Every so often, I need to chase down some aspect of email validation (#SPF, #DMKIM, #DMARC, ...). This involves a number of #DNS records and queries, but I may forget just which ones. So here's a quick #SMTP/DNS cheatsheet:
@jschauma We’re currently working on a DNS diagnostics tool and one of the ideas is to include a command to fetch and display all the mail-related records.
For results with the same preference, mail servers MUST (per RFC2821) pick one at random; otherwise, the lower preference are preferred.
Subdomains may have their own distinct MX records. If a domain name does not have an MX record, but it has A or AAAA records, then one of those addresses is used ("implicit MX"). However, if no records are found, there is no subdomain climbing.
MX records MUST NOT point to a CNAME, but CNAMEs of the original name are followed:
@dalias@jschauma there are weasel words in rfc 5321 https://www.rfc-editor.org/rfc/rfc5321.html#page-69 “Any other response, specifically including a value that will return a CNAME record when queried, lies outside the scope of this Standard.” what this actually means is, most implementations accept mx-points-to-cname, but they weren’t willing to write that down clearly
@fanf@dalias@jschauma the problem with MX to CNAME is that sendmail will helpfully replace the domain in the To with the name in the CNAME..... have fun with that ;)
Add comment