Understanding reverse DNS and smart hosts

Posted on 2008-11-18
Last Modified: 2012-05-05
When you do not use a smart host a recieving mail server may do a reverse DNS check.
My understanding is that it uses the source IP of the email (In our case the primary IP of our ISA firewalls external interface) and checks the DNS PTR record to see if brings up a DNS MX record that matches the domain of the email. Now my question is when you send mail via a smart host either at your ISP or elsewhere like AuthSMTP what happens to reverse DNS checks. The way I see it is that the reverse DNS check will take the source IP address which will be the smart host address and not be able to associate it with an MX record of the emails domain.  Can anyone let me know if I'm missing something.
Question by:Boris2009
    LVL 9

    Expert Comment

    not if the hosting company is doing it correctly.
    the source ip is the address of thier smart host.
    they put in an A record for this so that it points to the correct name.
    reverse lookups work perfectly.

    Author Comment

    Hi thanks for the quick reply.
    So if you send an email from your exchange via a smart host (E.g. when a reverse DNS check is done on the emails source address (The ip address of the smart host server) wont the check fail and the email marked as spam since the MX record of the smart host isnt a MX record for the
    I might be still missing a piece of the puzzle I'm sorry
    LVL 9

    Accepted Solution

    no reverse dns is not about the mx record.  it is about the A record.
    the smart host has a ptr record for its address / name.
    it works fine.  Assuming the hosting org actually does their job.

    Author Comment

    I think I get it now.    Thanks
    It seems the reverse DNS process isn't as comprehensive as once thought it doesn't insist on A records for the emails domain just that the sending server is trustworthy i.e the smart host /smtp relay

    This post helped me as well

    AOL are simply looking at the server that is delivering the message (Smart Host). If the server says it is and the reverse DNS confirms that the IP address is and it is not on the blacklists, then it will usually be allowed to deliver.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
    Operating system developers such as Microsoft ( and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now