19 Feb
2018
19 Feb
'18
1:46 p.m.
Hello Ralph
[TL;DR] ;-)
sorry about that, but it's not about an MX to a CNAME, it's about the domain part being resolved directly via a CNAME (kind of like having a domain-level CNAME to another domain, except _THAT_ isn't allowed due to shadowing NS and SOA records). With something like "accountprotection.microsoft.com" they're probably not breaking that rule though.
When you have time, I'd welcome an answer to my question ;)
Cheers, Markus