Check IP Reverse DNS

Information Details

Normally, the reason you have reached this page is because a mail server has sent you a message when it rejected an email from you, or one of your users.

If you are an email or network operator, you can continue reading this section
If you are a user sending email and it got blocked, you should read this section instead

Information for Email and Network Operators

Although email servers can by RFC accept connections from any IP Address most Best Practises documents insist that all identifiers are correctly used, and in the case of reverse DNS on the connecting IP Address this also applies.. The principal is that ALL email servers have a correct entry in DNS that resolves, and it should resolve to the responsible party for the email server.

This rule performs simple checks on the IP Address that is attempting to connect. Normally ALL IP addresses should have a correct reverse DNS, and especially email servers. Most Anti-Spam tools will reject email from places with no reverse DNS anyways, as this is a common trick of spammers to hide their identities. Or they have hijacked devices and computers that have been forgotten about. Or they use these IP's in dictionary attacks. NOTE! During temporary DNS outages, this normally will reject with a 4xx error, allowing for retries. It is only on IP's which have no authority that immediate 5xx denial is performed.

IF you DON'T have reverse DNS you probably have trouble sending to most places already. Although by 'best practices' the HELO 'should' be a fully qualified domain name that is publicly resolvable, this rule does not check for that as some operators may still be using a fully qualified domain name that is only used internally at their location.

It requires that the IP address of anyone trying to connect, have a reverse DNS entry for their IP Address.

In order to ensure that messages are not stopped by this check, make sure the HELO is a FQDN.

The reverse DNS string sent should in the style of:

host 192.168.1.1 = mail.mycompany.com

Example:

mail.mycompany.com
firewall.mycompany.com
headoffice.mycompany.com

The following bad example(s) will get rejected:

<missing>

You should also read some of the other Best Practises documents if you have this problem. Also remember, according to Best Practises, having a reverse DNS that appears to be part of your upstream provider is not good enough for an email server. adsl.23.204.205.upstream.com means that it is an IP address they are responsible for. You are responsible for activity on this IP address if you send email, so make it easy for people to know how to reach you. Otherwise it looks like you are just an infected IP Address.

If you are the one sending the message, and you were blocked with this message, it is most likely that you do not have your email client set up correctly, and you should read the next section.

Information for users. Why was my email blocked?

If your email was blocked, and the link sent you here it is probably because the operator of your outbound mail server has either had a technical malfunction with his DNS, or misconfigured something. Best to call them and ask what the problem is. If they say they don't need reverse DNS, think about changing to a more responsible provider. Usually they can rectify this quickly, or it was a temporary problem.

Normally, this rule will only block spammers and hackers.

Please check with the administrator of your outbound email server, or ISP for more information.