Avatar of INeedYourHelp00
INeedYourHelp00
 asked on

Pros / cons of smart host vs. DNS MX records?

Very rusty with this. Working on an SBS 2010 standard.  Mail is not going out.  It's the weekend.  I see 58 emails in the send connector queue.

The connector was set up years ago to use a web / email hosting company as smarthost.   it's talking about authentication errors.  If the hosting company stopped that account  set up in the send connector, what other options do we have?

What companies are out there to let us use as a smart host? Why do we need a smart host? Why not be able to just push the emails out onto the web?  And how would we set that uo?

http://www.mustbegeek.com/configure-send-connector-in-exchange-2010/

talks of choosing use dns and MX to route mail.  Can we just use that? What's the pros / cons of doing that?  And /or how do you set up a 2nd smart host entry - if it can't send mail with first, smarthost, failover to 2nd?
ExchangeEmail ServersSBSWindows Server 2008DNS

Avatar of undefined
Last Comment
Michelangelo

8/22/2022 - Mon
yo_bee

If you change the setting your server leverages public DNS to validate the domain.  If the server finds a MX record for the domain you are sending to it attempts to send to the server.  The issue you have with this method is if the recipients server does validation of the senders address by doing a Reverse DNS check.  

I use a smarthost, but it is a reputable service.  If this is not an option then you only have MX to route.
BeGentleWithMe-INeedHelp

Care to suggest a smart host company?
yo_bee

Mimecast
Your help has saved me hundreds of hours of internet surfing.
fblack61
SOLUTION
Saif Shaikh

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
BeGentleWithMe-INeedHelp

Funny in a sad way. I use reflection for several years now as a spam filtering company. I don’t think I’ve ever heard them called them selves a smart host.

But I have no love for them. A couple times in the last couple years Theyve gotten their servers put on blacklists because while they offered outbound mail filtering service, it turns out it’s only for virus filtering not spam filtering. So somebody was using them and sending out spam and they didn’t catch that till they got on blacklists and it took them a week to get off of them. In the meantime my clients couldn’t send out mail reliably.

Reflection charges $1.50 per mailbox that has filtering turned on.  I can’t find mine casts pricing would anyone know that?
BeGentleWithMe-INeedHelp

And as a sidenote does anyone use office 365 exchange? Do you have anything in front of it for spam filtering?
Michelangelo

Let's sum up:
SMARTHOST
-smarthost is a host that is being used to SEND email. It performs MX Lookups via DNS and deliver emails. It lets you send your email through its own SMTP service. It can do so via authentication. Authentication means you have a username/password OR your IP has been authorized for sending through them. Did you change your servers IP recently? if so, that could explain the error.
NOTE: benefits are you are not mantaining REPUTATION and reverse DNS (things your smarthost provides has to care after).  Reputation means chances your emails are delivered in recipients inboxes wothout being filed as spam or rejected
MX LOOKUP (not MX)
-means your own server performs MX lookups via DNS and connects to recipient MX servers directly.
that means you manage your own email system and have to care about reputation of your email server IP (see here for some info: https://sendgrid.com/blog/5-ways-check-sending-reputation/)
MX record
- MX record is defined in DNS and represents the mail server IP (or IPs) to which  emails directed to that domain need to be delivered.

So, switching from smarthost deliver to direct deliver means doing Reputation checks:
for instance, you have to set up reverse DNS correctly,  check your IP is not in some dialup residential class, it is not shared among others (possibily behind NAT) and whatnot. It's not just matter of switching mode. Also, it depends on your organization needs in terms of email deliverability
I would suggest to solve the issue with your current smarthost provider or switch smarthost provider. If you mean to avoid smarthosts in the future, do so with some planning.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
BeGentleWithMe-INeedHelp

OK, thanks for the distinction.    And a reminder why we did the smart host approach.  I think getting the reverse lookup entered with  the internet provider was a sticking point.

So now:

1) Echange office 365 eliminates needing to decide between smarthost / MX lookup, right?
2) I was disappointed that Shaif mentioned Reflexion with high regard (nothing against you.... I thought me as a noob not likiing them was the tip of the iceberg?
Michelangelo

O365 adoption means moving mailboxes there and paying per user.
Don’t have exact erience with reflexion
Saif Shaikh

I thought you were on premise server and not on office 365.

If you are on office 365 there is no need for smarthost I mean you can point mx directly to office 365 or point mx through smarthost it's your choice.

If your mx is directly pointed to office 365 then Microsoft has FOPI we're emails gets scanned through it. You can also say SPF record and also have dmarc and dkim records set for your domain for additional protection.

So office 365 eliminates need for smarthost.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
BeGentleWithMe-INeedHelp

Saif - sorry for not being clear. I was asking about IF we move to office 365, would that eliminate having to debate these choices.
Alan

Hi BeGentleWithMe-INeedHelp,

Yes - if you move to Office 365, you won't need a SmartHost, since your emails will be going out from MS servers.


Alan.
Saif Shaikh

Yes definitely office 365 is more secure when it comes to spam. It has a good protection system. There is no need for a smarthost if you are on O365 since it has FOPI (forefront identity manager) which scan all emails and works like charm. Additional protection is SPF record which you can add, DKIM and DMARC record for your domains can also be added for additional SPAM settings.

Even with the default i.e. without DKIM and DMARC it's more robust and will not allow anyone to spam from outside since SPF does a validation check on the sending exchange server from remote domain.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Michelangelo

Office 365 has got EOP (exchange online protection) . You would need to add SPF record for your domain (which is used when you send emails to authorize which mail servers are authoritative for your domain name) in case you manage your own dns, and you can quite easily add dkim for your domain name. You would need to point your mx servers for your domain to EOP. So moving to office 365 means you will have to do some initiatives al DNS planning and some very light daily review of the EOP antispam (depending on how many users you have). Reputation will be mantained by microsoft. Note that you’re u may meet a higher rate of spam / spoofing coming from Microsoft own email servers due to the way office 365 works (shared ip/ domain name between tenants: onmicrosof.com)
BeGentleWithMe-INeedHelp

ah!!! I'm realizing that's my next question...  other than an MX record pointing to the mail server, what else do you need to do for outgoing mail to be accepted these days!?

SPF I've done.
There's a couple other things, right?
DKIM & DMARC - those are new to me... any others?

Reverse DNS - that's if you have the mail server at your location and not using a smart host?  Then you have to go to the internet provider to >try< to get them to add an entry?  Is reverse dns going away because of the difficulty with that?  DKIM & DMARC are easier to do?

And I posted another question elsewhere about imap/pop/web host provider recommendations.

If I say DNS hosting, what do you think of?  Someone with redundant servers,etc.?  Or the same company thats doing web and pop hosting?  Or the registrar?  Godaddy for me. Do they give you full control of your zone or they lock you to their products / can't send web & mail to other places?
Alan

Hi,

I would recommend you always setup SPF, DKIM, and DMarc - in that order of priority.

Reverse DNS - Yes, you only need to worry about this if you are hosting you own mail server.

Imap/pop/web host provider recommendations - Best to leave that in your other question(s) else it will get confusing if you split the conversations(s).

DNS Hosting - Can be separate (or done yourself), but for most people, their registrar is fine.  Most give you fairly full control over your DNS settings, but if you are thinking of moving, ask those questions before you do so you know what you can and can't do with a new provider.



Alan.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.