In many company infrastructures, the company email server will exist on an external network, being either at a remote geographical location or a server in some form of network data centre. In these cases, it is often necessary to deliver email to Anti-Spam and then back out to the existing network server. Since this requires a level of redirection which is not already established, it frequently mandates the alteration of the DNS MX records for a domain.
A comprehensive introduction and explanation to DNS and in particular MX records is outside of the scope of this document, however a few simple concepts will be explained in order to make this guide easier to understand.
In SMTP email delivery, the sending email process will attempt to register where to deliver the email to. Since the email address is of the form
firstname.lastname@example.org, the server will perform a specialized DNS request to find the address of the server which handles email for the appropriate domain. This is known as an MX record.
Since mail servers are prone to being unavailable for periods of time, a domain may have several MX records, each given a numeral value. By default, MX records will be processed lowest numbered first. That is to say, an email will be delivered to whichever server responds correctly, starting with the one with the lowest number.
Assuming that the DNS MX record for
example.com currently points at
184.108.40.206, it is necessary to break this arrangement and insert Anti-Spam before it reaches the server
Assuming that Anti-Spam is located at address
the primary MX record would be changed to point to
220.127.116.11. Anti-Spam would then be configured on the Email > SMTP > Internal domains page to direct traffic to
Tip: Since Anti-Spam may be temporarily unavailable for one reason or another – be it as the result of a minor network glitch or something more serious – it is considered good practice to place the final destination, in this case
18.104.22.168, as a secondary or higher numbered MX record for the domain.
Where this is done, should Anti-Spam be unavailable, email will be delivered immediately, albeit unchecked for spam and malware, to the original email server.
Note: The technique described in the tip above can be very effective, however caution should be paid to dealing with secondary MX records.
Increasingly, spam is being directed deliberately at the secondary MX record as opposed to the primary. This is because, in many situations, the secondary MX record has less aggressive anti-spam and anti-malware measures applied to its email. Of course, to combat such mechanisms the secondary and tertiary MX records could all be routed through an Anti-Spam-enabled system.