What MX records reveal about mail posture

MX records are public DNS records that show where email for a domain is directed. They are a useful mail posture signal, not a complete view of email controls.

Mail routingMX recordsEmail provider context

Direct answer

MX records show which mail exchangers are publicly listed to receive email for a domain. They can help identify visible mail routing and provider patterns.

Plain-language explanation

When someone sends email to an address at a domain, DNS helps identify where that email should be delivered. MX records are the public records that provide that mail routing instruction.

In practice, MX records often point to a mail provider, gateway, filtering service or managed email platform. Observing them can help show whether a domain appears to use a particular email provider family or whether mail routing has changed over time.

MX records do not describe the whole email environment. They do not show every sending system, internal mailbox setup, message flow rule, security setting or delivery outcome.

Why it matters

Email is one of the most visible uses of a domain. It carries public communications, customer contact, service notifications and organisational identity.

When MX records move, the change can reflect a mail migration, filtering update, supplier change, domain cleanup or routine provider work. It is a governance-relevant signal because mail routing is visible, important and often shared across technology, communications and external suppliers.

What .auDO observes

  • visible MX records for observed domains
  • inferred email provider context from MX patterns
  • changes in MX records between repeated observations
  • related DMARC, SPF and TXT records where visible
  • provider concentration across the observed panel
  • mail posture summaries across State and cohort views

What it can tell us

  • where mail for a domain appeared to be directed at collection time
  • whether visible mail routing changed between observations
  • whether a domain appears to use a recognised mail provider family
  • whether mail routing should be reviewed alongside DMARC and SPF posture
  • whether provider patterns are concentrated across an observed cohort or panel

What it cannot prove

  • whether email delivery is working well
  • whether all authorised senders are known
  • whether mailboxes, routing rules or filters are configured as intended
  • whether a provider relationship is current beyond the visible DNS signal
  • whether DMARC, SPF or DKIM are fully effective
  • whether internal email governance is mature

Practical governance questions

  • Do important domains have expected MX providers documented?
  • Are mail routing changes reviewed alongside DMARC, SPF and TXT records?
  • Who owns public mail posture: technology, security, communications or supplier?
  • Are parked, campaign or legacy domains expected to receive mail?
  • Can teams explain why a domain's mail routing changed?

These signal pages explain the public mail posture fields most relevant to this explainer.

State pages summarise aggregate posture across the current .auDO observation panel. They are summaries, not scores.

Explore observed context

For broader context, compare MX observations with dated reports, observed cohorts and related mail posture explainers.