PTR, rDNS, SPF, DKIM, DomainKeys and SMTP set up for sending emails

The DNS records related to sending emails has to be set correctly according to prevailing standards otherwise you will get into various non-delivery issues.

PTR and rDNS

When the sender server (S) email arrives at the recipient server (R), R will do a rDNS check and this sequence of events will happen:

  1. R will check the IP that S is connected on
  2. R will check the IP for a valid hostname by doing a DNS lookup for the PTR record for the IP. This PTR record is recorded in the ISP zone for S.
  3. S’s ISP will return a hostname to R.
  4. R will check the hostname for an IP by doing a DNS lookup for the A record for the hostname. This A record is recorded in the zone of the hostname’s domain.
  5. R will compare the IP in step 1 and 4 to make sure it is the same.

Additionally, R may require that the hostname in step 2 be the same as the sender email domain’s MX and be the same as the hostname in the HELO/EHLO command sent by S. Although this will be over doing it.

SPF

R may also check whether S implements the Sender Policy Framework (SPF) in the DNS by looking up the TXT record in the email domain zone. Typically, an SPF TXT looks like:

  • “v=spf1 mx a ~all”

This will tell R that emails originating from the MX server and the Web Server (specified at the A record for the domain) are allowed to send emails for the email domain.

DomainKeys, DKIM

S can also implement a “signature” protocol where every email sent out will be signed by the it. Then when R recieves the email, it will look up TXT record in the DNS zone of the email domain for the DomainKey and DKIM rules to parse and determine if the signature on the email is valid.