Mail Server Reverse DNS Checking

Some mail servers are configured to make sure reverse DNS is properly set up for the server that is attempting to give them mail and they may reject the mail if reverse DNS is not properly set up (RFC1912 2.1). This is used as an attempt to cut down on spam as it is believed that spammers use machines that are not intended to be mail servers and many times those machines do not have proper reverse DNS set up.

Here is how reverse DNS is checked by mail servers.

  1. Destination mail server receives commnuication request from foreign machine. At this point only the IP address of the foreign machine is known.
  2. Destination mail server requests the PTR record for the IP address of the connecting machine.
  3. The domain name system returns the hostname associated with the IP address (as listed in the DNS PTR record). If this request fails (i.e. there is no PTR record), the mail may be rejected.
  4. The destination mail server then requests the A record for the hostname it just received.
  5. The domain name system returns the IP address associated with the hostname (as listed in the DNS A record). If this request fails (i.e. there is no A record), the mail may be rejected.
  6. If the IP address from step 5 matches the IP address from step 1, then reverse DNS is properly configured for the IP address in question and mail delivery continues. If the two IP addresses do not match, the mail may be rejected.

Note that some mail servers stop checking after step 3. If they receive a successful response to the PTR record request (i.e. DNS returns a hostname), they may accept the mail.