Reverse DNS Naming Conventions, Check Dynamic Address

Information Details

Normally, the reason you have reached this page is because a mail server has sent you a message when it rejected an email from you, or one of your users.

  • If you are an email or network operator, you can continue reading this section
  • If you are a user sending email and it got blocked, you should read this section instead

Information for Email and Network Operators

Although email servers can by RFC accept connections from any IP Address most Best Practises documents insist that all identifiers are correctly used, and in the case of reverse DNS on the connecting IP Address this also applies.. The principal is that ALL email servers have a correct entry in DNS that resolves, and it should resolve to the responsible party for the email server.

This rule performs simple checks on the IP Address that is attempting to connect. Normally ALL IP addresses should have a correct reverse DNS, and especially email servers. Most Anti-Spam tools will reject email from places whose reverse DNS looks not to belong to an email server, but more likely to be a home or office dynamic address. And this is one of BEST tools to catch those nasty trojans on personal computers, or hacked servers, because the spammers DO NOT HAVE control over the reverse DNS. You, as a responsible email operator normally do. IF you are running an email server and it sends out via an IP address that has been provided to you, you SHOULD be able to ask your upstream provider to make sure the Reverse DNS reflects your company. For example.. ‘gateway.yourcompany.com’ or ‘mail.yourcompany.com’.

Because almost all ‘Best Practices’ documents say that the reverse DNS should resolve to the responsible party for any email or traffic that comes from that IP Address, and most providers of IP Space are signatories, you should have no problem with that request. If you do, either your upstream provider doesn’t want email servers on it’s network, or you should consider another provider.

If it resolves to for instance, ‘dsl-tpool4-206.upstreamprovider.net’ this would mean that the upstream provider is responsible for the content from that IP, which it isn’t. You are. LinuxMagic among others, maintain databases of generic addressing patterns, which are normally used for ordinary internet access instead of email servers, and will block based on that as the single largest source of email spam is from home connections and infected PC’s.

And you should normally be a responsible email administrator as well, and this makes it easy for people to report to the correct party, when problems or abuse happens via your IP’s. PS. You should make sure the domain you use has a website as well, to completely comply with best practices.

IF you DON’T have PROPER reverse DNS you probably will have trouble sending to most places already, and a MUCH higher likelihood of your emails being marked as Spam IF they go through. Again, it is not good enough to have reverse DNS, it has to be a PROPER reverse dns with a domain name that is yours.

In order to ensure that messages are not stopped by this check, the reverse DNS string sent should in the style of:

host 192.168.1.1 = mail.mycompany.com

Example:

mail.mycompany.com
firewall.mycompany.com
headoffice.mycompany.com

The following bad example(s) will get rejected:

<missing>
10-10-10.10.my_parent_isp.com
my_company.my_parent_isp.com
adsl.23.204.205.upstream.com

You are responsible for activity on this IP address if you send email, so make it easy for people to know how to reach you. Otherwise it looks like you are just an infected IP Address.

If you are the one sending the message, and you were blocked with this message, it is most likely that your ISP or email provider is at fault not the person to whom you are sending. Call your email provider and get them to fix the situation, and point them to this web page.

Information for users. Why was my email blocked?

If your email was blocked, and the link sent you here it is probably because the operator of your outbound mail server has either had a technical malfunction with his DNS, or misconfigured something. Best to call them and ask what the problem is. If they say they don’t need reverse DNS, think about changing to a more responsible provider. Usually they can rectify this quickly, or it was a temporary problem.

Normally, this rule will only block spammers and hackers.

Please check with the administrator of your outbound email server, or ISP for more information.