How should I setup separate MX records for a subdomain?
Let's say I have a domain that I run a web application on, for example cranketywidgets.com
, and I'm using Google Apps for handling email for people working on that domain, for example, support@ cranketywidgets.com
, [email protected]
, [email protected]
and so on.
Google's own mail services aren't always the best for sending automated reminder emails, comment notifications and so on, so the current solution I plan to pursue is to create a separate subdomain called mailer.cranketywidgets.com
, run a mail server off it, and create a few accounts specifically for sending these kinds of emails.
What should the MX
records and A
records look like here for this?
I'm somewhat confused by the fact that MX
records can be names, but that they must eventually resolve to an A
record. What should the records look like here?
cranketywidgets.com - A
record to actual server like 10.24.233.214
cranketywidgets.com - MX
records for Google's email applications
mailer.cranketywidgets.com - MX
name pointing to server's IP address
I would greatly appeciate some help on this - the answer seems like it'll be obvious, but email spam is a difficult problem to solve.
Solution 1:
You should never point your MX
to a IP address to be RFC compliant. Make an A
record for the IP address instead and point the MX
record to it.
Then the zone should look like this,
@ IN MX 1 ASPMX.L.GOOGLE.COM.
@ IN MX 5 ALT1.ASPMX.L.GOOGLE.COM.
@ IN MX 5 ALT2.ASPMX.L.GOOGLE.COM.
@ IN MX 10 ASPMX2.GOOGLEMAIL.COM.
@ IN MX 10 ASPMX3.GOOGLEMAIL.COM.
@ IN MX 10 ASPMX4.GOOGLEMAIL.COM.
@ IN MX 10 ASPMX5.GOOGLEMAIL.COM.
@ IN A 10.24.233.214
mailer IN A 10.24.233.214
mailer IN MX 10 mailer.cranketywidgets.com.
Solution 2:
Do you intend for people to send mail to addresses at @mailer.crankywidgets.com? If not, then you don't need MX
records for it. MX
plays no role in mail sent from that domain.
Setting up a separate mail server to send mail from addresses @mailer.crankywidgets.com is the right path, and you should set up a proper A
record, PTR
if the host is dedicated, and SPF
records saying that that given IP address is allowed to send mail for the domain.
If all the mail sent out is intended to be notification style, you can set the reply-to address to something like "[email protected]" and then blackhole that on Google Apps.
The only thing I can see a MX
record buying you here is a slightly different SPF
record, as you can say "the MX (email receiver) hosts for this domain are also allowed to send mail from this domain". But SPF
is versatile enough to say "this arbitrarily named host is allowed to send mail from this domain" too.
Solution 3:
As mail is a minefield.
PTR <-> A <-> MX
records should match for perfect reverse lookups on some spam mail filters.
https://en.wikipedia.org/wiki/Reverse_DNS_lookup