Do I really need an MX record? (for e-mail to work)

Christian Smith csmith at dyndns.org
Thu Feb 9 23:38:41 UTC 2006 

In article <dsg1k4$15se$1 at sf1.isc.org>,
 administrator at spam.yellowhead.com (John Coutts) wrote:

> In article <dsdfd8$137e$1 at sf1.isc.org>, csmith at dyndns.org says...
> >
> >Can you provide an example of a domain which blocks mail simply because 
> >the PTR record does not match the name of the mail server? (Setting one 
> >up yourself to provide as an example doesn't count) And how exactly do 
> >these domains determine the A record? Do they base this on name provided 
> >in the HELO command?
> >-- 
> >Christian Smith
> >Dynamic Network Services, Inc.
> >
> *************** REPLY SEPARATER ****************
> Yes here is a prime example, which was a fairly important piece of business 
> mail. In this case, the IP does have a reverse lookup, but the resulting name 
> does not report the same "A" record. I have complained to POBox. but to no 
> avail. At first they denied that they check the "A" record against the 
> "PTR", but when I pressed them, they added the "or PTR and A records do not 
> match" to the message. Big deal!
> -------------------------------------------------------------
> X-Pobox-Antispam: require_ptr/ returned deny: 204.209.35.42 has no PTR
>  record, or PTR and A records do not match
> X-Sift-Reason: require_ptr/ returned deny: 204.209.35.42 has no PTR record,
>  or PTR and A records do not match
> X-Sift-From: xxxxxxxxxx at trekescapes.com


This is a perfect example of broken reverse DNS

% dig +noall +answer -x 204.209.35.42
42.35.209.204.in-addr.arpa. 0   IN      PTR     mail.rewired.net.

% dig +noall +answer mail.rewired.net
mail.rewired.net.       3513    IN      A       216.234.167.142


216.234.167.142 != 204.209.35.42 so the verification of the reverse DNS 
for 204.209.35.42 fails. 


> --------------------------------------------------------------
> 
> Here is another one which is an order confirmation from Toysrus. In this 
> case, 
> there is simply no PTR record. I have informed Toysrus of the problem, and 
> they 
> politely thanked me and said they would take care of it. Months later, IBM 
> (the 
> network operator) has still not corrected the problem.
> --------------------------------------------------------------
> X-Pobox-Antispam: require_ptr/ returned deny: 170.224.105.33 has no PTR
>  record, or PTR and A records do not match
> X-Sift-Reason: require_ptr/ returned deny: 170.224.105.33 has no PTR record,
>  or PTR and A records do not match
> X-Sift-From: Shipments at toysrus.ca
> --------------------------------------------------------------

Yes, this IP address has no PTR record. mail servers which perform 
reverse DNS verification will reject mail being delivered from this IP 
address.

These are perfectly reasonable things to reject receipt of mail for.


-- 
Christian Smith
Dynamic Network Services, Inc.

More information about the bind-users mailing list