User Tools

Site Tools


Table of Contents

Exchange Online DNS

MX

Mail exchange (MX) resource records denote the location that email should be delivered for your domain. Agencies supported by CDS use Proofpoint to receive and process email for spam, viruses, and phishing attempts.

Two MX resource records, each with the same priority (recommended priority of 10), will be required for each new or migrating email domain.

  • mx0a-00291001.pphosted.com
  • mx0b-00291001.pphosted.com

Agencies with multiple domains will have the exact same MX resource record entries in each domain.

If your agency currently uses pp-inbound-#.cdscore.com for your MX records, this is fine. You do not need to change them unless instructed to do so by support.

CNAME

Exchange Online uses CNAME resource records for Outlook AutoDiscover. To accommodate this, please create a CNAME resource record as follows.

  • Name: autodiscover.example-agency.com (your email domain should be here)
  • Type: CNAME
  • Value: autodiscover.outlook.com

In addition, other Office 365 services will require the following CNAME resource records.

  • Name: msoid.example-agency.com (your email domain should be here)
  • Type: CNAME
  • Value: clientconfig.microsoftonline-p.net
  • Name: enterpriseregistration.example-agency.com (your email domain should be here)
  • Type: CNAME
  • Value: enterpriseregistration.windows.net
  • Name: enterpriseenrollment.example-agency.com (your email domain should be here)
  • Type: CNAME
  • Value: enterpriseenrollment.manage.microsoft.com

SRV

If you are using an SRV record for Outlook AutoDiscover, it must be removed. It will be in the form of _autodiscover._tcp.example-agency.com.

TXT

This TXT resource record is for Sender Policy Framework, an email validation system designed to prevent spoofing and reduce spam.

If your agency currently uses SPF, the existing TXT resource record must be updated to use the include statement below. If your agency does not currently use SPF, the text below should be added in its entirety.

There are a number of ways to configure SPF, but we recommend the configuration below. This allows the information included in the SPF record at CDS, which already includes Proofpoint and our SMTP relay appliances (per region). The last entry signifies that entries not listed in the SPF record should only “SOFTFAIL”. That is, they should be passed on but potentially tagged depending on the configuration of the recipient’s email system.

North America v=spf1 include:na.pp._spf.cdscore.com ~all
EMEA v=spf1 include:eu.pp._spf.cdscore.com ~all

A

You may have one or more A resource records currently in use for users to visit webmail or to autodiscover client settings. These must be removed in order to prevent certificate errors or failure of clients to connect to Exchange Online. Typically, these are in the form of webmail.example-agency.com and autodiscover.example-agency.com. Please also verify that you do not have these A resource records in your internal DNS, as well.