Helpdesk DNS record

ckeuk

Is it possible to change the subdomain for TXT and MX records? Or maybe I'm over thinking this. We are currently using mail.domain.com. To my knowledge, in a TXT record, you can have at most 7 spf values, which we're at. That's what I was told by Mimecast. Our MX records is currently pointed at our email security gateway.

Whenever I try adding the MX record in godaddy, the subdomain, mail.domain.com, is already in use. I don't know if you can have multiple values for 1 mx record.

Forgive me, I just don't want to break our mail flow.

tanderson

Just wanted to share some insights on handling your DNS records—especially when juggling multiple mail gateways, SPF records, and MX entries.

1. SPF Record “Limits”

• What you’ve heard: “You can only have 7 SPF values.”
  • What’s actually happening: SPF rules allow up to 10 “DNS lookups” (includes, a: or mx: mechanisms, etc.). Sometimes people say “7 includes” because each include might use multiple lookups behind the scenes.
• Why it matters: If you exceed those 10 lookups, your SPF will fail and mail might start bouncing or get marked as spam.
• How to fix:
  1. Flatten your SPF record (combine everything into one list of IPs—some tools do this automatically).
  2. Remove duplicates or anything you don’t actually need (sometimes you might have leftover includes from old providers).

2. Multiple MX Records vs. Subdomains

• mail.domain.com MX 10 securitygateway1.com
• mail.domain.com MX 20 backupgateway.com

• This tells the internet to try the first record with priority 10, and if that fails, it tries the next one.
• What if “mail.domain.com” is already in use in GoDaddy?
  • You might already have an MX or A record for it. Check if you can edit the existing MX record instead of creating a brand-new one. Sometimes the DNS interface complains when you try to create a second entry for the exact same subdomain.
  • If you truly need separate routes or testing, consider using a different subdomain (e.g., mx.domain.com).

3. Changing Subdomains

• You can definitely change your subdomain if you prefer (e.g., from mail.domain.com to secure.domain.com). It can help keep things neat when you’re testing or using multiple security gateways. Just make sure you also update your SPF record to include whatever new subdomain or service you’re routing mail through.

4. Preventing Mail Breakage

1. Wait for DNS Propagation: DNS changes can take a few hours (sometimes up to 24) to fully kick in. Try to do major changes after hours so users don’t freak out if there’s a slight delay.
2. Use a “Grace Period”: If you’re switching from an old gateway to a new one, keep both MX records for a short while, with the new one having a higher priority (lower number). That way, if the new path fails, mail might still flow through the old path.
3. SPF Updates: Don’t forget to add or remove includes from your SPF whenever you add a new service or drop an old one. Test it with something like mxtoolbox.com to confirm everything is good.
4. DKIM & DMARC: If your new gateway signs emails or requires changes to your DKIM records, update those as well. Then set up DMARC to further protect your domain.

In short: Yes, you can use multiple MX records on the same subdomain (just set different priorities). And yes, you can pick a new subdomain if you prefer. Just be sure to keep your SPF record under the 10-lookup limit and plan ahead so your users don’t lose mail while DNS changes propagate. Good luck, and let me know if you have more questions!

ckeuk

The SPF, I can work with.

For the MX record, I can create mx.domain.com but I can't create a CNAME or A record to point to mx.domain.com. The CNAME record of mail.domain.com is already in use to redirect our users to o365.

I guess I'll need to resort to the SMTP option for helpdesk.

tanderson

I believe using an IP address for the A record (not a FQDN) can resolve your issue. Create an A record for mx.domain.com pointing to your mail gateway’s IP, then update the MX records to reference mx.domain.com with the appropriate priorities. This avoids conflicts with the mail.domain.com CNAME while maintaining mail flow. Don’t forget to update your SPF record to include the mail gateway’s IP or domain.

tanderson

If you want to send me some real examples in a private chat, I can probably help you resolve the flow. Just send some screenshots of what you are seeing as an issue inside GoDaddy. If you want to keep that info to yourself I understand.