INeedYourHelp00
asked on
Pros / cons of smart host vs. DNS MX records?
Very rusty with this. Working on an SBS 2010 standard. Mail is not going out. It's the weekend. I see 58 emails in the send connector queue.
The connector was set up years ago to use a web / email hosting company as smarthost. it's talking about authentication errors. If the hosting company stopped that account set up in the send connector, what other options do we have?
What companies are out there to let us use as a smart host? Why do we need a smart host? Why not be able to just push the emails out onto the web? And how would we set that uo?
http://www.mustbegeek.com/configure-send-connector-in-exchange-2010/
talks of choosing use dns and MX to route mail. Can we just use that? What's the pros / cons of doing that? And /or how do you set up a 2nd smart host entry - if it can't send mail with first, smarthost, failover to 2nd?
The connector was set up years ago to use a web / email hosting company as smarthost. it's talking about authentication errors. If the hosting company stopped that account set up in the send connector, what other options do we have?
What companies are out there to let us use as a smart host? Why do we need a smart host? Why not be able to just push the emails out onto the web? And how would we set that uo?
http://www.mustbegeek.com/configure-send-connector-in-exchange-2010/
talks of choosing use dns and MX to route mail. Can we just use that? What's the pros / cons of doing that? And /or how do you set up a 2nd smart host entry - if it can't send mail with first, smarthost, failover to 2nd?
Care to suggest a smart host company?
Mimecast
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Funny in a sad way. I use reflection for several years now as a spam filtering company. I don’t think I’ve ever heard them called them selves a smart host.
But I have no love for them. A couple times in the last couple years Theyve gotten their servers put on blacklists because while they offered outbound mail filtering service, it turns out it’s only for virus filtering not spam filtering. So somebody was using them and sending out spam and they didn’t catch that till they got on blacklists and it took them a week to get off of them. In the meantime my clients couldn’t send out mail reliably.
Reflection charges $1.50 per mailbox that has filtering turned on. I can’t find mine casts pricing would anyone know that?
But I have no love for them. A couple times in the last couple years Theyve gotten their servers put on blacklists because while they offered outbound mail filtering service, it turns out it’s only for virus filtering not spam filtering. So somebody was using them and sending out spam and they didn’t catch that till they got on blacklists and it took them a week to get off of them. In the meantime my clients couldn’t send out mail reliably.
Reflection charges $1.50 per mailbox that has filtering turned on. I can’t find mine casts pricing would anyone know that?
And as a sidenote does anyone use office 365 exchange? Do you have anything in front of it for spam filtering?
Let's sum up:
SMARTHOST
-smarthost is a host that is being used to SEND email. It performs MX Lookups via DNS and deliver emails. It lets you send your email through its own SMTP service. It can do so via authentication. Authentication means you have a username/password OR your IP has been authorized for sending through them. Did you change your servers IP recently? if so, that could explain the error.
NOTE: benefits are you are not mantaining REPUTATION and reverse DNS (things your smarthost provides has to care after). Reputation means chances your emails are delivered in recipients inboxes wothout being filed as spam or rejected
MX LOOKUP (not MX)
-means your own server performs MX lookups via DNS and connects to recipient MX servers directly.
that means you manage your own email system and have to care about reputation of your email server IP (see here for some info: https://sendgrid.com/blog/5-ways-check-sending-reputation/)
MX record
- MX record is defined in DNS and represents the mail server IP (or IPs) to which emails directed to that domain need to be delivered.
So, switching from smarthost deliver to direct deliver means doing Reputation checks:
for instance, you have to set up reverse DNS correctly, check your IP is not in some dialup residential class, it is not shared among others (possibily behind NAT) and whatnot. It's not just matter of switching mode. Also, it depends on your organization needs in terms of email deliverability
I would suggest to solve the issue with your current smarthost provider or switch smarthost provider. If you mean to avoid smarthosts in the future, do so with some planning.
SMARTHOST
-smarthost is a host that is being used to SEND email. It performs MX Lookups via DNS and deliver emails. It lets you send your email through its own SMTP service. It can do so via authentication. Authentication means you have a username/password OR your IP has been authorized for sending through them. Did you change your servers IP recently? if so, that could explain the error.
NOTE: benefits are you are not mantaining REPUTATION and reverse DNS (things your smarthost provides has to care after). Reputation means chances your emails are delivered in recipients inboxes wothout being filed as spam or rejected
MX LOOKUP (not MX)
-means your own server performs MX lookups via DNS and connects to recipient MX servers directly.
that means you manage your own email system and have to care about reputation of your email server IP (see here for some info: https://sendgrid.com/blog/5-ways-check-sending-reputation/)
MX record
- MX record is defined in DNS and represents the mail server IP (or IPs) to which emails directed to that domain need to be delivered.
So, switching from smarthost deliver to direct deliver means doing Reputation checks:
for instance, you have to set up reverse DNS correctly, check your IP is not in some dialup residential class, it is not shared among others (possibily behind NAT) and whatnot. It's not just matter of switching mode. Also, it depends on your organization needs in terms of email deliverability
I would suggest to solve the issue with your current smarthost provider or switch smarthost provider. If you mean to avoid smarthosts in the future, do so with some planning.
OK, thanks for the distinction. And a reminder why we did the smart host approach. I think getting the reverse lookup entered with the internet provider was a sticking point.
So now:
1) Echange office 365 eliminates needing to decide between smarthost / MX lookup, right?
2) I was disappointed that Shaif mentioned Reflexion with high regard (nothing against you.... I thought me as a noob not likiing them was the tip of the iceberg?
So now:
1) Echange office 365 eliminates needing to decide between smarthost / MX lookup, right?
2) I was disappointed that Shaif mentioned Reflexion with high regard (nothing against you.... I thought me as a noob not likiing them was the tip of the iceberg?
O365 adoption means moving mailboxes there and paying per user.
Don’t have exact erience with reflexion
Don’t have exact erience with reflexion
I thought you were on premise server and not on office 365.
If you are on office 365 there is no need for smarthost I mean you can point mx directly to office 365 or point mx through smarthost it's your choice.
If your mx is directly pointed to office 365 then Microsoft has FOPI we're emails gets scanned through it. You can also say SPF record and also have dmarc and dkim records set for your domain for additional protection.
So office 365 eliminates need for smarthost.
If you are on office 365 there is no need for smarthost I mean you can point mx directly to office 365 or point mx through smarthost it's your choice.
If your mx is directly pointed to office 365 then Microsoft has FOPI we're emails gets scanned through it. You can also say SPF record and also have dmarc and dkim records set for your domain for additional protection.
So office 365 eliminates need for smarthost.
Saif - sorry for not being clear. I was asking about IF we move to office 365, would that eliminate having to debate these choices.
Hi BeGentleWithMe-INeedHelp,
Yes - if you move to Office 365, you won't need a SmartHost, since your emails will be going out from MS servers.
Alan.
Yes - if you move to Office 365, you won't need a SmartHost, since your emails will be going out from MS servers.
Alan.
Yes definitely office 365 is more secure when it comes to spam. It has a good protection system. There is no need for a smarthost if you are on O365 since it has FOPI (forefront identity manager) which scan all emails and works like charm. Additional protection is SPF record which you can add, DKIM and DMARC record for your domains can also be added for additional SPAM settings.
Even with the default i.e. without DKIM and DMARC it's more robust and will not allow anyone to spam from outside since SPF does a validation check on the sending exchange server from remote domain.
Even with the default i.e. without DKIM and DMARC it's more robust and will not allow anyone to spam from outside since SPF does a validation check on the sending exchange server from remote domain.
Office 365 has got EOP (exchange online protection) . You would need to add SPF record for your domain (which is used when you send emails to authorize which mail servers are authoritative for your domain name) in case you manage your own dns, and you can quite easily add dkim for your domain name. You would need to point your mx servers for your domain to EOP. So moving to office 365 means you will have to do some initiatives al DNS planning and some very light daily review of the EOP antispam (depending on how many users you have). Reputation will be mantained by microsoft. Note that you’re u may meet a higher rate of spam / spoofing coming from Microsoft own email servers due to the way office 365 works (shared ip/ domain name between tenants: onmicrosof.com)
ah!!! I'm realizing that's my next question... other than an MX record pointing to the mail server, what else do you need to do for outgoing mail to be accepted these days!?
SPF I've done.
There's a couple other things, right?
DKIM & DMARC - those are new to me... any others?
Reverse DNS - that's if you have the mail server at your location and not using a smart host? Then you have to go to the internet provider to >try< to get them to add an entry? Is reverse dns going away because of the difficulty with that? DKIM & DMARC are easier to do?
And I posted another question elsewhere about imap/pop/web host provider recommendations.
If I say DNS hosting, what do you think of? Someone with redundant servers,etc.? Or the same company thats doing web and pop hosting? Or the registrar? Godaddy for me. Do they give you full control of your zone or they lock you to their products / can't send web & mail to other places?
SPF I've done.
There's a couple other things, right?
DKIM & DMARC - those are new to me... any others?
Reverse DNS - that's if you have the mail server at your location and not using a smart host? Then you have to go to the internet provider to >try< to get them to add an entry? Is reverse dns going away because of the difficulty with that? DKIM & DMARC are easier to do?
And I posted another question elsewhere about imap/pop/web host provider recommendations.
If I say DNS hosting, what do you think of? Someone with redundant servers,etc.? Or the same company thats doing web and pop hosting? Or the registrar? Godaddy for me. Do they give you full control of your zone or they lock you to their products / can't send web & mail to other places?
Hi,
I would recommend you always setup SPF, DKIM, and DMarc - in that order of priority.
Reverse DNS - Yes, you only need to worry about this if you are hosting you own mail server.
Imap/pop/web host provider recommendations - Best to leave that in your other question(s) else it will get confusing if you split the conversations(s).
DNS Hosting - Can be separate (or done yourself), but for most people, their registrar is fine. Most give you fairly full control over your DNS settings, but if you are thinking of moving, ask those questions before you do so you know what you can and can't do with a new provider.
Alan.
I would recommend you always setup SPF, DKIM, and DMarc - in that order of priority.
Reverse DNS - Yes, you only need to worry about this if you are hosting you own mail server.
Imap/pop/web host provider recommendations - Best to leave that in your other question(s) else it will get confusing if you split the conversations(s).
DNS Hosting - Can be separate (or done yourself), but for most people, their registrar is fine. Most give you fairly full control over your DNS settings, but if you are thinking of moving, ask those questions before you do so you know what you can and can't do with a new provider.
Alan.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I use a smarthost, but it is a reputable service. If this is not an option then you only have MX to route.