← Back to blog
2026-04-305 min read

How to Change Your MX Record: The One DNS Change That Protects Your Inbox

Deploying an email gateway sounds complex. It isn't. It requires exactly one DNS change (your MX record) and your mail starts routing through the gateway within minutes. Here's what an MX record is, what happens when you change it, and how to do it without breaking anything.

What an MX record does

Every domain that receives email has at least one MX record, a DNS entry that tells the internet where to deliver mail for that domain. When someone sends an email to you@yourdomain.com, their mail server looks up your MX record to find the correct destination. Change the MX record, and you change where all incoming mail goes first.

How an email gateway fits in

An email gateway sits between the internet and your existing mail provider. You point your MX record at the gateway's hostname. The gateway receives all incoming mail, filters it, and forwards clean mail on to your actual provider: Office 365, Google Workspace, or anything else. Your provider never changes. Your users notice nothing except a cleaner inbox.

The one DNS change

In your DNS provider's dashboard, find the MX record for your domain and update the value to point at the gateway hostname. The priority value (typically 10) stays the same. Before making the change, lower the TTL to 300 seconds. This makes the change propagate quickly and means you can roll back in minutes if needed.

What happens during propagation

DNS changes take time to propagate, typically 5 to 30 minutes with a low TTL. During this window, some mail will route to the old destination and some to the new one. This is normal. No mail is lost; it's all being delivered, just to different endpoints temporarily.

Verifying it worked

Once propagation is complete, use any MX lookup tool to confirm your domain's record points at the gateway hostname. Then send yourself a test email from an external address and confirm it arrives. If it does, the gateway is live and filtering is active.

Frequently Asked Questions

Can I roll back the change if something goes wrong?

Yes, immediately. Change the MX record back to your original value and mail will re-route directly to your provider. With a TTL of 300 seconds, the rollback takes effect within minutes.

Do I need to make any changes on my mail provider side?

Yes, one important one. Lock your mail provider down so it only accepts connections from the gateway's IP addresses. Without this, attackers can bypass the gateway entirely by connecting to your provider directly. MX Moat provides the IP ranges to whitelist.

What if I have multiple MX records?

Remove secondary MX records or update them to also point at the gateway. Multiple MX records provide delivery fallback. You don't want that fallback routing mail directly to your provider, bypassing the filter.

Have a question about protecting your domain?

Get in Touch →

Don't Wait for the Attack

Registration bombs don't send warnings. By the time you notice, 100,000 emails are already in your inbox. Protect your domain now.

Protect Your Domain →
🇪🇺 EU-hosted · GDPR compliant · Works with any email provider · Setup in 5 minutes