For the system administrators among you:
MX records, as some of you would already know, provide a DNS-based prioritized fallback method for email servers. The idea is that it is possible to supply a list of servers that will accept your email, where the lowest number MX server is tried, then the next, and so on until a valid connection is made and the email is then sent over that connection.
For years, conventional wisdom has stated that having a secondary MX server as a backup for your primary server is a really good idea, however, I disagree …
I actually think backup MX servers are a huge risk as they tend to LOSE email over time. How this happens is like this:
- The backup MX is setup
- Time passes, without the MX getting used
- Something goes wrong on the backup MX so that email gets dropped
- The main MX goes down, and email sent to the backup is dropped mercilessly and silently before it is discovered
When an email server goes down, internet email protocols dictate that the sending servers must hold on to messages and retry sending for 4 days, so if your server (Exchange or something external) goes down you’re actually already covered! For a longer outage, a temporary server can easily be activated provided you have access to the DNS.
Additionally, secondary MX servers are used by spammers to inject spam as they are not checked as stringently as primary servers. There are some ways to protect against this, “nolisting” being one of the tricks that we use and provide to customers in-house, which relies on spammers not having time to retry mail servers and normal mail servers being willing to retry. (I'll write about nolisting in a future article)
So, in actuality, a secondary MX / backup email server:
- might result in additional email loss
- presents a higher spam profile
So, just my opinion, and probably an unpopular one at that, but I just don’t think a secondary MX provides real value in terms of redundancy and may actually substantially reduce reliability in the event of a disaster down the track. (None of this applies if you are a larger company – different rules of the game apply when you have larger numbers, your own email servers, and there are ways to mitigate the disadvantages above).
In my opinion, for a smaller company, a solid way to protect against an outage is to:
- Ensure you (or your client) has login access to their domain at the registrar
- Or, possibly, create an ability to edit DNS (not as important if the above is done)
- Work out an emergency failover procedure so it’s there and ready-to-go for an emergency once it passes 24 hours
There are obviously scenarios where backup mail servers do make a lot of sense – one obvious one being for larger companies, or companies that have multiple locations; and perhaps a small company that can't respond to a mail outage in 4 days, and of course, there are others I haven't listed here (or thought of yet!). Additionally a secondary MX server can prevent the 4 hour warning message sent to advise that delivery has been delayed. My key point is simply that secondary MX service is not the panacea that conventional wisdom has it appear.
Having said all this, we do provide backup MX service if desired! I guess I feel it's just part of my duty to warn people about something I think could cause them problems down the track, and perhaps present very little value to a client in the end.
Interested in hearing people's thoughts and feedback here .. am I missing anything?