0

We have a self-hosted mail server at our business's single, static IP address (mail.companyA.com). Our website is hosted by another company at a different IP address (companyA.com). Our emails use the @companyA.com domain.

Sometimes we send emails to certain clients that get through fine, and sometimes we get bouncebacks from the same client indicating we are blocked. Short-story: I am concerned that a reverse DNS lookup done by some companies with stricter requirements on emails is getting us in trouble depending on the rDNS lookup result that appears first.

MXToolbox reports that a rDNS lookup on our static IP address (from which we sent our emails) has two PTR records: One to mail.companyA.com and the other to companyA.com

Should I request our ISP to remove the PTR record to companyA.com, leaving only mail.companyA.com - or will this create problems?

Brian
  • 3
  • 1

1 Answers1

1

The issue here is usually related to Forward Confirmed reverse DNS (FCrDNS) checks, which are used as proof-of-work tests by some mail servers.

A receiving server may perform a check using the sending server IP address PTR record and confirm that an A record exists that matches the PTR record. Some mail servers even go further and verify a 200 response.

If your mail server is located at mail.example.com, then the PTR for the IP address of the server should be mail.example.com.

Note that an IP address can have only one PTR record.

A more technical explanation that includes other reasons to configure FCrDNS are included in RFC 1912.

Paul
  • 2,755
  • 6
  • 24
  • 35
  • 1
    The host name provided by PTR should also match the MTA's HELO name. IP->PTR->A->IP *MUST* match. – Zac67 Jan 07 '22 at 16:50
  • The fourth paragraph is wrong. An IP address *can* have more than one PTR record. It is not recommended, but it is not forbidden either. In other words, it will technically work, although the result will probably not be useful. – Tilman Schmidt Jan 07 '22 at 17:42
  • @TilmanSchmidt I wasn't intending to suggest it to be programmatically impossible. – Paul Jan 07 '22 at 17:59
  • Well, you wrote "can have only" which in English typically indicates (im-)possibility. – Tilman Schmidt Jan 07 '22 at 18:04
  • To pass an FCrDNS check, there can be only one PTR record. I think you are abstracting the sentence from the rest of the post. – Paul Jan 07 '22 at 18:10
  • 1
    Thank you all - I think the problem is well illustrated, then, by the PTR discussion. In fact, our static IP has 2 PTR records, one which is correct (mail.example.com) and the other which points to our website hosted at a different location and should be removed (example.com). I have started a conversation with our ISP to request this change (and that has its own communication difficulties where they think everything is fine). I am confident this will lead to the resolution of our intermittent problem, once it is updated. – Brian Jan 12 '22 at 17:14