Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] PTR records for email



Bill Horne wrote:
> I have a question about PTR records: can anyone confirm or deny that
> some ISP's are refusing mail from any domain without a PTR?

Yes, no PTR record at all will lead to many receivers classifying your
mail as spam.

See:
https://en.wikipedia.org/wiki/Anti-spam_techniques_%28e-mail%29#PTR.2Freverse_DNS_checks

  Most email mail transfer agents (mail servers) use a forward-confirmed
  reverse DNS (FCrDNS) verification and if there is a valid domain name,
  put it into the "Received:" trace header field.

But it is rare for a legit IP not to have any PTR.

The article also says:

  Some email mail transfer agents will perform FCrDNS verification on
  the domain name given in the SMTP HELO and EHLO commands.

I have only seen one case of this that I am aware of. It wasn't an ISP.
It was Craigslist. I mentioned it in this posting:

http://www.bblisa.org/pipermail/bblisa/2013-May/003527.html

My understanding is that best practices for spam filtering say you
should *not* filter on an expectation of the PTR record matching the
EHLO host.

See also:
https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS

  There are various reasons why it may be impossible, impractical or not
  desirable to set up forward confirmed reverse DNS in the correct
  domain...It is therefore not recommended to take a failed verification
  as proof of anything. It is however a mandatory internet requirement,
  according to RFCs that each and every host has a valid reverse lookup.

  ...there are systems that take having no reverse DNS, a failed
  verification, reverse DNS in an other domain or something that looks
  like the reverse of a dynamic IP address into account because they see
  a correlation between that and spam, but correlation does not imply
  causation...

Most of the article deals with lookups performed solely on the client's
IP and information retrieved from DNS. In a bullet list at the end they
repeat the comment about EHLO checks from the previous article, and add
a note about how such checks are contrary to an RFC:

  Some e-mail mail transfer agents will perform FCrDNS verification on
  the domain name given on the SMTP HELO and EHLO commands. This can
  violate RFC 2821 and so e-mail is usually not rejected by default.


If you have an ISP that refuses to give you a custom PTR record, you can
work around that for a price. VPN services, like PRQ:

http://www.prq.se/?p=tunnel&intl=1

can get you a static IP and custom PTR starting at $13/month. (Though
you can likely get a mail relay service for less.)

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org