DNS PTRs as an AntiSpam mechanism.
Email communications are still massively used today for everything, emails are the oldest service on the internet. And as being important, means, being attacked will be.
So fast-forwarding Spam, Spoofing, Phishing (in any type), pharming, or any kind of malware-based attached, any bad configuration or client-based will cost you, a lot.
As you may already know, the famous DNS table besides all the information that contains, can also host a record called PTR (Pointer), which is widely used for doing reverse DNS lookups, or in simple words a way to translate a domain name to its IP address.
Along with many other record types, such as “A” which resolves IPv4 address, “AAAA” for IPv6 address, “MX” for email server configuration, and “SPF” (Sender Policy Framework) which allows a quick validation between MX address of the email headers to avoid email spoofing.
Every registry associated with a domain with email credentials can be considered to AntiSpam filter, such as DMARC, SPF, and DKIM records.
The PTR record as I wrote above, will tie an IP address with a domain, exactly the opposite of the “A” record.
How PTR is present in an email flow?
This email sending-receiving process can be quite complex with a lot of participants involved. The main idea of this post is to explain in simple steps how the sending email process is handled by the PTR, where is located, and how acts.
- Let’s suppose that with own the “x.com” domain, whose IP is 1.2.3.4. At this moment we send the message with the help of the SMTP server
- The receiver’s server will check the DNS, specifically the DNS’s PTR record for 1.2.3.4.x.com
- If the answer is 1.2.3.4, this means that the domain administrator sets that IP address for its email service, which is true, and then, the email is accepted.
So, this mechanism performs a DNS check and confirms that the records are set correctly, this needs to be done carefully because may lead to information loss.
Spammers' attacks focus on trying to spoof domain names, and this validation will block and reject emails or any communication that does not provide a PTR record with a valid email.
If you as the owner of “x.com” do not set things correctly, eventually your domain will have a bad reputation due to Spam. All your digital credibility will be targeted as potentially dangerous.
Security aspects in companies and regular people are considered as a whole. If you have a bad reputation for IP, do something about it. Check my post about STMP health and IP reputation here.
Bonus track: basic email server defense must-do
Email servers are the second last stop from an email just before getting to its destination (both ways).
The big picture starts from the sender’s POV: the message goes directly to the sender’s Email server, immediately to the first SMTP server, then to the second SMTP server (the receiver’s one), and then to the receiver’s Email server, once here, will be rendered in any particular configuring email client.
This can conclude that the Email Server should be the very first line of defense for Spam and malware. Of course, from that particular point, back, you can also have some Software and Hardware protection for more security.
To prevent you can place Anti-spam filters, IP and host reputation, anti-malware solutions, and way more. If your email server is not from a third-party provider, is preferable to isolate them with a DMZ, hardened and maintained with safety security checks and backups.
Other defense measures available: POP, IMAP, SMTP with encryption, maybe apply to send and receive limits, etc.
To conclude this in a few words, an Email Server must be isolated with all the security prevention techniques available
Go now and check your DNS records. Check your IP reputation, it’s all good?
Happy emailing :)
