6.5 ORF Online Help
Select your ORF version:

Table of Contents

Reverse DNS


This help section describes the Reverse DNS Test settings in ORF.

General Information

ORF offers two ways for validating the email source using reverse DNS lookups. These can be used together or enabled individually.

Sender Domain Validation

The Sender Domain Validation test is for basic validation of the sender email address. The test checks whether a reply could be sent to the sender by checking the sender domain. Domains capable of accepting emails must provide a DNS MX or A or CNAME record. The Sender Domain Validation test checks the existence of these DNS records.

Sender IP Reverse Name Validation

This test checks whether there is a host name associated with the sender IP address (DNS PTR record). Internet hosts are expected to have a host name associated with their IP address, and although reverse names are not strictly required, poor compliance with the Internet recommendations may indicate an unreliable email source.

Please consider that enabling this test may result in blacklisting of legitimate emails. A growing number of major networks choose to reject emails from suspicious senders without proper reverse DNS configuration, however this is more a matter of security policy than anti-spam rules and hence a few legitimate emails may be blacklisted.

Settings

Enabling or disabling the Reverse DNS Test

You can enable or disable the use of the Reverse DNS Test on the FilteringTests page in the navigation.

The "Enable Sender Domain Validation" option

Set this checkbox to enable the Sender Domain Validation.

Selecting the Sender Domain Validation test mode

The sender domain validation can be performed in one of the below modes:

  • The sender domain must have a DNS MX record: This test mode is quite restrictive. Although having a DNS MX record for a mail-capable domain is strongly recommended, it is not an RFC standard requirement. This test may block otherwise legitimate hosts. ORF has to perform at least one DNS lookup for this test.
  • The sender domain must have a DNS MX or A record: It is an RFC requirement that any mail-capable domain must have a DNS MX, A or CNAME records. When none of the records above exist, you cannot send mail to that domain. Requires one or two DNS lookups.

Using the latter mode is recommended.

Invalidated IP Addresses

For more information about the Invalidated IP's button, see the section Invalidated IP Addresses.

Enable Sender IP Reverse Name Validation

Set this checkbox to enable the Sender IP Validation. This test will blacklist the email if there is no host name registered in DNS for the sending server.

Name Blacklist (of Sender IP Reverse Name Validation)

This list allows blacklisting IP addresses by their reverse name, instead of their IP address. A typical use of this list can be to blacklist unreliable domains, DSL and cable network lines, etc. For instance, if the sender IP has reverse name dsl-1-2-3-4.isp.com, blacklisting dsl-*.isp.com will stop any DSL lines of this ISP to send emails to your server directly.

Copyright © Vamsoft Kft. All rights reserved. Document ID adm-reversedns, version 1.