For the past month, emails have been (seemingly randomly) delayed to our mail server.

At first, I suspected a configuration problem on our side: it’s quite hard to run a decent mail server, after all. But further confusing things was the fact that not all emails were delayed. The majority, in fact, were not.

Eventually, I noticed a common thread – the delayed emails all came from Outlook or Office365.

An example of a slow email. It was delayed 15 hours by Outlook's 'outbound protection' mail server.

So I went to the darkest, deepest corners of the internet, from which few return: Office 365 tech support.

  • 2019-04-18 - Initial inquiry
  • 2019-05-11 - Issue resolved

After a few weeks of back-and-forth, sending example email headers from those that got delayed, I eventually received the following advice:

Hello Kevin,

Thank you for your email.

Is it possible to remove CNAME of [***]? If yes then remove the CNAME and then check still you are receiving email with delay.

Please check and reply to this email with the outcome. I will wait for your reply.

Previously, I had the DNS set up like so: MX (mail) –> CNAME (alias to another domain) –> A (IP address of mail server). As suggested, I changed it to MX –> A, retested, and… it worked!

In summary: Outlook doesn’t like MX records pointing to CNAMEs, apparently. I’d be interested to know if this is standard behavior at all or if it’s just a Microsoft peculiarity (especially since all other mail servers appear to be fine with a CNAME.)

edit: Actually, upon further research it appears that RFC 2181 does mandate pointing an MX directly to an A record. So Outlook is in the clear here (although most mail servers apparently handle MX -> CNAME -> A alright). An interesting quirk to keep in mind!