DeskNow Knowledge Base
 
      
Home Mail What is a reverse PTR record? How can I use it to fight spam?

What is a reverse PTR record? How can I use it to fight spam?

IP addresses (like 101.34.123.12) are assigned by a central organization to various ISPs around the world.
An ISP that 'owns' an IP address on behalf of its customer, can register a DNS record saying "the IP address 101.34.123.12 corresponds to the server nexus.domain.com" (for example). Note that only the ISP can do this, you as a normal ISP customer can't do it. This is called "reverse" record, because normally DNS records go name -> IP address , whereas this is IP address -> name


In DeskNow you have two antispam options related  to reverse PTR.
Imagine that a mail server with IP address 101.34.123.12 connects to DeskNow via SMTP to deliver a message.
Following the SMTP protocol, it must introduce itself by saying 'HELO nexus.domain.com' where nexus.domain.com is its name (for example). If the "Reject message if reverse PTR record does not match HELO host" option is enabled in DeskNow, DeskNow will query the reverse DNS system to find out what is the name of the server associated to the IP address 101.34.123.12 . If it is not 'nexus.domain.com' (example), then DeskNow assumes that the server is lying about its name, and rejects the message. This is, for insance, what AOL does. This causes many problems to a lot of inexperienced system administrators, because the reverse DNS issue is not very well known.

"Reject message if reverse PTR record does not match MAIL FROM domain" is another DeskNow option, stricter than the first one. If it is enabled, DeskNow will check that the MAIL FROM command specifies that the mail is coming from an address associated with the IP of the mail server. So if the reverse PTR record of the IP says nexus.domain.com, the mail must be from someone@domain.com . This helps a lot in fighting open relays, but it can be a problem if the remote server has virtual domains, etc.

In general, we would not recommend enabling the second option unless you have very specific reasons. You can more safely enable the first option, but someone could still have problems sending you legitimate mail, but technically it is their fault. And they will not be able to mail to AOL, either, which is a clear sign that they should fix their configuration.

Email Article Email
Print Article Print


How helpful was this article to you?
Related Articles
article Why was this message classified as spam?
To understand why a particular message was or...

  July 31, 2006    Views: 20423   
article My spam mail is being downloaded to my Outlook pop3 client. Why?
By default, DeskNow is set to send all received...

  October 4, 2006    Views: 16572   



Powered by Lore :: (c)2003 Pineapple Technologies.