Mail Issues - Why mails got returned


I have delivered an email twice, all failed, then tried webmail, no failure notice received.  So I contacted my mail service provider (a hosting company), The reply I got is as follows:

added the following CNAME
Name: dkim-shared._domainkey

Then they added for me.  Now I can't access via outlook, can't access via webmail.  Even the website is not there.  They said they need to create another "A" record for me.

Can Anyone kindly tell me whether all these make sense?  They explained to me about "DNS propagation", didn't explain why it causes DNS propagation.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
There is no such thing as DNS propagation.
DNS changes are live as soon as the DNS server they are made on is updated.
Where people think of "propagation" is either caching (where DNS servers around the world cache the information) or a change to the name servers, which does require propagation around the internet to the root servers.

I have no idea why the hosting company made DKIM records, as that wouldn't have had anything to do with email delivery problems unless it was to Yahoo.
As you cannot access webmail or anything it sounds to me like they have completely screwed up the DNS records for your domain.

Go back to the hosting company and ask them to check. Make sure that they use a public site to check the records as well as their own tools. 


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I agree with Simon, adding a DKIM record make no sense.  So go to the web sites that he has listed and put in your domain name.

Failed e-mail delivery has nothing to do with what client (Outlook, webmail, Thunderbird, or something else) you use.
Creating an A record is nonsense.  Email requires an MX record. They are correct on one thing, it can take up to 48 hours for any changes to replicate out to all the DNS servers.

Have you looked up your email domain to see whether there is already a MX record present?  This is quite an easy process.  Go to: insert your domain name and you will get the results of where the MX record is pointing and whether the servers or domain are blacklisted.

Let us know how you get on.
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

Simon Butler (Sembee)ConsultantCommented:
"Creating an A record is nonsense.  Email requires an MX record. They are correct on one thing, it can take up to 48 hours for any changes to replicate out to all the DNS servers."

I disagree there completely.
An MX record on its own is useless - you need an A record for the MX record to be pointed to.
And as for 48 hours to be replicated to all DNS servers, again that is complete nonsense as well.
The only time there is a delay is when it is caused by the server the change was made on. If the DNS zone is built immediately then the change is immediate as well. No "replication" involved, just caching.

I think we need to step back and re-look at the problem.  Actually we need more information.

He said he sent e-mail using Outlook and and received back failure notices.   Since he received failure notices that implies his MX record and the A record it points to are fine.  In this situation the problem is with who he was sending the e-mail too.

Then he tried using webmail.  It is not clear if he was using a webmail interface of the same account as above or not.  When using this he did not receive any failure notice.  However he also does not state if the e-mail was received by the recipient.

Last once he contacted his ISP and they made changes and now he can't access his mail server using either Outlook or webmail.  This implies that they messed something dealing with the host name that Outlook/Webmail points to.
mk50Author Commented:
Thank you very much, everyone.  One thing I am sure that they have messed up, but they don't want to admit.

After more than 80 hours since the first ticket being initiated to them, it was still not working.  So I wrote another email to question about the status.  I thought they would say I need to wait for another 24 hours because the A record was created 1 day after they replied to my 1st ticket.  Technically I should wait for 72 hours after the 2nd ticket, total 72+24= 96 hours. In another words, I should wait for another 16 hours before the max waiting time is reached.

To my surprise, they came back unbelievable quick saying they had a look and now all fixed up.  My domain works, emails via outlook work, emails via webmail (through the hosting account) work.  I am not sure what they are really doing.  

One thing I'd like to mention.  The domain I didn't use much previously.  It is just a domain, no website developed for a few years.  Recently I develop a website.  In addition,  the emails I received got more serious stuff.  I mean got client enquiries, etc.   I am always wondering how secure the emails are hosted by a hosting company.

Do you think you can give me an idea of what actually really happened?
There are just too many possibilities of what they could have messed up.

For sure, if you could not access your e-mail server using Outlook or the webmail interface the A record for that host name was not pointing to the correct IP address.

After that who knows what they could have messed up.

As for the security of the email service they are hosting for you.  Unless you want to run your own e-mail server, you need to trust them.  Typically the bigger the hosting company the more important their reputation, so the more secure they are.
Sorry to disagree with you Simon, and to put the OP right.  I refer you to the following regarding MX and A Records.  I quote:

Should I update A records when routing mail to the message security service?

Do not update your A records. Since your MX records point to, you do not need to change any A records.

Source:  Google -
Simon Butler (Sembee)ConsultantCommented:
Well done on a nice Google search to find something completely unrelated to the question in hand.
That is a specific reference to Google's hosted spam solution Postini.

What do you think the records mentioned are?
Guess what - A records.

An MX record requires A records - either in your domain or another domain, it doesn't really matter.
Your post does not prove me wrong at all.

In order to receive e-mail you must have a MX record, but MX records MUST point to host name.  The host name can be a A record or a CNAME, but at some point there must be a valid A record pointing to a valid IP address.

So to receive e-mail, you must have BOTH a valid MX record and a valid A record.  If the MX record points to a host name that at some point does not have a valid A record, you will never receive e-mail.

However, the original problem was that this person SENT e-mail that got returned.  When sending e-mail the sender does NOT need a valid MX record, they don't even necessarily need a valid A record, or any other record dealing with DNS.  The receiver needs to have a valid MX/A record combination.  Without knowing why the e-mail was returned we don't know that the original problem was.

What we do know is that when he could no longer use Outlook/Webmail to interact with his e-mail server, the ISP messed something up.   Maybe, could be, the ISP changed an existing A record and pointed to the wrong IP address.
mk50Author Commented:

Thank you very much.  A few best solutions.  As Simon was the first one to reply and provided a few URLs to read, so I picked up his.  I am  confused with A record, MX record.  When I find time, will spend some time studying it.  At the moment, seems work fine.

Thank you again. My apology for late feedback.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.