A friend registered a domain and configured an Exchange server at home about 2 years ago. Everything was fine until a couple of weeks ago when he couldn't receive external mail. Internal mail was OK so that suggested that the Exchange server, his internal DNS and mail clients were all configured correctly.

We bounced ideas from each other and he tried several things, including scanning for malware and checking whether his IP address was blocked (it was by 3 of the 70 or so servers). He spoke with his ISP (to check if they had done something to block it) as well as the helpdesk of the Domain Registrar. There were no obvious solutions and he was almost at the point of reinstalling Exchange when it became apparent that there was an unusual entry in the Delivery Status Notification response to a test e-mail. It was in the form:

mail.HisDomain.co.uk.HisDomain.co.uk

but, when he checked the DNS configuration at his Control Panel with the domain registrar, it showed correctly as:

mail.HisDomain.co.uk

The abnormal MX record was confirmed by using nslookup.

In frustration, he deleted this apparently correct entry and reconfigured it. Sure enough, nslookup reported the correct MX record and mail started flowing again!

QUESTION:

Does anyone know how this could have happened? The helpdesk staff with the Domain Registrar haven't been able to shed any light.

The only thing I can think is that someone accessed his Control Panel with the Domain Registrar and changed the entry but, if that's correct, why didn't it show as the malformed MX entry rather than correct? Obviously, I'd suggest that he changes the password ASAP.