In modern email ecosystems, autodiscovery has become a critical feature that saves users from manual configuration headaches. When Outlook or other email clients attempt to configure an account, they automatically query DNS records to determine server settings like IMAP/POP3/SMTP endpoints and authentication methods.
The autodiscover process primarily relies on these DNS records:
; SRV record for autodiscover _autodiscover._tcp.example.com. 86400 IN SRV 0 0 443 autodiscover.example.com. ; MX record (should already exist for email delivery) example.com. 86400 IN MX 10 mail.example.com. ; A record for autodiscover subdomain autodiscover.example.com. 86400 IN A 192.0.2.1
The SRV record format follows this structure:
_service._proto.name. TTL IN SRV priority weight port target
For email autodiscover:
_autodiscover._tcp.example.com. IN SRV 0 0 443 mail.example.com.
For more complex configurations, you can host an XML file at:
https://example.com/autodiscover/autodiscover.xml
Example XML configuration:
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>IMAP</Type>
<Server>imap.example.com</Server>
<Port>993</Port>
<SSL>on</SSL>
<AuthRequired>on</AuthRequired>
</Protocol>
</Account>
</Response>
</Autodiscover>Use these tools to verify your setup:
- Microsoft Remote Connectivity Analyzer
- dig/nslookup for DNS verification
- Test-OutlookWebServices PowerShell cmdlet
Frequent problems include:
- SSL certificate mismatches (ensure it covers autodiscover.yourdomain.com)
- Incorrect SRV record priorities/weights
- Firewall blocking port 443 for autodiscover
Modern email clients like Outlook, Thunderbird, and Apple Mail rely on autodiscovery protocols to configure mail server settings automatically. As a sysadmin, implementing this properly saves countless support tickets from users struggling with manual configuration.
The autodiscover process primarily uses these DNS records:
; SRV record for autodiscover (priority 0, weight 5, port 443) _autodiscover._tcp.example.com. 3600 IN SRV 0 5 443 autodiscover.example.com. ; Alternative approach using CNAME autodiscover.example.com. IN CNAME mail.example.com.
When clients query the autodiscover endpoint, they expect an XML response:
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>IMAP</Type>
<Server>mail.example.com</Server>
<Port>993</Port>
<LoginName>%EMAILADDRESS%</LoginName>
<DomainRequired>on</DomainRequired>
<SPA>off</SPA>
<SSL>on</SSL>
<AuthRequired>on</AuthRequired>
</Protocol>
</Account>
</Response>
</Autodiscover>
For clients that don't use SRV records, you'll need to serve the autodiscover.xml file via HTTPS:
# Nginx configuration example
server {
listen 443 ssl;
server_name autodiscover.example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location /.well-known/autoconfig/mail/config-v1.1.xml {
alias /var/www/autodiscover/mail-config.xml;
}
location /autodiscover/autodiscover.xml {
alias /var/www/autodiscover/autodiscover.xml;
}
}
Test your configuration with these tools:
- Microsoft Remote Connectivity Analyzer
- dig +short SRV _autodiscover._tcp.example.com
- openssl s_client -connect autodiscover.example.com:443
Watch out for these issues:
- SSL certificate must cover autodiscover subdomain
- HTTP redirects break some clients
- SRV records have TTL considerations
- Mobile clients often have different requirements