If you are using Microsoft 365 as your DNS hosting provider and you are trying to set up Heimdal's Email Security as a 3rd-party spam filter, it is possible that you might stumble upon the below error while trying to validate the Heimdal MX Records:
Why is this happening?
By default, Microsoft prefers its own Mail Server service (Exchange Online Protection) as a Mail Server instead of a 3rd-party spam filter. Because of this, Exchange Online recommends and prefers its own MX Records with Priority 0 (example: 0 example-com.mail.protection.outlook.com TTL 1 Hour). When it comes to a 3rd-party spam filtering solution, Email Security acts like the 'man-in-the-middle' between the Internet and Exchange Online:
This means that the domain's DNS settings need to be configured with Heimdal's Email Security MX Records instead of Office 365 MX Records. The Office 365 MX Records are then configured in the Heimdal Dashboard so that Email Security can successfully deliver the filtered emails to Exchange Online. Since Office 365 prefers its own MX Records, this is why it does not validate any other MX Records. Although the Email Security MX Records cannot be validated, the email flow will work just fine and emails can be seen in the Heimdal Dashboard, under Email Security.