Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 778
  • Last Modified:

Does the reverse DNS lookup (PTR record) rely on the domain name is strictly the IP?

We are looking to at the possibility of sending out small email blasts inviting recipients, who have already opted into our customers email lists, to view pURLs (personalized URLs) generated by my system.  We are going to be sending them out via an SMTP connection to my Exchange 2003 box from an application called XMPie.  

For obvious reasons, I am concerned about my system being blacklisted for spam and am hoping someone can help me get to the bottom of a small debate.  Do the DNS reverse lookups (PTR records) point back to my Exchange IP thereby putting my system at risk?  Or, would I be able to temporarily redirect our customers domain name to my network (DNS) and have the to their domain name?

I would appreciate other opinions but documentation I can present to the powers that be would be even better.

Thanks!
0
nhawkinsVA
Asked:
nhawkinsVA
2 Solutions
 
Ugo MenaCommented:
You should look into Sender Policy Framework (SPF) records. The SPF records are published DNS text records describing a list of ip addresses allowed to send emails from a specific domain.
From your description, your customer's SPF record would need to include the server that you are sending the blasts from. The SPF records are checked in a similar way to those of DNSBL (DNS-based blackhole list), except that SPF leverages the authority delegation scheme of the real Domain Name System.
openspf.org is a great resource for all things SPF.
0
 
Chris DentPowerShell DeveloperCommented:
You can do whatever you want with the To address, the recipient address should not play a part in any checks. I guess you mean the From address?

The Reverse DNS check is not bound to the mail domain (it does not need to match or exist under the From domain). Your server needs to have a name (and an A record), and the PTR record needs to resolve back to that name. The server, Exchange at least, can only use one name, so use of your customers domains is moot for this part.

A typical record set would look like this:

Your DNS zone:

mail-out.yourdomain.com.    IN A    1.2.3.4

Your ISPs / Connection providers DNS zone:

4.3.2.1.in-addr.arpa.    IN PTR    mail-out.yourdomain.com.

Any normal system would be quite happy with your server sending out a mail as me@mydomain.com, the names above need to be present, but they do not have to match either the sender or recipient domain.

That holds until you get to the From part. Ultralites rightly raises that issue. If you're sending using a From address that belongs to your customer you'd better make sure they've given your server permission if they implement SPF at all.

That won't necessarily keep you off blacklists, it's impossible to guarantee such a thing. All you can do is make an effort not to appear to be spamming then monitor the blacklists thereafter.

Chris
0
 
nhawkinsVAAuthor Commented:
Thanks!
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now