SPF and Reverse DNS

Very often we see customers having issues sending email to domains such as Comcast, AOL or Gmail.  Usually we make sure that the user is sending to the correct email address etc. but a very common issue we run into when first acquiring a new client is that their domain does not have an SPF record or reverse DNS entry that is required by Comcast or AOL to combat SPAM.  I would like to briefly explain the use of both an SPF record and a reverse DNS entry.

SPF stands for Sender Policy Framework and is a txt record in DNS that specifies what hosts are allowed to send email on your domains behalf.  This helps to mitigate the issue of people spoofing the from field in an email.  It is a very simple record that can be added where your DNS is hosted.  Let’s say for instance that you have one email server that receives and sends email for you domain and you only want that email to be allowed to send email.  Your SPF txt record may look like the following:

V=spf1 mx –all

This record says that whatever IP your MX record points to is allowed to send email.  You can also modify this to include an A record etc.  When Comcast sees an email come in, they check the SPF record and if things don’t match the email may be rejected.

Reverse DNS (rDNS)

Usually you will need to contact your ISP to get this record added and if you are familiar with how regular DNS works, this of course would be the exact opposite.  Regular DNS translates names to IP addresses where reverse DNS translates IP addresses to names.  When Comcast for instance sees an email coming from 74.x.x.x they will perform a reverse DNS lookup to ensure that the IP address the email is coming from resolves to the correct name listed in DNS. 

If you are having issue with sending email to certain domains, check to see if you have these two items in place as it will greatly help.

Pin It on Pinterest

Share This