Articles

Enterprise SMTP Architecture: Relays, MX, and Redundancy (2026)

April 18, 2026 5 min read

The most surprising thing about enterprise SMTP architecture is that it’s fundamentally a series of polite, but firm, requests to a server that might just be having a bad day.

Let’s see this in action. Imagine a company, "Acme Corp," sending an email to "Example Inc."

# Acme Corp's Mail Server (acme-smtp.acme.com) initiates connection
telnet example.com 25
Trying 192.0.2.1...
Connected to example.com.
Escape character is '^]'.
220 example.com ESMTP Postfix

# Acme Corp introduces itself
EHLO acme-smtp.acme.com
250-example.com
250-PIPELINING
250-SIZE 104857600
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

# Acme Corp says who the email is from
MAIL FROM:<sender@acme.com>
250 2.1.0 Ok

# Acme Corp says who the email is to
RCPT TO:<recipient@example.com>
250 2.1.5 Ok

# Acme Corp sends the email data
DATA
354 Start mail input; end with <CRLF>.<CRLF>
From: Sender <sender@acme.com>
To: Recipient <recipient@example.com>
Subject: A Test Email

This is the body of the email.
.
250 2.0.0 Ok: queued as 1234567890

# Acme Corp disconnects
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

This dance, orchestrated by the SMTP protocol, is how emails traverse the internet. But "Acme Corp" doesn’t just talk to example.com directly. It uses a sophisticated architecture involving relays, Mail Exchanger (MX) records, and redundancy.

The primary goal is reliable and timely delivery. When acme-smtp.acme.com needs to send mail to example.com, it doesn’t know example.com’s direct IP address. Instead, it queries the Domain Name System (DNS) for example.com’s MX records.

Let’s say example.com has these MX records:

example.com.   3600  IN  MX  10  mail.example.com.
example.com.   3600  IN  MX  20  backupmail.example.com.

This tells acme-smtp.acme.com that mail.example.com is the preferred mail server (priority 10), and backupmail.example.com is a secondary server (priority 20). acme-smtp.acme.com will attempt to connect to mail.example.com first. If that fails, it will try backupmail.example.com.

But what if acme-smtp.acme.com itself can’t directly connect to the internet, or needs to enforce certain policies? This is where relays come in. An outbound relay (often called a "smarthost") is an intermediate SMTP server that handles outgoing mail for a client network. Acme Corp might configure its internal mail servers to send all outbound mail to acme-relay.acme.com. This relay server then handles the DNS lookups, MX record resolution, and direct connections to the destination mail servers.

Why use a relay?

  • Security: Internal servers don’t need direct internet access, reducing the attack surface.
  • Policy Enforcement: The relay can scan for malware, enforce sender/recipient policies, or stamp outgoing mail with company branding.
  • Throttling: The relay can manage the rate of outgoing mail to prevent IP blacklisting.
  • IP Reputation Management: A dedicated relay server with a stable IP address helps maintain a good sender reputation, rather than having potentially many internal IPs.

For inbound mail, the MX records point to the mail servers responsible for receiving email for a domain. acme.com’s MX records would point to mail.acme.com and backupmail.acme.com.

Redundancy is critical at every stage.

  • Multiple MX Records: Having primary and secondary MX servers ensures that if the primary mail server is down, mail can still be delivered to the secondary.
  • Multiple Relays: Acme Corp might have multiple outbound relays, perhaps in different data centers, to ensure mail can still be sent if one relay fails.
  • Clustered Mail Servers: The mail servers pointed to by the MX records (mail.acme.com, backupmail.acme.com) are often part of a cluster or a set of independent servers that can receive mail. If one server in the cluster is unavailable, others can take over.

Consider the flow when sender@acme.com sends to recipient@example.com:

  1. acme-smtp.acme.com (or an internal mail server) connects to its configured outbound relay, say acme-relay.acme.com.
  2. acme-relay.acme.com performs a DNS lookup for example.com’s MX records.
  3. It finds mail.example.com (priority 10) and backupmail.example.com (priority 20).
  4. acme-relay.acme.com attempts to connect to mail.example.com on port 25.
  5. If mail.example.com is responsive, the SMTP transaction (HELO, MAIL FROM, RCPT TO, DATA, QUIT) proceeds.
  6. mail.example.com accepts the mail and queues it for delivery to recipient@example.com’s mailbox.
  7. If mail.example.com is unreachable, acme-relay.acme.com tries backupmail.example.com.

The beauty of this system is its layered resilience. If a single component fails – an internal server, an outbound relay, a primary MX server, or even a specific mail server – the system is designed to route around the failure. The DNS MX records are the fundamental map, relays are the controlled transit points, and redundancy is the safety net.

The exact values in MX records, like 10 and 20, are numerical preferences. Lower numbers mean higher preference. When a sending server queries MX records, it will try connecting to the server with the lowest preference value first. If that connection fails or the server rejects the connection, it moves to the next lowest preference value. This mechanism is fundamental to ensuring that even if the primary mail server for a domain is temporarily unavailable, mail can still be delivered to a backup server.

Want structured learning?

Take the full Smtp course →