Configuring DNS So a Mail Server and the Email It Sends Pass Anti-Spam Tests

4.6.1 Problem

You want to make sure a mail server and the email it sends pass all DNS-related anti-spam tests.

4.6.2 Solution

First, make sure that any domain names used in return addresses resolve to an MX record or an A record. For example, if the mail server sends out all mail addressed from user@foo.example, make sure foo.example owns at least an MX record:

foo.example. IN MX 10

Next, make sure that the IP address that the mail server sends mail from reverse-maps to a domain name (that is, that the domain name in that corresponds to the address has a PTR record attached): IN PTR

Check that the domain name that the mail server's address maps to in turn maps back to that address (that is, the domain name has an A record with the same address on the right side): IN A

Finally, check that the domain name your mail software uses in the HELO or EHLO (extended HELLO) SMTP commands is either the same as the domain name you just checked (, or else passes the same forward- and reverse-mapping checks. For example, if your mail server announces itself as, make sure maps to an address, and that address maps back to

4.6.3 Discussion

Not all mail software performs all of these checks when receiving email, but ensuring that a mail server passes them will help guarantee that the mail it sends won't be refused as spam by the stricter mail servers on the Internet.

4.6.4 See Also

Len Conrad's article "How to Keep Your DNS from Blocking Mail Delivery from your and your Clients' Mail Servers" on his "BIND 8 for NT" web site, at

Getting Started

Zone Data

BIND Name Server Configuration

Electronic Mail

BIND Name Server Operations

Delegation and Registration


Interoperability and Upgrading

Resolvers and Programming

Logging and Troubleshooting


DNS & BIND Cookbook
DNS & BIND Cookbook
ISBN: 0596004109
EAN: 2147483647
Year: 2005
Pages: 220
Authors: Cricket Liu © 2008-2020.
If you may any questions please contact us: