APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

More on PTR Records

© April 2008 Anthony Lawrence

Quite some time ago I wrote up Basic DNS: PTR records and why you care. I realized today that it is far too geeky: I sent someone experiencing a PTR issue to read that and he came back still thinking that either his Mac or Verizon were to blame.

Why does he think that? Well, I suspect mostly because he got bad support from Verizon AND Apple. His problem was that email he sent to someone with a Comcast address got bounced back with a message like this:

Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement.

Whose mail server does not fill that requirement? His Mac Mail.app is set to use "outgoing.verizon.net" as its outgoing server. His machine NEVER TALKED TO COMCAST. It's not supposed to: it's supposed to talk to "outgoing.verizon.net". It's THAT machine or some other machine of Verizon's that will talk to Comcast. So if Comcast is complaining, it's something at Verizon they are complaining about, and nothing to do with whether or not he's using a Mac or a PC!

It's beyond amazing that no one at Apple or Verizon was able to help him with this and that they each kept bouncing him back to the other.

Specifically, Comcast rejected "". I just checked and that's NOT "outgoing.verizon.net" but it is in Verizon's block, and it doesn't have a PTR record so Comcast is right to complain. Verizon needs to assign a PTR to that address and that wll be the end of his problem.

Nothing to do with OS X or anything else. Just Verizon itself.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> More on a confusing PTR records message


Inexpensive and informative Apple related e-books:

Take Control of Automating Your Mac

Take Control of Pages

Digital Sharing Crash Course

Take Control of Parallels Desktop 12

Take Control of Apple Mail, Third Edition

More Articles by © Anthony Lawrence

Thu Apr 24 17:11:13 2008: 4125   JonR

Thanks for this, Tony. I'd never even heard of PTR records before (your original post was before I subscribed to your blog, I think). This may, unfortunately, come in handy, for my ISP is ATT/Yahoo! and they, er, make their share of mistakes. (Couldn't find the "understatement" HTML tags to use there.)

Could you state, or restate, the best way to get a situation like this corrected when it occurs?

Thu Apr 24 17:28:53 2008: 4126   TonyLawrence

There are two ways to solve it: have your ISP make a PTR record for your mailserver, or have your mailserver relay through something that does have a PTR record.

In this case, this guy was doing the latter, but Verizon screwed up their own DNS and didn't have the PTR.

Fri Apr 25 11:30:53 2008: 4129   badanov

A lot of ISPs mail admins look for mail coming from servers which have no reverse DNS entry or PTR as part of their anti spam operation, and I am always getting them to drop that requirement for my server since I don't have a full DNS setup.

Fri Apr 25 14:09:45 2008: 4130   BigDumbDinosaur

Lack of a valid PTR record is almost always a sign of a spam source. My mail server will block any foreign system that doesn't have a PTR record. If the server admin can't be bothered to handle the DNS details he/she probably isn't sufficiently motivated to police the system's usage and try to keep out the spammers. Either that, or the server has been intentionally set up to be an open relay.

Tue Oct 21 08:41:15 2008: 4672   Gary

The PTR explanation has enlightened my doubts.
But how to add PTR to the mail server?

Tue Oct 21 09:47:38 2008: 4673   TonyLawrence

You don't add it to your server. Your ISP has to do it. See (link)

Sat Nov 21 15:14:18 2009: 7590   Donna

Maybe you can help with this .... I am so confused.
I have a website ... who I host with and who I go thru for domain name are different companies.

Comcast stopped letting my emails go thru yesterday ... because of no ptr record with a valid reverse entry.

Who is responsible for this .... hosting company .... or ... where I get my domain name from?

My hosting company says .... where I got domain name
My domain name people says ..... where I got hosting

Nobody wants to step up to the plate and help with this problem .... each blame the other.

Can you help explain this to me .... as to who is responsible to fix this
Maybe ....its something I am supposed to be doing???

Thank you in advance

Sat Nov 21 15:28:46 2009: 7591   TonyLawrence

It depends upon how you are sending the mail.

I'm assuming you are talking about your home computer sending mail?

What do you have your "Outgoing SMTP server" set to?

If it's Comcast's SMPT server, it's their problem.

If you have it set to your website's mail server, then the responsible party is whoever owns the IP address you are using. That would usually be the hosting company, It would NEVER be where you got the domain from - whoever told you that is an idiot. In NO case is this anything you can do: a PTR record is NOT something you can add to your DNS.

See (link) for more on that.

Sat Nov 21 15:32:34 2009: 7592   TonyLawrence

If you have it set to your website's mail server, then the responsible party is whoever owns the IP address you are using.

In case that's not clear, I mean your web site's IP, not your home IP.

Sat Nov 21 15:35:00 2009: 7593   TonyLawrence

Wait - I assumed you were using Comcast at home.

If you are using YOUR HOME ISP's mail server, it's their problem, whoever they are.

Sat Nov 21 16:11:06 2009: 7594   Donna

Thank you for the quick response!

I am not talking about my home computer email .... I am talking about my website email
which has nothing to do with my home computer ... or .... my
home email address


Sat Nov 21 16:22:23 2009: 7595   TonyLawrence

OK then. It's whoever is responsible for the net-block your ISP uses.

Usually, that would be your hosting company, but it's possible that they get IP's from someone else.

You want to know who is responsible for the reverse ip lookup. Again, if they don't understand, demand to speak to someone more intelligent and refer them to (link) - that's what you need.

Sat Nov 21 16:36:33 2009: 7596   Donna

Again .... Thank you for the quick response!

You have been very helpful.

Thank You

Sun Nov 22 17:34:09 2009: 7602   BigDumbDinosaur

If it's Comcast's SMPT (sic) server, it's their problem.

Something to note for all you Comcast subscribers. They will not allow traffic on port 25 to pass through their system to a third party mailserver, obviously a gesture intended to thwart mail zombies running on Windows XP home edition machines. If you are relaying your mail through a third party server you must do so on an alternate (non-privileged) port.

Several of my clients who have Comcast at home relay their outbound mail through their company servers for legal reasons. All my clients' servers run Sendmail, so once I had worked out a methodology for providing secure relay access, it was trivial to set it up on other servers. The trick is to have Sendmail listen on a dynamic port (that is, any port from 49152 upward) to accept authorized relay traffic. This arrangement doesn't affect Sendmail's ability to listen on port 25 for the usual inbound SMTP traffic from other mailservers. See the DaemonPortOptions keyword in sendmail.cf for more info.

Needless to say, if you set up such an arrangement, you must enable client authentication to avoid having the Internet monkeys attempt to relay through your server. You may use AUTH-LOGIN or more complex schemes, such as CRAM-MD5, to verify that the connecting mail client (meaning Thunderbird, Outhouse Distress...er...Outlook Express, etc.) is authorized to relay. AUTH-LOGIN generally works well enough but is not truly secure due to the use of base64 encoding of the username and password sent by the client to the server (reversing base64 is trivial to implement). For improved security, consider adding STARTTLS to the mix in your sendmail.cf config file. If you are using some other MTA, such as Postfix, read up on the documentation to find the equivalent functions.


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

A learning experience is one of those things that say, "You know that thing you just did? Don't do that." (Douglas Adams)

Linux posts

Troubleshooting posts

This post tagged:



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode