Friday, February 28, 2014, 14:01
Solution ID: 00000267
I would like to know an explanation on the following score PerfectMail added to an incoming email: "+8 Relay Host: No DNS PTR record". Is this an internal problem from our system or is it from the sender system? We seem to have issues with this score when receiving emails from other locations.
This problem does not lie with PerfectMail, the problem lies with the sending mail server and its DNS configuration.
The correct solution to this problem is for the sending mail server's administrator to create a DNS PTR record to return the mail server's FQDN.
The quick fix solution to the problem (within PerfectMail) is to add the sending mail server's IP address to the No Server Check list. Navigation: Filters > Sender > No Server Check.
Domain Name Services (DNS) are the phone book of the Internet. DNS is responsible for performing many types of look ups... Two key look up types are
Address Lookups - Taking a fully qualified domain name (e.g.: mailserver.mydomain.com) and returning a static IP address (e.g.: 22.214.171.124)
DNS Name -> Address lookups are handled using DNS Address (also known as 'A') records
Reverse Lookups - Taking an IP address (e.g.: 126.96.36.199) and returning a fully qualified host name (e.g.: mailserver.mydomain.com)
DNS Address -> Name lookups are handled by DNS Pointer (also known as 'PTR') records
You can view the DNS records for PerfectMail.com here - http://who.is/dns/perfectmail.com
You can easily view your own DNS records. Simply copy/paste this link into a web browser and add your domain name to the end: http://who.is/dns/<yourDomain>
A Relay Host is any machine that either originates an e-mail transaction, or acts as a Relay for other mail servers to forward e-mail to a target mail server
PerfectMail looks at the DNS configuration of sending e-mail servers to determine if the sending server is a spam engine or a legitimate e-mail server. To understand how PerfectMail assesses a mail server's DNS records, we need to look at the Best Practice for creating and managing DNS records for Mail Servers.
Properly configured mail servers have a minimum of two DNS records...
Most mail server (or mail gateway servers) have an assigned static IP address. It is a Best Practice for all Internet facing servers to have both Address records and Pointer records.
The vast majority of spam engines on the Internet are computers infected with one or more spam viruses. These machines are typically Microsoft Windows PCs connected to a retail broadband Internet connection.
Retail broadband Internet providers use Dynamic Host Configuration Protocol (DHCP) to assign temporary IP addresses to their customers computers (or modems/firewall appliances). When DHCP assigns a temporary IP address to your computer/router/firewall, it updates the Internet Provider's DNS service with an Address (A) record for your computer. This might look something like r186-49-230-196.dialup.adsl.anteldata.net (taken from a spam sample) which would resolve to 188.8.131.52 (note the IP address is part of the fully qualified name). What retail broadband Internet providers do not do is create Pointer (PTR) or IP Address -> Fully Qualified name lookup DNS records for their non-business customers.
Fly-by-night operations, spammers, compromised PCs, etc. are not entities that are generally willing or able to get PTR records from their ISPs. This makes the presence or absence of DNS PTR records a good measure of the sending mail server's legitimacy.
When PerfectMail gets an inbound e-mail connection, PerfectMail performs a DNS Pointer (PTR) lookup on the IP address of the sending mail server. If the DNS Pointer (PTR) lookup fails, PerfectMail adds a score (+8 Relay Host: No DNS PTR record) to the message because the sending mail server does not follow DNS Best Practices.
Please note: this score is added because the sender's mail server has a DNS configuration problem. The issue does not lie with PerfectMail.
If you need to configure PerfectMail now to receive messages from a peer mail server with DNS PTR, RBL or SPF configuration problems...
E-mail messages from domains and IP addresses listed on the No Server Check list do not undergo any incoming mail server based DNS (both A and PTR), RBL or SPF checks. Valid peer mail servers that receive increased scores due to any DNS, RBL or SPF tests should be listed under No Server Check. This includes valid peers e-mail servers that:
The preferred approach to eliminating this score to add a valid DNS PTR record:
This is usually done by calling the Internet Provider's help desk or filing a trouble ticket with the Internet Provider to create the DNS PTR record
The following alternative solutions will eliminate PerfectMail scoring on known valid e-mail peers where DNS for those peers is not configured according to Best Practices.
This should be avoided if possible. The problem with this approach is that spammers can use any domain name they want in the messages From field. If spammers use your peer's Domain name (and you've white listed that domain). the spam will be delivered.
Tags: reverse, dns, ptr, record, domain, name, resolution, mail, server, configuration
Link to this article: kb/no_dns_ptr_record
Updated: Friday, February 28, 2014, 14:01
-- Larry Karnis