Using reverse DNS verification

Reverse DNS lookup uses a pointer (PTR) record to determine the domain name that is associated with an individual sender IP address. The reverse DNS lookup function can determine whether email sent to your system is from a legitimate domain. Use of this option can enhance the detection of commercial bulk email. See Commercial bulk email.

However, if you enable Reverse DNS, server performance may be affected, or legitimate users may be rejected. This function is not enabled by default, but can be enabled from the section Reverse DNS Lookup Options on the page Settings > Inbound/Outbound > Connection Control.

Enable reverse DNS lookup

Steps

  1. Navigate to the page Settings > Inbound/Outbound > Connection Control.
  2. From the section Reverse DNS Lookup Options, mark the check box Enable reverse DNS lookup.
    Selection enables the corresponding check boxes.
  3. Determine the response to a reverse DNS lookup by marking one or more of the following check boxes:
    • Disconnect if the PTR record does not exist
    • Disconnect if the PTR record does not match the A record
    • Disconnect if a soft failure occurs during a reverse DNS lookup

      If you select this option, a connection is terminated when the following events occur:

      • Named DNS lookup cache service is down.
      • Your DNS server is down.
      • A timeout occurs during a DNS lookup.
    • Disconnect if the PTR record does not match the SMTP EHLO/HELO greeting
  4. Save detailed connection information in the appliance mail processing log; mark the check box Save connection details in the mail processing log.
  5. Click OK.
    The settings are saved.