How Reverse DNS Lookup can Help with Reducing Spam
To most, the term "reverse DNS lookup" will probably be unfamiliar. Yet it's a term you'll want to know, particularly if aim to reduce the amount of spam you receive.
What is Reverse DNS Lookup?
Forward DNS lookup involves a DNS query for the IP address of a particular hostname. Reverse DNS lookup (rDNS) simply reverses that so the DNS is queried for the hostname of a particular IP address. It's a verification system meant to assist your email server in telling the difference between good email users and emails sent by potentially compromised systems and spammers.
Think of reverse DNS lookup as the opposite of a standard 'A' record. The A record in DNS configurations allows you to establish a practical name that forwards visitors to your public IP address. With the reverse lookup, your server already knows the IP address because it's available in the received email header. The reverse DNS lookup validates the IP address against the data stored at that domain.
If the email was sent from a potentially compromised computer or a deliberate spammer, the odds are that the reverse DNS entry to be checked against doesn't exist, which will let you know the email is problematic from the start.
Setting up such a system is easy and involves contacting your ISP with a request to set a PTR record for your IP address and having it resolve to mail.yourdomain.com.
The Benefits of Reverse DNS Lookup
- Incident response: with some reverse DNS lookup tools like Reverse IP API, in the event of an intrusion incident, the attacker's hostnames can be ascertained during or after the event.
- Saves resources: Reverse DNS lookup offers some advantages. It doesn't need to access the entire message to run a check on its legitimacy – just the header which is one of the first items passed in the SMTP conversation. If it's not legitimate, it's refused before receiving the entire message to save bandwidth and other resources.
- Penetration testing: Gives you the ability to discover all hosts and IPs related to a particular IP or website. You can also determine websites on a given host that is in any way vulnerable to exploit.
- Security: Reverse DNS lookup can give you the ability to detect websites that share a server with known malicious websites.
The Role of PTR Records
When using a reverse lookup check, you'll receive a legitimate record pointing to a PTR record (mail.yourdomain.com) instead of an A record that is set the by ISP. PTR records are generic with hostnames that use numbers, often the IP address backward, and hyphens instead of commas. PTR records are valid and point to a legitimate A record. They don't work for reverse DNS lookup.
Should you block mail from a server with no legitimate PTR record? Yes. All major domains like Google, Microsoft, and more will block mail from such servers. If you come across situations where you're blocking mail from valid servers without PTR records, you can always whitelist those. It's better to err to the side of caution than to allow numerous compromised servers to form connections.
Start Using Reverse DNS Lookup Today
Ready to take a closer look at reverse DNS lookup to see how it can benefit your business? Check out Reverse IP API today.Read other articles