For the sake of clarity, here the text deals with a `primary FQDN` (i.e., example.com from the email address jimmyg@example.com) as well as a `target SMTP FQDN` that is indicated in the MX record for example.com (i.e., ASPMX.L.GOOGLE.COM or example-com.mail.protection.outlook.com). In this paragraph I assume you are referring to the Applicant as being the email service provider who can be validated using TLS BR 3.2.2.4 as controlling the `target SMTP FQDN`.

Is this change intentional?

RFC 5321, section 5.1 says: > When a domain name associated with an MX RR is looked up and the associated data field obtained, the data field of that response MUST contain a domain name. That domain name, when queried, MUST return at least one address record (e.g., A or AAAA RR) that gives the IP address of the SMTP server to which the message should be directed. Any other response, specifically including a value that will return a CNAME record when queried, lies outside the scope of this Standard. The prohibition on labels in the data that resolve to CNAMEs is discussed in more detail in RFC 2181, Section 10.3 [38]. I think it would be good to clarify here that aliases in MX record RDATA cannot be used for this validation method.