Cheers Stephan,
I might be wrong but according to RFC 2821 it is ok to use a CNAME if the target is resolvable to A or MX.
3.6 Domains
Only resolvable, fully-qualified, domain names (FQDNs) are permitted when domain names are used in SMTP. In other words, names that can be resolved to MX RRs or A RRs (as discussed in section 5) are permitted, as are CNAME RRs whose targets can be resolved, in turn, to MX or A RRs. Local nicknames or unqualified names MUST NOT be used.
True, so guess I'll modify my validation rules according to this. Thanks!
However, the target domain in this case is not working correctly.
I've found that inconsistency as well between their 2 main DNS providers. Akamai, using serials that seem to be unix timestamps, returns MX records. dynect.net using sequentially incrementing serials (much lower, Windows DNS? :)) doesn't return any MX. So, it's essentially pretty random whether the address resolves, or not...
I've tried to communicate this to aadnetsre@microsoft.com, as per:
msidentity.com has SOA record ns1.p09.dynect.net. aadnetsre.microsoft.com. 23844 3600 600 604800 1800
but some part of me will be very surprised if I'll get any answer back from that address...
Cheers, Markus