Email Security. PHOTO: Cybercrime Magazine.

Avoid Late Night Email Security Emergencies

What you need to know about changing MX Records

Gil Friedrich

New York City, N.Y. – Aug. 27, 2021

When you deploy a Secure Email Gateway, you have to change the MX Record. Mail Exchange (MX) records are Domain Name Server (DNS) records that are necessary for the delivery of email. In order to reroute email through an SEG, an organization must change their MX records to that of the Gateway. Sounds simple enough.

Here’s the problem. MX records are public knowledge. Just going to a site like MXToolbox is enough to get all the required info. This public knowledge exists so emails can get to the intended addresses. Changing the MX record to an SEG allows anyone to look up and see what email security is being used. Hackers essentially have a roadmap to get past the solution. It’s like giving a thief your exact address.

To disguise this, the providers have instituted obstructive mail-server configurations, that basically limit themselves as the only approved hop for incoming email. Sounds fine, but what about other third-party security layers? Does the IT staff and SOC know every single exception? The outcome will certainly include some late-night emergencies.

Further, whenever you change the MX records, it takes DNS about 48 hours for the anti-phishing solution to become fully effective. That’s two days, with practically unmitigated phishing. It’s a scary proposition.



Beyond that, changing MX records actually impairs or even erases embedded filters. Instead of adding security, it replaces the default, obfuscating the value from those layers. Deploying an SEG allows emails that would have been blocked by Office 365 or Gmail to bypass all security. When you double-stack your security with an SEG, you must disable Microsoft and Google’s spam filters — which play a key role in anti-phishing. This is why upon deployment, you will often be advised to disable your default spam filtering and rely solely on the gateway. SEGs will change certain indicators in the email’s header, blinding some critical aspects of the default security layers in Office 365 and Gmail.

This would not be a problem if the SEG caught 100 percent of attacks, but this is not always the case, especially in the first hours or days of a security event. From a “defense-in-depth” perspective, it is disheartening to know that in order to deploy a second layer of security, you must essentially disable the first.

Luckily, changing MX records does not have to be part of your security solution. When you integrate security via API, you don’t have to change the MX records at all. In fact, your security is hidden, so hackers can’t craft specific attacks aimed at that layer. You don’t have to disable the default layer; you can use that layer to stop attacks, and the layer behind it to stop attacks the default security layer one misses. Even better — you’ll train the AI on the attacks the default layer misses, keeping you safer. For AI to work effectively, it needs to be trained on the best data set. For email security, it must be embedded within the cloud suite via API. Once embedded, the data set of cloud email security solutions is much richer. By being embedded, the solution understands who the people being emailed are, the social graph, internal email, geo-suspicious login events, and more.

Integrating via API allows you to do this.

Security is meant to make you safer, not broadcast how to hack your organization into the world. However, changing MX records does not have to be the only solution. A modern, cloud-first approach that integrates via API is simpler, faster and safer.

Start a Demo to Experience the Power and Simplicity of Avanan

Avanan Archives

Gil Friedrich is co-founder and CEO at Avanan.


About Avanan 

Avanan is a cloud email security platform that pioneered and patented a new approach to prevent sophisticated attacks. We use APIs to scan for phishing, malware, and data leakage in the line of communications traffic. This means we catch threats missed by Microsoft while adding a transparent layer of security for the entire suite and other collaboration tools like Slack.

Avanan catches the advanced attacks that evade default and advanced security tools. Its invisible, multi-layer security enables full-suite protection for cloud collaboration solutions such as Office 365™, G-Suite™, and Slack™.  The platform deploys in one click via API to prevent Business Email Compromise and block phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for multiple tools to secure the entire cloud collaboration suite, with a patented solution that goes far beyond any other Cloud Email Security Supplement.