How to fix emails being blocked by anti-spam devices on certain domains.
The reason that these anti-spam devices are blocking you may be because your Pointer (PTR) and Address(A) records do not match.
Outgoing email rejection related to DNS problems is more common today than ever before. There are many things that “can” cause problems but one of the most common issues is when the PTR and A records do not match. You may even find that you do not have a PTR record configured for your server.
Definitions: “A” Record – (Address record) associates a domain name with an IP address. Associating domain names with IP addresses is the primary purpose of DNS.
“PTR” Record – (Pointer record) provides data for reverse DNS. Reverse DNS is used for logging the domain name and verification. The PTR record maps the IP address to the hostname. It is found in the “in.addr-arpa” infrastructure domain.
According to RFC1912 (http://www.ietf.org/rfc/rfc1912.txt), your PTR and A records should match. Failure to have matching PTR and A records can actually cause a loss of Internet services similar to not being registered in the DNS at all.
PTR records must point back to a valid A record, not an alias defined by a CNAME. This means that the domain returned by the PTR record should resolve to the same IP address as the server’s A record.
A growing number of ISPs and other service providers are taking things a step further by refusing to accept any email from hosts that have mismatched PTR and A records.
Verify that you do have a PTR record:
A useful tool for determining if you have a PTR record is the “host” tool. Found on most Unix/Linux operating systems, you can quickly and easily verify if your mail server’s public IP address has a PTR record by using the “host” command.
On a command line, type the “host” command followed by the public IP address of the mail server. For this example, the IP address of the mail.bynari.net mail server will be used.
#host 206.123.88.97 97.88.123.206.in-addr.arpa domain name pointer mail.bynari.net. Note: The IP address is now “reversed” and associated with mail.bynari.net.
If no PTR record is found, i.e. you do not have a PTR record, the results look similar to the following:
Host 97.88.123.206.in-addr.arpa not found: 3(NXDOMAIN)
The next step is to verify that the PTR record and the A records match.
Using the Linux “dig” tool is a quick way to verify a domain’s A record and PTR record.
To use the “dig” tool, open a command line on a Linux system and type the following command: Note: This is using the domain “mail.bynari.net” as an example.
(A record test) # dig mail.bynari.net +short (“+short” suppresses the additional information returned by the “dig” tool) 206.123.88.97 Note: The A record dig test results show that 206.123.88.97 is the IP address for the domain mail.bynari.net.
(PTR record test) # dig -x 206.123.88.97 +short mail.bynari.net
Note: The PTR record dig test results show that 206.123.88.97 resolves to mail.bynari.net.
This test is verification enough to show that the PTR and A records do match.
What if the PTR and A records do not pass the “dig” test? If you host your own DNS servers, the best resource for DNS configuration is RFC1912 - http://www.ietf.org/rfc/rfc1912.txt. If your DNS is provided through an ISP or other service provider, contact them about making sure that the PTR and A records match for your domain.
