PerfectMail™ Antispam/Antivirus is a simple, accurate, and easy to use solution! FOLLOW US :
Toll Free: +1 888-451-3131
+1 905-451-9488

Friday, February 28, 2014, 14:01

Test Score: No DNS PTR record

Category: General

Solution ID: 00000267

Summary:

I would like to know an explanation on the following score PerfectMail added to an incoming email: "+8 Relay Host: No DNS PTR record". Is this an internal problem from our system or is it from the sender system? We seem to have issues with this score when receiving emails from other locations.

Answer:

This problem does not lie with PerfectMail, the problem lies with the sending mail server and its DNS configuration.

The correct solution to this problem is for the sending mail server's administrator to create a DNS PTR record to return the mail server's FQDN.

The quick fix solution to the problem (within PerfectMail) is to add the sending mail server's IP address to the No Server Check list. Navigation: Filters > Sender > No Server Check.

Explanation

Domain Name Services (DNS) are the phone book of the Internet. DNS is responsible for performing many types of look ups... Two key look up types are

Address Lookups - Taking a fully qualified domain name (e.g.: mailserver.mydomain.com) and returning a static IP address (e.g.: 1.2.3.4)
DNS Name -> Address lookups are handled using DNS Address (also known as 'A') records

Reverse Lookups - Taking an IP address (e.g.: 1.2.3.4) and returning a fully qualified host name (e.g.: mailserver.mydomain.com)
DNS Address -> Name lookups are handled by DNS Pointer (also known as 'PTR') records

You can view the DNS records for PerfectMail.com here - http://who.is/dns/perfectmail.com

You can easily view your own DNS records. Simply copy/paste this link into a web browser and add your domain name to the end: http://who.is/dns/<yourDomain>

A Relay Host is any machine that either originates an e-mail transaction, or acts as a Relay for other mail servers to forward e-mail to a target mail server

DNS Best Practice

PerfectMail looks at the DNS configuration of sending e-mail servers to determine if the sending server is a spam engine or a legitimate e-mail server. To understand how PerfectMail assesses a mail server's DNS records, we need to look at the Best Practice for creating and managing DNS records for Mail Servers.

DNS For Well Configured Mail Servers

Properly configured mail servers have a minimum of two DNS records...

  1. An Address (A) record that takes the mail server's fully qualified name to an IP address, and
  2. A Pointer (PTR) record that takes that IP address and returns the same mail server fully qualified name.

Most mail server (or mail gateway servers) have an assigned static IP address. It is a Best Practice for all Internet facing servers to have both Address records and Pointer records.

Spam Engine DNS Records

The vast majority of spam engines on the Internet are computers infected with one or more spam viruses. These machines are typically Microsoft Windows PCs connected to a retail broadband Internet connection.

Retail broadband Internet providers use Dynamic Host Configuration Protocol (DHCP) to assign temporary IP addresses to their customers computers (or modems/firewall appliances). When DHCP assigns a temporary IP address to your computer/router/firewall, it updates the Internet Provider's DNS service with an Address (A) record for your computer. This might look something like r186-49-230-196.dialup.adsl.anteldata.net (taken from a spam sample) which would resolve to 186.49.230.196 (note the IP address is part of the fully qualified name). What retail broadband Internet providers do not do is create Pointer (PTR) or IP Address -> Fully Qualified name lookup DNS records for their non-business customers.

Fly-by-night operations, spammers, compromised PCs, etc. are not entities that are generally willing or able to get PTR records from their ISPs. This makes the presence or absence of DNS PTR records a good measure of the sending mail server's legitimacy.

PerfectMail Test For Mail Server DNS

When PerfectMail gets an inbound e-mail connection, PerfectMail performs a DNS Pointer (PTR) lookup on the IP address of the sending mail server. If the DNS Pointer (PTR) lookup fails, PerfectMail adds a score (+8 Relay Host: No DNS PTR record) to the message because the sending mail server does not follow DNS Best Practices.

Please note: this score is added because the sender's mail server has a DNS configuration problem. The issue does not lie with PerfectMail.

Quick Fix Solution

If you need to configure PerfectMail now to receive messages from a peer mail server with DNS PTR, RBL or SPF configuration problems...

  1. Log in to your PerfectMail Administrator's portal (web site)
  2. Add the sending mail server's IP address to the No Server Check list. Navigation: Filters > Sender > No Server Check.

E-mail messages from domains and IP addresses listed on the No Server Check list do not undergo any incoming mail server based DNS (both A and PTR), RBL or SPF checks. Valid peer mail servers that receive increased scores due to any DNS, RBL or SPF tests should be listed under No Server Check. This includes valid peers e-mail servers that:

Preferred Solution

The preferred approach to eliminating this score to add a valid DNS PTR record:

  1. Contact the mail administrator of the sending organization and tell them what is going on with their mail server. Tell them that adding a score for a missing PTR records is a common strategy used by all anti-spam systems.
  2. Suggest they contact their Internet Provider (who delegates static IP addresses to their customers). 
  3. Have them request their provider create a DNS PTR record to map the IP address of the mail server to the FQDN of the mail server

This is usually done by calling the Internet Provider's help desk or filing a trouble ticket with the Internet Provider to create the DNS PTR record

Alternative Solutions

The following alternative solutions will eliminate PerfectMail scoring on known valid e-mail peers where DNS for those peers is not configured according to Best Practices.

Solution 1 - Add the Sending Mail Server's FQDN to the White List

  1. Log in to your PerfectMail Administrator's portal (web site)
  2. White list the sending mail server's FQDN. Navigation: Filters > Sender > White List. Add the Sending Mail Server's FQDN to the Whitel List. This will allow all inbound e-mail from the mail server.

Solution 2 - Add the Sender's Domain to the White List

  1. Log in to your PerfectMail Administrator's portal (web site)
  2. White list the sender's Domain. Navigation: Filters > Sender > White List. Add the Sender's Domain to the Whitel List. This will allow all inbound e-mail from any mail server where the sender's e-mail address uses the same domain name.

This should be avoided if possible. The problem with this approach is that spammers can use any domain name they want in the messages From field. If spammers use your peer's Domain name (and you've white listed that domain). the spam will be delivered.


Tags: reverse, dns, ptr, record, domain, name, resolution, mail, server, configuration

See Also:

Link to this article: http://perfectmail.com/kb/no_dns_ptr_record

Updated: Friday, February 28, 2014, 14:01

-- Larry Karnis

Comments

No comments yet.




(optional)

Last modified: 2014-02-28, 14:06

© 1999-2013 PerfectMail