Solved

Reverse DNS causing gray listing of incoming emails

Posted on 2010-11-16
7
545 Views
Last Modified: 2012-05-10
I have a client that is not receiving emails from some of the bigger providers like yahoo and hotmail because their IP address is being perceived as a problem.  The problem stems from the fact that when you do an NSLOOKUP on their Exchange server's IP address, it doesn't point back to their mailserver.

If you NSLOOKUP mail.domainname.com it resolves correctly to their IP address, say 99.99.99.99 as an example.

However, if you NSLOOKUP 99.99.99.99 it does NOT resolve back to mail.domainname.com.  It goes to adsl-99-70-47-155.dsl.ipltin.sbcglobal.net.

The emails is obviously hosted internally on an Exchange Server 2003.  The ISP is AT&T who claims that they can't help because we don't use their email services.  Network Solutions claims they don't provide Reverse DNS help, either.

To whom should I be asking for a solution?  AT&T, Network Solutions, or is this something I should configure on my own Exchagne server?  Until I can get 99.99.99.99 to point back to mail.domainname.com, bigger email tubes are going to continue to bounce emails that try to reach my exchange server.

0
Comment
Question by:IndyNCC
  • 3
  • 3
7 Comments
 
LVL 9

Accepted Solution

by:
losip earned 500 total points
ID: 34150710
It is the owners of the subnet who are the only people who can make the reverse DNS match the host name.  This is normally the ISP - ATT.  However, this particular address is part of a static 8 addresses issued to Marcus Law Firm LLP, i.e. 99.70.47.152/29 which seems to indicate to me that, if that is your client, then THEY own the address range and ATT should be able to set up a proper reverse DNS.  You could try contacting ipadmin@att.net and see if you can get any satisfaction.  The registrar, Network Solutions will not be able to help.

The other approach is to get on Hotmail and Yahoo's white list.  I have managed this with some organisations for the same reason but have never had cause to try either of those organizations. I suspect Yahoo will be uncooperative but you need to try to get on the same list that they already have most of the world's ISPs on.
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34151936
Once you have a rDNS record, you shouldn't be further concerned about lookups.  As losip explained, the owner of the subnet (ATT) should be able to provide you the reverse record for your MX record.  Any host that provides DNS services will not argue when you ask them for a reverse entry.  It's common sense that if you have an MX record, you will be asking for an rDNS record.
0
 
LVL 9

Expert Comment

by:losip
ID: 34153082
The trouble is that the MX record will be on DNS servers for the domain name which are not necessarily owned or controlled by the ISP but are more likely controlled by you.

The reverse DNS record is (nearly) always on the DNS servers operated by the ISP because it is they that own the subnet.  Delegation of the subnet 99.70.47.152/29 can only be done with the goodwill of the ISP and their processes often make this difficult.

The differing administration of the domain MX record and the reverse DNS record often means it takes some effort to get this organised.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:IndyNCC
ID: 34155832
Thank you.  I will contact AT&T today to see what I can get done.  I will report back.
0
 

Author Comment

by:IndyNCC
ID: 34158582
I was directed, by AT&T to a DNS request form at http://attis-dns.sbcglobal.net.  However, I wasn't given much instruction by the tech I was talking to so I hope I filled it out correctly.  i didn't know whether I was supposed to call it a Reverse DNS or a Reverse Delegation so I went with the Reverse DNS and filled out the form accordingly.  I suppose I now have to wait 72 hours to see if it propogates?

Thanks.
0
 
LVL 9

Expert Comment

by:losip
ID: 34158677
I'm glad you're making progress.  As I understand it (http://www.ripe.net/rs/reverse/), Reverse DNS is where AT&T put the required entry on their DNS servers and Reverse DNS Delegation is where they pass it over to you to create and maintain the rDNS entry.  If this is right, then Reverse DNS should do you fine.
0
 

Author Comment

by:IndyNCC
ID: 34161048
The form worked and my nslookup now resolves both forward and reverse.

Thanks for your help!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now