record that maps a domain name to the IPv4 address of the server hosting that domain.
802.1Q is the networking standard that allows multiple virtual LANs (VLANs) to share a single physical network link by tagging Ethernet frames with VLAN identification information.
802.1X is a network access control standard that authenticates devices before they are allowed to connect to a wired or wireless network.
5G is the fifth generation of cellular network technology, designed to deliver faster speeds, lower latency, and support for many more connected devices than previous generations.
Frequently Asked Questions
What happens if a domain has no MX record?
If a domain has no MX record, sending mail servers cannot find where to deliver email. The email will bounce back to the sender with an error message indicating the domain does not accept mail. The domain's website may still work because web traffic uses A records, not MX records.
Can an MX record point to an IP address directly?
No, according to RFC standards, MX records must point to a hostname (FQDN), not an IP address. The hostname is then resolved to an IP address via an A or AAAA record. If you need to point to a specific IP, create an A record for the mail server hostname and then use that hostname in the MX record.
What does the priority number in an MX record mean?
The priority number indicates the order in which mail servers should be tried. A lower number means higher priority. For example, priority 10 is tried before priority 20. If the server with priority 10 is unreachable, the sending server tries priority 20, and so on.
How many MX records should a domain have?
For reliability, at least two MX records are recommended: one primary and one backup. However, you can have more for additional redundancy or load balancing. The exact number depends on your infrastructure and budget. Avoid having too many, as it can complicate troubleshooting.
How long does it take for MX record changes to take effect?
The time depends on the TTL (Time to Live) value set on the MX record. TTL is typically set to 300 seconds (5 minutes) to 3600 seconds (1 hour) or longer. Changes propagate as cached records expire. Full propagation across the internet can take up to 48 hours, but most updates resolve within an hour.
Can I use the same MX record for multiple domains?
Yes, you can have multiple domains point to the same mail server by configuring the same MX target hostname for each domain. The mail server must be configured to accept messages for all those domains. This is common in organisations that host email for several domains on one server.
Summary
Mail Exchange (MX) records are an essential component of email delivery on the internet. They act as the postal instructions for email servers, telling them exactly where to deliver messages for a given domain. Each MX record contains a priority number and the hostname of the mail server, allowing for both primary and backup routing. Without correctly configured MX records, email delivery will fail, even if the rest of the network is functioning properly.
For IT certification candidates, especially those studying for CompTIA Network+ and A+, understanding MX records is critical. Exam questions frequently test your ability to identify MX records, interpret priority values, and troubleshoot email delivery issues. Common mistakes include confusing MX records with A records, misunderstanding the priority system, and forgetting to update records during email migrations. The key to mastering MX records is to remember that they are separate from other DNS records and that low priority numbers mean high priority. By studying the step-by-step process of email delivery, practicing with DNS lookup tools, and reviewing real-world scenarios, you will be well prepared for both exams and real IT work. MX records may seem like a small part of DNS, but they play a huge role in keeping the world's email flowing.