We've just pointed the DNS nameservers to our new linode and I want to get some feedback from the community regarding the right configuration of our MX records so that we do not have any downtime in our email. Right now I have (as per http://library.linode.com/email/google-mail):



Do I need to delete the first entry (mail.landartgenerator.org)?

Also, our previous host recommends the following:



Do I need to add ASPMX 4 and 5? What about the last three lines???

Looking around online, I see contradicting recommendations especially as it pertains to "preference." Some forums recommend preferences from 1-7 (top to bottom per the list above). And what do the 10s and 30s mean in the list above?

Thank for your kind help. I'm rather new to this and I would like to avoid the nightmare of our emails getting lost in the shuffle.

-Rob

Yes, remove that other MX record. In general you shouldn't mix MX records of different service providers (unless you really know what you are doing).

Regarding which records to include, I would recommend following what the documentation from the actual service provider says. In this case: http://support.google.com/a/bin/answer. ... wer=174125

To cover some of the other things you mentioned:

Regarding those CNAME records they have nothing to do with email delivery. However, you may want to use those or other names to access your Google Apps services. See the Google Apps documentation for details on that.

Regarding the priority in MX records those numbers are only relative to each other, the absolute values do not matter but whichever record has the lowest number has the highest priority.

Thank you.

Looking through the information at google (thank you for the link) there is mention of TTL and setting it to 300.

Right now the lower part of my DNS records page looks like below. Is there anything else I should change and do I need to worry about TTL?



Thanks!

The TTL specifies how long the records are allowed to be cached by others. (Which will affect how quickly any changes you make to these records later on will take effect for everyone.)

A TTL 300 = 5 minutes, unless you're testing DNS settings (Once you get everything working right), I would bump it a little higher more like 3600 (1 Hour)

As Hawk7000 suggested remove the other MX record and those other CNAMES are not needed for sending mail.

Since you're messing with DNS you should also add this SPF record for google mail: "v=spf1 include:_spf.google.com ~all"

Here's the google instructions on that.
http://support.google.com/a/bin/answer. ... wer=178723

You can also add the new DMARC records (DNS Change as well)
http://support.google.com/a/bin/answer. ... er=2466563

For you it will be something like: "v=DMARC1\; p=none\; rua=mailto:postmaster@your_domain.com"
It should be added under "_dmarc.yourdomain.com"

Use the "p=none" setting for now, until you know you have your SPF and DKIM set up right.

If you want to check and verify your SPF and DKIM, send an email to mailtest [AT] unlocktheinbox.com, it will auto-respond letting you know if it's correct. If it is, you can change the "p=none" to "p=quarantine" or "p=reject", you can read more about email autentication testing here: Email Authentication Testing

I don't think you need to worry about setting up DKIM, Google app mail does that for you, I think. But definitely confirm that through the authentication testing tools.

Maybe a little to much information, but I think that's everything in a nutshell.

Of which a huge percentage of the DNS resolvers conveniently ignore and keep the data for whatever overriding time frame they've been set up with.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.