2

Hopefully this is not a stupid question, but I cannot find a clear cut answer. Can someone please inform me exactly what 'source address' is used in Reverse DNS? Does rDNS pull the IP address from the Received: portion of the header, or does it use the Sender: or From: address to get the domain? I understand the purpose of rDNS and why we use it, but I want to be able to send email using an email service and have the From and Sender indicating otherwise. Will this affect the delivery of my emails?

Thanks in advance.

burmat
  • 195
  • 1
  • 7

2 Answers2

3

Does rDNS pull the IP address from the Received: portion of the header

Depends on exactly what you are looking at. A mail server, or some anti-spam system. Most often the IP address used has nothing to do with anything in the message headers or body, and instead is the source address of the mail server/client that has connected and is attempting to deliver the message.

I want to be able to send email using an email service and have the From and Sender indicating otherwise. Will this affect the delivery of my emails?

Possibly, but not often. What matters more is your SPF record. If you have a SPF record, you must explicitly permit the all systems that will be sending messages for a given domain.

The reverse DNS address of the sending MTA doesn't usually have to match the envelop from address. AFAIK, there are very few SPAM systems that take this into account, and none that would block the messages solely because of something like this.

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • I have successfully configured my SPF record and I have tested that everything checks out fine. I was just curious about whether or not the same source IP address is used in the rDNS process. Thanks for answering my question – burmat Nov 07 '12 at 19:27
  • 2
    Generally when a your mail server receives a message it will add a Received By header. The header added by **your mail** server can usually be trusted to be valid. The rest could have been forged. You can also look at your mail server logs. This will often include the source address of the machine that is connecting. – Zoredache Nov 07 '12 at 19:27
0

The whole enchilada, huh?

OK, first reverse DNS (for ipV4) goes something like this. Ya start with an ip address, say 1.2.3.4. You want to find out what A records (hosts) are associated with this ip address. The DNS guys are totally Clever Dudes, so they made the the lookups for IP addresses work pretty much the same as for regular domains. In order to do this, they have to make them go from more specific on the left, to more specific on the right.

With a forward host name:

www3.north.sales.example.com

The broadest is on the far right (.com) and the left (www3.) most likely specifies a single host - very specific. IP addresses are opposite

1.2.3.4

4 is the most specific part, indicating a single host. To fix this, the reverse lookup is done by checking

4.3.2.1.in-addr.arpa

Or the reversed, dotted quad notation plus in-addr.arpa whacked on to the end. Something critical to note here, is that with a reverse DNS lookup for 1.2.3.4 is completely independent of the forward lookup for that host name. That is why the reverse lookup is important for mail servers, ssl servers etc.

For a mail server, when an SMTP transaction is negotiated, the sender gives a HELO (or EHLO) command with the host name. Since this is all done over a TCP connection, you also get the sending mail servers IP address. If everything is on the up-and-up, the reverse DNS of the IP address should resolve to whatever the HELO specified. Of course as stated above by @Zordeache, the only header you can trust at all is the one issued by your server. Within this header, the sending hostname from the HELO (forgeable) is usually shown in the mail header along with the IP address from the TCP connection (not easily forgeable).

For email, all a spammer has to do is make sure their reverse and forward lookups for their scummy spam spewing barf box match, which is not hard. Fortunately though, many spammers are careless with their setups, and being strict about this check stops a lot of it.

jpgeek
  • 271
  • 1
  • 3