What it is
Mail Exchange (MX) records define how email is delivered to a domain. Misconfigurations include pointing to decommissioned services, missing backup records, or failing to align with email security controls. When MX records are wrong, mail can be misrouted, rejected, or delivered through insecure paths.
Why it matters
Incorrect MX records can enable email spoofing, phishing, message interception, or delivery failures. Attackers often exploit weak email routing and authentication setups to impersonate trusted domains or redirect messages.
How to reduce risk
- Regularly review and validate MX records for every domain and subdomain.
- Ensure alignment with SPF, DKIM, and DMARC policies.
- Remove legacy or unused mail services and keep records current.