DNS Lookups

Table of Contents

This method tries to eliminate spam sent by e-mail servers connected through Internet dial-up connections, as well as most ADSL and cable connections. IP addresses of those connections are usually not registered to any DNS as a qualified host meaning that they do not have their own static IP and a registered host name like mail.domain.com.

A DNS lookup uses an Internet domain name to find an IP address, where a reverse DNS lookup is using an Internet IP address to find a domain name. Reverse DNS lookup technique is able to identify if the sending e-mail server is legitimate and has a valid host name.

Many spammers use misconfigured hosts to disguise the source of the spam. A DNS query that does not recover a matching host name and IP address is a good indication that the message is spam.

DNS lookup is not always a good solution. Many legitimate e-mail servers are incorrectly configured, or have intentionally not registered a name with DNS, so a reverse query does not return a matching host name. Also, this anti-spam method runs DNS queries on a large number or e-mails and consumes valuable network resources. A number of problems, including network delays and improperly configured networks or servers, can prevent legitimate messages from getting through the filter. In January 2003, AT&T WorldNet started using reverse DNS and was forced to remove the filter just 24 hours after it was deployed, after subscribers reported that messages were going undelivered.

Ways to do DNS lookups

Reverse DNS lookup

This method is time-consuming and it is rarely used. The receiving server performs a reverse DNS lookup on the IP address of the incoming connection and checks if there is a valid domain name associated to it.

HELO lookup

The receiving server will get the host name of the sending e-mail server from the SMTP HELO command, perform a simple DNS query (forward DNS lookup) and verify that the IP address is indeed the IP address of the incoming connection. If the resulting IP address does not match the incoming connection IP address (sender's IP address), e-mail is rejected.

Sender's address lookup

When ISPs check whether an incoming e-mail is accepted, they can do a DNS check on the sender's e-mail address. For example, if your address is , then the ISP does an nslookup on domain.com. If no records are found - the message is rejected.

A variation of this method is checking if there is an MX DNS record of the domain.com. MX record returns an address like mx1.domain.com used to connect to the server that accepts messages for domain.com. Even if the domain in the sender's e-mail address is valid, but there is no e-mail server for domain.com - the message is not accepted.

Solutions

The solution depends on which method is used to block spam.

1. Reverse DNS lookup

Get a domain name

To get a domain name for your dynamic IP address you can use the no-ip.com DNS service which enables you to host a server using a dynamically assigned IP address. When you send messages, if any of ISPs perform a reverse DNS lookup of your IP address, they will always get a valid domain name and accept messages sent from your computer.

The basic service is free, but the names are sub domains of names already registered by No-IP like: "servequake.com" or "myvnc.com". For more information, visit this web page:
http://www.no-ip.com/services/page/free/dynamic/dns

No-IP Plus enables you to use your own, separately registered domain name. The price for one year is $24.95:
http://www.no-ip.com/services.php/page/plus

Use backup SMTP servers

The Professional Edition of PostCast Server has a feature that allows you to specify one or more backup SMTP servers. If only certain domains are unable to receive messages from PostCast Server, you can use this option to forward those messages to your ISP's SMTP server. Open the Settings/Undelivered/Gateways window to configure this feature. For more information, see SMTP Gateways.

Use socks proxy servers

This feature enables you to relay e-mail through other servers. When the message is sent using a third-party socks proxy, your IP address does not appear as the source of the message. The best solution is to connect to your ISP's socks proxy directly if it is provided by the ISP. Their server's (non-dynamic) IP address will be the source of your outgoing messages. For more infromation, see Firewall and Proxy Support.

2. Sender's address lookup

Make sure that e-mail address in the From field of your messages is always valid.

3. HELO lookup

AOL, Hotmail, Yahoo, and some other ISPs perform a HELO lookup when receiving messages. If the lookup is not successful, they simply reject to deliver the message to the recipient without sending any error message. There are three possible ways to solve this problem.

1. You can select the "Resolved Internet IP" option in the HELO handshaking settings in the Settings/Advanced screen. The program will perform a DNS query to find out which address points to your IP. This option sometimes does not return the correct values if you are behind a router. If that is the case, you can use the http://network-tools.com/ service to check your IP address and look for "Host name" which should then be copied into the "Use this Identification" box in HELO handshaking settings.

2. Try to change the server identity in the HELO handshaking settings in the Settings/Advanced screen to the "mail.domain.com" format. For example, if your ISP provides e-mail address such as , set the HELO handshaking identification to mail.domain.com. Try also with only 'domain.com' format.

3. If you have a domain name that points to your computer's IP address, then enter that domain name in the HELO handshaking settings in PostCast Server. You can use the no-ip.com service to host a domain name on your computer.