Need help setting up DNS for my SMTP Server


I'd had my website sending out emails through a gmail account, but then I ran into my ceiling cap, and messages were no longer able to be delivered.

My website lives on a Windows 2003 box (IIS6) and sends out email via the IIS smtp service, and I had the smtp service configured to channel all of that email through gmail, so when I ran into this problem, I found that I could get a UCC SSL certificate, put that on my server, and then just deliver email directly.

I did set it up, and it works, but I think I'm still getting a certain number of messages that are not being delivered, and I need to improve that as much as possible.

I've read a bit about SPF DNS records, and I also have a question about MX records: given as how this mail server handles outgoing emails only, do I need to have an MX record?

Please let me know what I need to do ensure that the DNS is setup as correctly as possible. The FQDN of the server is

Thanks in advance for your help!

Who is Participating?
Patrick BogersConnect With a Mentor Datacenter platform engineer LindowsCommented:
Hi Jon,

MX records are ment to point to exchange servers, since you are using SMTP servers only you do not need them.

You should setup a PTR record as most exchange servers use it to verify the sender. This will avoid you being blacklisted. See?! this explains why not all is being delivered i think.
oops - obfuscated
Nothing else is needed imho.
CoastalDataAuthor Commented:
So my server is already blacklisted? Will setting up the PTR records fix that? What is the proper settings that I need to put in?

BTW, the server sending out these emails never sends any mail other then requested transactional messages: Thanks for register, please activate, payment receipts, forgot passwords, etc. There is no instance of unsolicited messages at all, so apparently the blacklisting system is completely whacked.

CoastalDataAuthor Commented:
Okay, so I checked my DNS settings, and I only have the option of creating an A, a CNAME, or a TXT record, so how do I go about creating a PTR record?

My smtp server is in-house, but my DNS server is co-located at hostgator; does this mean that I need to run a dns server on my DNS server, or at least hosted on my private subnet?
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

CoastalDataAuthor Commented:
Okay, hostgator said I had to go to my ISP's dns, which is Hargray; I've contacted them and they're working on it, and will call me back later.
Patrick BogersDatacenter platform engineer LindowsCommented:

Sorry for not answering more sooner.
You were flagged because some of the recieving email servers (from your customers) check vality by requesting the PTR record which every grown-up provider should have configurable.

TXT is more for preventing spammers to send mail in your 'name'

Hope Hargray will fix your issue, if not i hope hostgator has a SMTP service you can use.

Keep us posted.

BTW: once the PTR record is in place we can scan the blacklist again and if still flagged request for removal.
CoastalDataAuthor Commented:
Okay, Hargray's still working on it, they called to verify my information, but no response yet on resolution.

Once that is resolved, I see from spamhaus that once I get the PTR setup, I'll need to remove my ip from the PBL list, as per this link:«public ip here»

My HG account is a shared server, so I think it'd be better for me to get this working, than to ride off of their smtp server, wouldn't you agree?
Patrick BogersDatacenter platform engineer LindowsCommented:
Offcourse! i hope they fix it for you and that link was a good find!
CoastalDataAuthor Commented:
Okay, cool, Hargray just called and said it's done, but of course DNS changes can take up to 24 hours to propagate.

I did refer back to that you'd used, above, and one of the "errors" that they list is that my main website, does not have an SSL cert... I don't have one on that site because payments are only made through the subdomain, where the smtp server lives.

Would it help this issue to also have a cert over there? Even though I don't otherwise need it, I'd put one on it if it would help the credibility of my smtp services...

Patrick BogersDatacenter platform engineer LindowsCommented:
Many thought, there is no sensitive data transferred on that site so there is no need for SSL.
SMTP does not rely on SSL (SMTPS does but it is another story) so also here no need. It is not likely there is a man in the middle between your SMTP server and the target mailserver.

Keep it as it is and when the PTR is replicated, free yourself from the Spamhaus listings and i am pretty sure the problem should be solved.

One tip i can give you, avoid sentences in your automated mails which hackers also use a lot, this could harm your status. So words like “Once in a lifetime opportunity!” and "click on this link" is a trigger. Vialis/Viagra etc etc you know what i mean. Also be carefull with extra exclamation points!!!!!!! avoid spamfilters is educational.
CoastalDataAuthor Commented:
I think I'm clean! No longer listed in the PBL, and no blacklist entries! Thanks for your help!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.