As a follow up to my post last week, we are going to look at another method of preventing SPAM using PTR records. Just like SPF records, there are two sides to this configuration. If these are not setup correctly on the sender’s side, it can cause legitimate messages to be bounced back. Here, we are going to focus on the sending side to ensure emails are delivered and not bounced because PTR records do not exist or are incorrect.
PTR records (or pointer) are DNS records used to map an IP address to a host name. As it pertains to SPAM management, PTR records are used to perform reverse lookups for a domain. Since public PTR records can only be created by the ISP or owner of those addresses, SPAM blocking systems can trust that if a PTR record exists and matches that of the SMTP banner address in an email message, that the message is legitimate. Using PTR records for SPAM lookups has become more popular in combatting SPAM. Early on, mainly larger email providers such as Comcast and AOL used this method. Smaller companies didn’t leverage this because many email administrators were unfamiliar with the methodology.
As SPAM has become more prevalent, companies are forced to use whatever tools are available to them to quell the onslaught of illegitimate messages and are enabling PTR lookups. If you are sending messages and are receiving bounce backs, in addition to having incorrectly configured SPF records, you may not have a PTR record or it may not be configured correctly. PTR records need to be created by your ISP. This record should be the external IP address of your sending mail server. When you contact your ISP to have a PTR record created, you will let them know that the IP address you provide them needs to point to the SMTP banner of your server. To get the banner, you can telnet to your mail server on port 25 and it will respond with the SMTP banner.
Once your PTR record is created, you can use a service like MXtoolbox – to perform a Reverse lookup test. Simply enter the external IP address of your mail server and if it matches the SMTP banner address, you’ve set it up correctly!
If you are unsure of how to setup these records or need assistance implementing a SPAM solution that can prevent email spoofing, please contact us.
By Steven Stein, Director, Client Services