[Setup Step 4]: Instructions for changing MX records
Posted by Travis J, Last modified by Jared Smart on 06 August 2019 03:55 PM
Redirecting customers MX records to point towards Proofpoint Essentials is crucial to the successful deployment of the solution and ensures all email is both filtered and delivered.
Since we cannot do this for you, it will be necessary to contact your hosting provider, ISP or Domain Name Service provider and arrange for the MX records on your domain(s) to be modified.
Resellers are assigned to different sections of our cloud and as such the mx records you must use for setting up customers will be dependent on your allocation.
For more settings details see this Data Center KB article.
With regard to the US1, EU1 where there are multiple MX records set, please pay attention to the pattern as the numbers indicate priority. In some cases, hosting companies may only allow one MX entry. In this case use only the following entries, based on the appropriate location:
Also, please take care with all options that the spelling and numericals are correct and that the full-stops at the end where relevant are included. Please note that using other DNS names than those provided here might interfere with our ability to do seamless infrastructure upgrades in the future. Also, although you might get away with replacing the DNS names with their IP addresses, it is not compliant with DNS rules (MX records must not point to an IP address), as it will interfere with our ability to do certain kinds of infrastructure upgrades seamlessly. You can test your domain configuration using the tool provided on the Proofpoint Essentials Interface.
Lastly, it is always recommended when changing DNS entries like MX records to lower the TTL (eg. to 600 or even 60 seconds) on the records well in advance of updating the entries itself. This allows the change itself to propagate in minimum time, and provides a quick way to revert the change should a test email indicate any unexpected problems. (Use the KB article on How to troubleshoot email delivery with Proofpoint Essentials Interface to track this test message). Usually problems here are caused by forgotten firewall rules on the destination server. Once the change is made AND everything is working smooth, the TTL should be changed back up to 86400 (or whatever it used to be... 86400 seconds = one day). These measures ensure maximum flexibility and minimum downtime should anything unexpected arise.
Additional Information: These steps are also located in the Getting Started Guide
[Setup Step 3] - Firewall lockdown options for Email & LDAP Discovery
[Setup Step 4] - Current Step - Instructions for changing MX records
[Setup Step 5] - (Optional): Instructions on activating Proofpoint Essentials for an organization's outbound email
[Setup Step 6] - Configuring additional features