Mail exchange (MX) resource records denote the location that email should be delivered for your domain. Agencies supported by CDS use Proofpoint to receive and process email for spam, viruses, and phishing attempts.
Two MX resource records, each with the same priority (recommended priority of
10), will be required for each new or migrating email domain.
Agencies with multiple domains will have the exact same MX resource record entries in each domain.
If your agency currently uses pp-inbound-#.cdscore.com for your MX records, this is fine. You do not need to change them unless instructed to do so by support.
Exchange Online uses CNAME resource records for Outlook AutoDiscover. To accommodate this, please create a CNAME resource record as follows.
autodiscover.example-agency.com(your email domain should be here)
In addition, other Office 365 services will require the following CNAME resource records.
msoid.example-agency.com(your email domain should be here)
enterpriseregistration.example-agency.com(your email domain should be here)
enterpriseenrollment.example-agency.com(your email domain should be here)
If you are using an SRV record for Outlook AutoDiscover, it must be removed. It will be in the form of
This TXT resource record is for Sender Policy Framework, an email validation system designed to prevent spoofing and reduce spam.
If your agency currently uses SPF, the existing TXT resource record must be updated to use the
include statement below. If your agency does not currently use SPF, the text below should be added in its entirety.
There are a number of ways to configure SPF, but we recommend the configuration below. This allows the information included in the SPF record at CDS, which already includes Proofpoint and our SMTP relay appliances (per region). The last entry signifies that entries not listed in the SPF record should only “SOFTFAIL”. That is, they should be passed on but potentially tagged depending on the configuration of the recipient’s email system.
You may have one or more A resource records currently in use for users to visit webmail or to autodiscover client settings. These must be removed in order to prevent certificate errors or failure of clients to connect to Exchange Online. Typically, these are in the form of
autodiscover.example-agency.com. Please also verify that you do not have these A resource records in your internal DNS, as well.