Last Updated: Nov 29, 2024
Overview
When trying to send the authentication email to a specific domain (example.com), the following error is received:
queryMx ESERVFAIL example.com
The domain has correctly set MX records, and all of the emails to other destinations are reliably delivered.
When looking in the tenant logs, one or more Failed Login ( fn ) events are seen, together with a description that contains the string “queryMx ESERVFAIL”. Selecting and viewing one of these log events will provide more information about the specific problem.
This article discusses the meaning of this error and how it can be fixed.
Applies To
- Failed Login ( fn ) events
- DNS configuration and requests
Cause
This error occurs because Auth0 performs a DNS MX resolution check on the email domain before sending an email. If the check fails, the email will not be sent.
Briefly, DNS requests to the faulty domain are either failing or being blocked by third-party DNS servers which are outside of our control. This is either due to a restriction for the DNS (as configured by each admin) or some other restriction/factor outside of our control.
NOTE: It is possible to check the domain’s health with a third-party service such as MXtoolbox. However, these issues might be intermittent.
Solution
Auth0 is unable to offer any direct assistance with this matter because the problem is caused by DNS configuration issues that are outside of our control.
Only the domain administrators can fix these issues. If there is any other way to contact the recipient (e.g., by phone), then ask them to investigate the problem on their side as well. This would most likely involve them contacting their email / DNS provider and asking them to perform a health check and perform remedial action.