How to build an email allow list using MX records for initial email validation?

Key findings

• Dynamic validation: Relying solely on a static allow list (whitelist) of domains is inefficient due to the constant creation of new domains. A more robust strategy involves looking up the Mail Exchanger (MX) records of a domain to determine its legitimacy.
• MX record lookup: Instead of compiling an exhaustive list of allowed domains, check if a domain's MX records point to known mail servers of major providers like Microsoft (Outlook), Google (Gmail), or Yahoo. This helps classify the domain as legitimate for email sending and receiving.
• Caching for speed: To maintain quick validation speeds during real-time signups, implement a caching mechanism for MX record lookups. MX records do not change frequently, making them suitable for caching for periods of 24 hours to a week.
• Typo identification: This method can help identify common typos (e.g., tahoo.com instead of yahoo.com) if their MX records do not align with those of legitimate providers, allowing for immediate rejection or flagging.
• Data processing: Effective implementation requires data cleanup, such as lowercasing domains and finding common roots using tools like the Public Suffix List (PSL), to standardize MX record patterns.

Key considerations

• Initial filter: While MX record validation is excellent for a first-level filter, it should ideally complement other email verification best practices, such as real-time SMTP validation after submission, for comprehensive email list hygiene.
• Domain ownership: The presence of MX records only indicates that a domain can receive email, not necessarily that the specific email address exists or is actively used. Further checks are needed to maintain a clean email list.
• Coverage limitations: Even extensive lists of known ISP domains, such as those for Microsoft, AOL, Gmail, and Yahoo (MAGY), can be incomplete due to the vast and ever-changing landscape of domains. A dynamically checked MX record is more reliable than a static domain list, as highlighted by Spam Resource.
• Resource intensity: While caching helps, resolving MX records for extremely large datasets (e.g., all of .com, .net, and .org domains) can be a resource-intensive process, potentially taking days or weeks if not optimized.

Key opinions

• Desire for stronger filtering: Marketers seek to improve their initial filters to avoid validating low-quality or fake email addresses, even when real-time validation is already in place after submission.
• Challenges with static lists: Maintaining a comprehensive 'do not allow' blocklist is resource-intensive and requires constant updates due to the rapid creation of new domains, making it difficult to keep pace.
• MX lookup for classification: The consensus among practitioners points to looking up a domain's MX records to classify it, rather than trying to maintain a vast list of individual domains for major providers.
• Typo recognition: Identifying common typos like tahoo.com is a significant concern, as these make up a notable portion of invalid signups for major providers.

Key considerations

• Integration speed: While MX lookups offer a robust validation method, marketers need to ensure the lookup speed is sufficient to not negatively impact the user experience during signup. Caching is crucial for this.
• Balancing filters: An MX record allow list serves as an initial filter, but it does not replace the need for strategies for handling malformed or temporary email addresses that real-time validation provides.
• Identifying spam traps: Marketers should be aware that some domains, even if they appear legitimate on the surface (e.g., yahoo.ms), might be spam traps or sensor domains disguised to look like real ones.
• Developer involvement: Implementing an MX record-based allow list often requires developer input for DNS lookups, caching, and integrating with existing validation workflows. Organizations like OneSignal emphasize the importance of verifying and validating email addresses pre-send.

Key opinions

• MX as the primary classification tool: Experts recommend classifying domains by their MX records. If an MX record points to a known pattern (e.g., Microsoft or Yahoo mail servers), the domain can be safely added to an allow list.
• Static lists are futile: Maintaining static lists of all domains associated with major providers is impossible due to thousands of constantly changing domains, making MX lookups the only scalable solution.
• Long tail of domains: Approximately 20% of email lists consist of long-tail domains that point to themselves as MX records, while a small number of core MX patterns cover a high percentage of legitimate domains.
• Performance through caching: Caching MX lookup results is vital for speed and efficiency, as MX records generally do not change often. Regular, occasional refreshes of cached data are recommended.
• Domain vs. MX name: The presence of a provider's name in a domain does not guarantee it's actually hosted by that provider; MX records must be consulted to confirm the actual mail server responsible.

Key considerations

• Data resolution scale: Resolving MX records for entire TLDs like .com, .net, and .org is a massive undertaking, potentially requiring days or weeks of processing even with optimized systems, or significant cloud resources like those on AWS Lambda.
• Cleanup and standardization: Significant data work is needed, including lowercasing domains, identifying common roots using the Public Suffix List (PSL), and standardizing MX record entries (e.g., treating mx0 and mx1 as the same base.
• Identifying suspicious domains: Some domains intentionally mimic major providers (e.g., Yahoo.ms) and can behave like spam traps or sensor domains, requiring careful analysis beyond a simple name check. For more on this, consider resources on why validation services flag domains lacking MX records.
• Load balancing: While this article focuses on validation, it's worth noting that MX records also play a role in load balancing incoming emails across multiple servers.

Key findings

• Core function: MX records are essential for directing incoming email to the correct mail servers for a domain, enabling both sending and receiving capabilities.
• DNS configuration: Proper email functionality requires creating and configuring MX records within a domain's DNS settings, often alongside an SMTP provider.
• Record components: An MX record contains crucial information such as the mail server's hostname, its IP address, and a priority value, especially when multiple mail servers are used for redundancy or load balancing.
• Domain verification: MX records are a standard method for domain verification, where existing records are replaced with those provided by an email service or gateway.

Key considerations

• Provider-specific instructions: While general principles apply, the specific steps for adding or modifying MX records can vary significantly depending on the domain provider (e.g., Cloudflare, Squarespace, Zoho).
• Importance for email deliverability: Correct MX record configuration is foundational for good email deliverability. For more on related technical configurations, see our guide on DNS lookups, SPF records, and subdomain usage.
• Impact of CNAMEs: When CNAMEs are used for email sending verification, there are specific considerations for adding MX records to subdomains, as detailed in our article on how to add an MX record to a subdomain.
• SMTP provider necessity: Documentation consistently emphasizes the need for an SMTP provider in conjunction with MX records to facilitate email sending and receiving.Cloudflare DNS documentation covers this aspect.