Reverse DNS Setup

[andycogress]

We've got a VPS server hosted at Fasthosts that we pop all our customer's accounts on, about 20 domains in all so far.

Every domain has trouble sending emails, most of them being bounced as potential spam. However the IP doesn't appear on any spam lists.

Fasthosts have told us that they could setup reverse DNS for us if we tell them which domain to set it up for and this is what confuses me. Should it just resolve back to the server's main hostname, i.e. the hostname of the nameservers? They seem to suggest it should resolve back to one of the customer domains on there, but wouldn't that just mean others couldn't send emails?

 

[Noway2]

Having reverse DNS is one of the things looked at for proper identification of a mail server. Verifying that your IP is not on a spam list is a good first step.

You will also want to make sure that your IP is designated as static and appearing in a static allocation pool. Since a large percentage of spam originates on zombie PCs from dynamic/residential ranges, these often times get blocked.

As far as the host associated with the reverse DNS lookup, I think it is more important that whatever you choose be designated in your MX records and in your SPF record. The SPF record is usually what a recipient will pull to verify the sender. The SPF record declares that the sender says that "this host IS a valid mail server for this domain". The verification methods include reverse DNS lookup, but this is not exclusive. Microsoft has an excellent SPF record wizard where you enter some domain information and it gives you a record to use. You simply add this as a TXT record to your DNS.

I also recommend checking your domain on mxtoolbox (mxtoolbox.com). It will run a wide variety of DNS tests and give you a lot of information regarding the state of your mail server identification. It is free and well worth the effort.

The next step, which is growing in popularity, is domain keys or DKIM (domain key identified mail). This is nearly impossible to spoof as the header is cryptographically signed by the originating host. The recipient then can verify the signature from the host and get a "yes I sent this or no I did not." Yahoo requires this for their mail system.

Lastly, it is possible that you are facing a domain that black-lists you unless you have been pre-approved. Some recipients, like Earth Link, carry this to an extreme and unless you have 'complained' will black list you. Others like hotmail, require you to sign up for the sender-ID program which is simply filling out an online form.

If the above doesn't help, please provide a sample header and we can help identify the explicit cause. Such a header would require real information to be of real help, though.