Originally Posted by greyhairweenie
Not according to RFC2821 (and my experience). An A record will suffice if the server is directly deliverable, as it appears to be from OP's telnet results.
I second that. I've used that capability many times to exploit poor SSL CA verification practices when renewing hosting customer's certs.