Gateway reverse lookup
Hi Everyone
What is the best practice for gateways. For example we got blacklisted a while ago and public ip is still blacklisted on spam rats. It says about reverse lookup not being setup
the exact message "Does IP Address comply with reverse hostname naming convention". While letting my isp know we were told to liase directly with spamrats which i did but the ip has not been given ok by spamrats. I think that they want us to set reverse DNS on gateway.
1) What is the best practice for gateways?
2) What happens if i give it a name with my domain? nnn.kkk.school.fj.
3) Does it interrupt my traffic?
4) Do i have to change my firewall rules based on the name change?
5) What all do i have to do to get this done?
6) What is the whole purpose of reverse dns on gateway as i was told by my ISP that they only setup if told by a customer to do so?
What is the best practice for gateways. For example we got blacklisted a while ago and public ip is still blacklisted on spam rats. It says about reverse lookup not being setup
the exact message "Does IP Address comply with reverse hostname naming convention". While letting my isp know we were told to liase directly with spamrats which i did but the ip has not been given ok by spamrats. I think that they want us to set reverse DNS on gateway.
1) What is the best practice for gateways?
2) What happens if i give it a name with my domain? nnn.kkk.school.fj.
3) Does it interrupt my traffic?
4) Do i have to change my firewall rules based on the name change?
5) What all do i have to do to get this done?
6) What is the whole purpose of reverse dns on gateway as i was told by my ISP that they only setup if told by a customer to do so?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
1) What is the best practice for gateways? example is it the right practice to setup reverse dns for gateways. if so why is it needed, Why have we been blacklisted based on gateway IP for reverse dns
2) What happens if i give it a name with my domain? Lets say my public ip is 1.2.3.4 if i tell my isp to setup reverse dns of xxx.kkk.school.fj
What does it impact? what are the things to consider before doing it?
2) What happens if i give it a name with my domain? Lets say my public ip is 1.2.3.4 if i tell my isp to setup reverse dns of xxx.kkk.school.fj
What does it impact? what are the things to consider before doing it?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
You are welcome! Glad I could help and thanks for the points!
Not sure what you are asking here again, but I belive noci addressed this.
Nope!
No.
Your ISP needs to set this record so contact them to do so.
Noci already answered this quite well!
Some other items you should consider to prevent blacklisting is:
• SPF, DKIM & DMARC as noci stated.
• Consider offboarding your security & anti-spam engine to the cloud like Microsoft EOP (Exchange Online Protection) - it works for cloud, hybrid and on-premise Exchange environments.
Microsoft EOP is a cloud-based email filtering service that protects your company against spam & malware, and includes features to safeguard you from messaging-policy violations (like the one you got!). EOP can simplify the management of your messaging environment and alleviate many of the burdens that come with maintaining on-premises hardware & software, especially Sender IP-reputation. https://technet.microsoft.com/library/exchange-online-protection-service-description.aspx
There are others besides Microsoft EOP such as Google Postini, SonicWALL Hosted Email Security, Barracuda Spam, Cisco IronPort & so on but I prefer Microsoft EOP and its relatively inexpensive.
They all function similarly in that you use their IPs instead of your own so your liability & risk is shifted to them. You don't have to worry about getting your IP blacklisted and that halting your ability to function and send/receive mail because again the IPs you are sending from are not yours and they [the providers] are very diligent to make sure their IPs do not get blacklisted.