People are telling me different things when I ask them about how Reverse DNS lookup check is performed! – Can anyone confirm? - 4 quick YES / NO questions.

All Replies

• Thursday, June 14, 2012 6:11 PM

   

   
  

  0
  On Thu, 14 Jun 2012 12:15:21 +0000, Martin Christensen wrote:

   

  >

  >

  >Hi everyone!

  >

  >I have read a lot about how mailsystems uses reverse DNS lookups as part of fighting SPAM.

  >

  >Unfortunately I’m confused, and when searching the Internet people is disagreeing on how it works. - Some tells me that the process is querying the MX record, some tells me it’s the sending-mail address and some tells me it's the SMTP banner which is being queried.

  >

  >

  >

  >So to be clear:

  >

  >Which parameters is the target server looking for when performing Reverse DNS lookups on an incoming connection? (And what is it expecting to be returned from the PRT record?) Lets say I’m sending an email from IP 60.70.80.90 Send Connector EHLO-banner mail.domain.com MAIL FROM: user@d.com

  >

  >

  >

  >1: Is it correct that RDNS only performs lookup on the IP of the sending server, and that is not looking on MX-records, EHLO or mail-from domain?

   

  RDNS uses *an* IP address. It may not be the IP address of the server

  that's sending the e-mail to your server (think about how SMTP relay

  works and you'll understand why you wouldn't want to do a RDN on your

  upstream relay). That IP address is used in a DNS query for a matching

  PTR record.

   

  Any other type of validation would have to be *forward* lookup (i.e.

  to get the IP address associated with a name). FWIW, a forward lookup

  is a lot more reliable than a reverse lookup.

   

  >2: Is it correct that the PRT value returned when looking at 60.70.80.90 should match mail.domain.com (from the smtp-ehlo banner)

   

  That's be PTR record, not PRT. :-)

   

  The only thing that's useful in general usage is that the IP address

  should be found in a PTR record. Some sites may insist that the name

  returned from the RDNS match the name in the HELO\EHLO, but that's

  risking the rejection of lots of legitimate e-mail.

   

  >3: It is ok if the PRT returns host90.domain.com or should it match the SMTP-banner 100%?

   

  If you can manage to have the PTR and HELO\EHLO names match that'd be

  great. It isn't, however, an absolute requirement.

   

  >4: Will the d.com domain be queried in this process, or is it first with a SPF check where the server is looking for an txt-record on the d.com domain, which should allow the 60.70.80.90 address as a sending-server for the @d.com domain

   

  SPF can be used to verify the name found in the HELO\EHLO, and in the

  domain portion of the MAIL FROM address. That isn't a RDNS lookup,

  though.

   

  ---

  Rich Matheisen

  MCSE+I, Exchange MVP

   

  ---

  --- Rich Matheisen MCSE+I, Exchange MVP

  • Marked As Answer by Martin Christensen Tuesday, June 19, 2012 1:37 PM
  •  
  • Reply
  • Quote

   
• Saturday, June 16, 2012 2:47 PM

   

   
  

  1

  Read this article. Its basically PTR records. If you want to know more, RTFM.

  http://www.unlocktheinbox.com/resources/ptrrecords/

  • Reply
  • Quote

   
• Tuesday, June 19, 2012 1:37 PM

   

   
  

  0

  Hi Rich!
  Thanks alot for the very detailed answer! :-)

  And justinfection - thank's for the link about PTR :)

  • Reply
  • Quote