Solved

spf record and rDNS not exists

Posted on 2014-12-10
19
259 Views
Last Modified: 2014-12-12
Hi,
My site is
lapaz.com.tr
and is hosted at hostgator.com

When I check it with http://mxtoolbox.com/
I see that it does not have SPF records and  also it founds SMTP Reverse DNS Mismatch

How serious are these problems for the emails I send from info@lapaz.com.tr
How can I fix?
Thank you
0
Comment
Question by:myyis
  • 8
  • 7
  • 3
  • +1
19 Comments
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
The SPF record is not mandatory and no one will insist you have one for mail delivery. That's more about protecting your own domain from abuse really. I do advise you create such a record if you can, anything to reduce spam is a good thing, but people should not refuse mail from you for failing to have one.

The Reverse DNS record is critical for servers sending mail. A significant number of remote mail servers will simply refuse to talk to you (accept mail) if that's not in place.

Be a little careful with the online tools to check this. If you happen to use different sending and receiving servers the tests are invalid, they have no means of determining your configuration so they make assumptions. Typically the assumption is that whatever you have in your MX record also sends mail out.

Chris
0
 
LVL 27

Assisted Solution

by:Steve
Steve earned 150 total points
Comment Utility
The SPF & rDNS are not requirements and your mail system will work without them, but you will find it hard to get past some junk filtering systems without at least the rDNS. Adding a valid SPF definitely improves your chances of through but isn't a requirement.

From the wording of your question, would I be right in assuming you have a hosted website that also sends out mail?
If this is the case, adding an SPF may be possible as that's just a record added to your public DNS, but rDNS is not gonna happen.
rDNS is a link to the internet line/IP used to send the mail. if the IP belongs to the hosting company it's unlikely they would add an rDNS record for you as it's probably shared between multiple companies.
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
With respect, I disagree that RDNS is not mandatory. All major mail providers (including gmail, hotmail, yahoo, etc) and I would expect al major anti-spam suppliers check for RDNS when an SMTP conversion begins. No RDNS, no more conversation, it runs a bit deeper than something being flagged as spam.

If the server cannot have an RDNS records (because of the nature of the connection) another mail service must be bought.

Chris
0
 

Author Comment

by:myyis
Comment Utility
My site is at shared hosting  and this is what I got from hostgator support.

"As the banner will not match due to the server uses the server hostname and not your domain. The warning should not cause issues."

What can I do?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
All that needs to happen for the DNS checks is for:

1. The name used by the server resolves to the IP it's connecting from (nslookup servername)
2. The IP its connecting using to resolve back to the name of the server (nslookup IPAddress)

If you don't pass those two very simple checks you'll find your SMTP server loses it's connection immediately after sending HELO / EHLO in a large number of cases.

None of those values have to be at all related to your e-mail domain, but they must be consistently set.

Chris
0
 

Author Comment

by:myyis
Comment Utility
Is this explanation of Hostgator is acceptable?

"As the banner will not match due to the server uses the server hostname and not your domain. "

If it is acceptable what can I do?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
It's incomplete, it doesn't really tell you very much.

What's the name of the server? Take that and run "nslookup fullname", then look at the IP address you get back from that and run "nslookup IPaddress". You might find it's already set-up reasonably well.

Chris
0
 

Author Comment

by:myyis
Comment Utility
my site is name lapaz.com.tr
1. How can I learn the name of  server
2. And how can I do this
 " run "nslookup fullname", then look at the IP address you get back from that and run "nslookup IPaddress"
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
You need 1 to do 2 :) The site name is not necessarily the server name. Can you check the server name with your host? Might be the easiest way.

Chris
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
Oh and 2 can be done from anywhere, including your own desktop / laptop / something with a console. You might struggle with a tablet, but that's about the only limitation.

Chris
0
 

Author Comment

by:myyis
Comment Utility
This is the mail sent from info@lapaz.con.tr
Does this tell the server name?

                                                                                                                                                                                                                                                 
Delivered-To:  XXXXXXX@gmail.com;
Received: by 10.170.212.3 with SMTP id d3csp68778ykf;
        Thu, 11 Dec 2014 08:35:56 -0800 (PST)
X-Received: by 10.182.49.231 with SMTP id x7mr7044293obn.48.1418315756068;
        Thu, 11 Dec 2014 08:35:56 -0800 (PST)
Return-Path: <info@lapaz.com.tr>
Received: from gateway12.websitewelcome.com ([69.93.157.3])
        by mx.google.com with ESMTPS id z191si1057518oia.137.2014.12.11.08.35.55
        for < XXXXXXX@gmail.com;>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Thu, 11 Dec 2014 08:35:55 -0800 (PST)
Received-SPF: none (google.com: info@lapaz.com.tr does not designate permitted sender hosts) client-ip=69.93.157.3;
Authentication-Results: mx.google.com;
       spf=none (google.com: info@lapaz.com.tr does not designate permitted sender hosts) smtp.mail=info@lapaz.com.tr
Received: by gateway12.websitewelcome.com (Postfix, from userid 5007)
      id 60C2D708CDC3; Thu, 11 Dec 2014 10:35:55 -0600 (CST)
Received: from gator4012.hostgator.com (gator4012.hostgator.com [192.185.4.23])
      by gateway12.websitewelcome.com (Postfix) with ESMTP id 52A3E708CD4E
      for < XXXXXXX@gmail.com;>; Thu, 11 Dec 2014 10:35:55 -0600 (CST)
Received: from [95.8.195.46] (port=61898 helo=erdem)
      by gator4012.hostgator.com with esmtpa (Exim 4.82)
      (envelope-from <info@lapaz.com.tr>)
      id 1Xz6iY-0006kW-Kv
      for XXXXXXX@gmail.com; Thu, 11 Dec 2014 10:35:55 -0600
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
Your server is quite a long way down the chain by the looks of it.

I imagine gator4012 is yours, but then it sends mail to gateway12 and because of this you no longer need to concern yourself with the RDNS record. gateway12 needs to care about all that, it's the one submitting to Google.

So all in all you look to be in good shape.

If you were to implement an SPF record you would have to check which servers hostgator use as relays. That should include gateway12 because it would need to be a permitted sender for your domain.

Chris
0
 

Author Comment

by:myyis
Comment Utility
I have added this record
v=spf1 a mx include:websitewelcome.com ~all

And the result is:
What you say?


Delivered-To: XXXXXXX@gmail.com
Received: by 10.170.212.3 with SMTP id d3csp75061ykf;
        Thu, 11 Dec 2014 09:16:50 -0800 (PST)
X-Received: by 10.202.213.88 with SMTP id m85mr6808328oig.39.1418318210332;
        Thu, 11 Dec 2014 09:16:50 -0800 (PST)
Return-Path: <info@lapaz.com.tr>
Received: from gateway03.websitewelcome.com ([69.93.31.27])
        by mx.google.com with ESMTPS id wd10si1191878obc.20.2014.12.11.09.16.49
        for <XXXXXXX@gmail.com>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Thu, 11 Dec 2014 09:16:49 -0800 (PST)
Received-SPF: pass (google.com: domain of info@lapaz.com.tr designates 69.93.31.27 as permitted sender) client-ip=69.93.31.27;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of info@lapaz.com.tr designates 69.93.31.27 as permitted sender) smtp.mail=info@lapaz.com.tr
Received: by gateway03.websitewelcome.com (Postfix, from userid 5007)
      id 6DFAE70A54646; Thu, 11 Dec 2014 11:16:49 -0600 (CST)
Received: from gator4012.hostgator.com (gator4012.hostgator.com [192.185.4.23])
      by gateway03.websitewelcome.com (Postfix) with ESMTP id 65ECE70A545EC
      for <XXXXXXX@gmail.com>; Thu, 11 Dec 2014 11:16:49 -0600 (CST)
Received: from [95.8.195.46] (port=62526 helo=erdem)
      by gator4012.hostgator.com with esmtpa (Exim 4.82)
      (envelope-from <info@lapaz.com.tr>)
      id 1Xz7M8-0002Fd-Ne
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 350 total points
Comment Utility
Perfect :)

That's all you need to do. The problem or RDNS is not yours, it's your hosts. The SPF record includes the system(s) who are handling your mail for you.

Chris
0
 
LVL 20

Expert Comment

by:Daniel McAllister
Comment Utility
Whoa - so much confusion...

To block SPAM, the receiving mail (SMTP) server wants to do some basic validation.

So the message header you provided says:
 - You used webmail to send your message.
 - You were at IP 95.8.195.46, and you were logged into the hostgator site on system gator4012 at IP 192.185.4.23.
 - The message says it is from info@lapaz.con.tr
 - The webmail server delivered it to your (shared) mail server (through which all of your mail should pass) at gateway12.websitewelcome.com at IP address 69.93.157.3.

OK, so here's where things get a little hinky... your DNS says that you should be sending messages for lapaz.com.tr through the host at IP 192.185.18.140 -- which says it is actually (shared name) mybasiccrm.com... But at no time did any of your mail pass through that host. Thus, you might get flagged as SPAM.

Here are a few pointers:
 1) No reason for your MX record to not show (or to obfuscate) where your mailserver really is. I don't know where the websitewelcome.com site came in (your config or hostgator's), but it doesn't appear to belong. I would ask HostGator where you're supposed to be sending your mail through (what mailserver of theirs is the right one to send your mail), and while you're at it, ask them about the appropriate SPF record.
 2) SPF is NOT just about avoiding SPAM in your own inbox -- it is also a way to help prevent others from using your email address (or your entire domain!) as a fake-source of SPAM (or phishing). SPF is an indicator in your DNS server that only specific hosts (systems) are supposed to be sending messages from you (or your users). Mail from other sites usually are then rejected (so that if someone sends out 1000000 emails from aol.com claiming to be from info@lapaz.com.tr, most won't ever be delivered).

There are plenty of alternatives, but these are the basics.

Ideally, you would identify your mail server by the same name it calls itself -- that is, your MX record in DNS would say mybasiccrm.com, instead of something like mail.lapaz.com.tr. Then, when they look at the rDNS of the server that connects, it matches the name in your MX record and you're golden. Of course, that's not always possible, so that's when SPF comes in -- to advertise where your valid mail servers really are.... and again, asking HostGator to help you created your SPF record would be the wise choice.

I hope this helps...

Dan
IT4SOHO
0
 

Author Comment

by:myyis
Comment Utility
Hi
Thank you for this really informative comment.
I learned the mailserver of hostgator is websitewelcome.com and put the  record as:
v=spf1 a mx include:websitewelcome.com ~all

I believe it looks fine, how can we check?
0
 
LVL 20

Expert Comment

by:Daniel McAllister
Comment Utility
LOL - one easy way is to send another message to your gmail account, and look at the headers as received at gmail! You'll see the SPF check result listed in the header.

You have already used mxtoolbox.com.

Those should be enough.

Dan
IT4SOHO
0
 
LVL 20

Expert Comment

by:Daniel McAllister
Comment Utility
One last comment -- once you've verified the SPF is valid and what you want... change that ~ (tilde) character (which says you're in test mode), to a - (dash) character (which says you mean to deny all other mail).

Dan
IT4SOHO
0
 

Author Comment

by:myyis
Comment Utility
Thank you very much, sorry I don't have more points left for you, hope for another question :)
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This short article will present "How to import ICS Calendar onto Office 365 Calendar". I was searching for free (or not free) tools to convert ICS to CSV without success. The only tools I found & working well were online tools...this was too hard to…
Utilizing an array to gracefully append to a list of EmailAddresses
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now