Change of default MX records for domains
Post categories
Founder & CTO
This post contains some technical information mostly useful for people that host email for their own domain at FastMail.
TL;DR: If you host email for your domain at FastMail, but host the DNS for your domain at an external DNS provider, we recommend you login to your DNS provider and change the two MX records for your domain from in[12].smtp.messagingengine.com to in[12]-smtp.messagingengine.com. i.e. replace the first dot (‘.’) with a dash (‘-’)
If you host email for your domain at FastMail, and you host the DNS for your domain at FastMail, no change is required, it’s all automatically been done.
More details: For many years, the default MX records for domains hosted at FastMail have been in1.smtp.messagingengine.com and
in2.smtp.messagingengine.com.
However it turns out there’s a small problem with this. The hostnames in[12].smtp.messagingengine.com don’t match the wildcard *.messagingengine.com SSL certificate we have (similar to this previous issue). So if a remote system uses opportunistic TLS encryption to send email to us, the connection will be encrypted, but it may be reported as “Untrusted” because the certificate doesn’t match.
This isn’t disastrous, but it is annoying and exposes a potential man-in-the-middle attack.
So we’ve gone and changed the DNS MX records for all domains hosted at FastMail to default to in1-smtp.messagingengine.com and
in2-smtp.messagingengine.com.
For users that use us to host DNS for their domains, no change is required on your behalf, all of this has been automatically updated.
For users that use an external DNS provider, we recommend you update the MX records for your domains at your DNS hosting provider. We’ll continue to support the old in[12].smtp values for some time and alert users if/when we discontinue it, but the sooner you make the change, the better it is for the secure transmission of email to your domain.
We’ve updated our documentation to reflect these new values.