Invalid TLD in MX record

What does the following message mean?

554 5.7.1 <sender@example.com>: Sender address rejected: "invalid" TLD in MX record

This problem occurs because the sender's domain has a bogus MX record.

The reasoning behind why an MTA might not accept a mail from a domain whose MX records contain an invalid entry, is that there is a duty of care once you accept an email onto your system. You need to be able to send bounce messages in case of non-delivery, but if the sender domain's MX records are invalid, you can't ensure this ability, so rejecting the mail is the most prudent option.

The invalid MX record has most likely been introduced, because someone has added a new (and bogus) MX record to the domain, in order to prove domain ownership during the Microsoft Office365 migration process.

Although there is the option to add a "TXT" record (which should not adversely affect any services), it appears that many people are adding bogus "MX" records instead (which is likely to cause problems with mail delivery). Either way, once the domain ownership verification process has been completed, the temporary DNS records should be removed (especially if it's a bogus/invalid MX record).

You can view a report on your DNS setup (including MX record validity), using this tool. Here is an example excerpt from a DNS report of an Office365 customer, who has not removed the temporary MX record: -

Invalid TLD in MX