PTR Issue

We are have a problem with RDNS PTR for the following. We have a server in the DMZ on a firewall appliance that serves as both a web server and an email server. When a client on the LAN sends an email using SMTP port 25, the PTR resolves to the primary WAN address and fails. PTR passes when using the email client but we do have need to send direct also. Any suggestions on how to resolve this problem? Here are the hypotheticals:
Server (in DMZ translated): (cannot be same ip as WAN)
A Records: A
A Records: A
MX record:
TXT record: @ (None)  v=spf1 a mx ptr -all
TXT record:  v=spf1 a ptr ?all
Who is Participating?
You will need to contact your ISP to get a PTR record setup for that points to

The ip4: mechanism is not restricted to private IP ranges, and rarely, if ever, is used with those private ranges.  SPF tells the receiving server which IP's are allowed to send mail for that domain.  Your SPF record contents only need to be the IP's of your sending server(s), and ~all or -all.

If the envelope-from address of your mails is, then you need an SPF record for like I explained in my first answer.  You only need an SPF record for is you send mails with a from address of
I don't see any PTR records listed.  Do you mean the forward lookup (A record) is showing at and not  What are you running for your DNS server?

On a related note, your SPF records need some work.

TXT record: @ (None)  v=spf1 a mx ptr -all
For, best practice is to format it like "v=spf1 ip4: -all", but preferably ~all + DKIM signing.

TXT record:  v=spf1 a ptr ?all
An SPF record for is only necessary if you send mail from  Aside from that, "?all" means that any IP is allowed to send mail from, and should not be used.

bellelectAuthor Commented:
No place to list PTR records on Network Solutions that is why we referneced it in the SPF. The forward A recond for is as it points to the server in the DMZ. We do not run our own DNS server.
We cannot format an ip4: as my understanding is that is for a network ip or range such as 192.x.x.x or 10.x.x.x. The hypothetical ip's i have used are static ip's provided by our service provider.
We do send mail from as it is our primary mail server.
PTR records are something to be set on your service provider and not on your registrar ( Network solutions )side.

Thank you
"v=spf1 ip4: -all"

Open in new window

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.