Often customers will leave their secondary MX record pointing directly to the email server or O365. Attackers use this information to bypass ESS and send spam, virus, malware and other harmful emails. Since ESS was bypassed by the attacker, it can’t block these emails. The customer is put at risk. Sometimes they also don’t realize that ESS didn’t get a chance to block these emails.
Now when a customer has any left over MX records pointing to their email server, bypassing ESS, we’ll warn them. The warning is prominently displayed in the navigation tabs. The warnings will go away when the MX record is fixed. See below.