We've spent three weeks on outbound email authentication. This week we flip to inbound — and the DNS record that routes all your incoming email: MX records.
This Week’s Lesson
MX stands for Mail Exchanger. When someone sends you an email, their mail server looks up your domain's MX records to find out which server should receive it.
A typical company has multiple MX records with different priorities, like: 10 aspmx.l.google.com, 20 alt1.aspmx.l.google.com. The lower the number, the higher the priority — so mail goes to the first one and falls over to backups if it's unavailable.
MX records seem simple, but misconfigured MX records are a common cause of 'I didn't receive your email' problems. If your MX records point to a server that's down, mail bounces. If they point to the wrong server, mail goes missing.
One surprising fact: your MX records have nothing to do with your SPF or DKIM setup. Many people assume that if your MX is Google, your SPF must mention Google — but they're independent. SPF governs outbound sending; MX governs inbound routing.
Another gotcha: if your domain has no MX record, some mail servers will fall back to trying your A record (the main IP of your domain). This can result in email delivery in unusual ways that are hard to debug.