On self-hosted email servers you may experience that certain email providers such as Gmail or Microsoft Hotmail will reject your outgoing email. In the returning error message from the Mail Delivery System a SMTP
550-5.7.25 Error is named as a reason for the failure.
Such an error message may look like this:
Action: failed Status: 5.7.25 Remote-MTA: dns; gmail-smtp-in.l.google.com Diagnostic-Code: smtp; 550-5.7.25 [f293:a083:1c13:b38d:d8bb:8073:a0a7:cb15] The IP address sending this 550-5.7.25 message does not have a PTR record setup, or the corresponding 550-5.7.25 forward DNS entry does not point to the sending IP.
This happens most likely because you don’t have a PTR record listed in your domain’s DNS. So let’s fix that.
Log in into your domain registrars website and adjust the DNS settings of your mail servers domain. Let’s imagine that your mail server runs under the domain
mail.example.com with the IP address of
126.96.36.199. The corresponding new PTR record to create would look like this then:
Please note that the individual octet blocks of your IP address are listed in reverse order, followed by a
.in-addr.arpa domain value. This domain has to be added, as PTR records are stored within the
.arpa top-level domain in the DNS. For more background on this topic, I suggest you to read this article by CloudFlare.
For higher reliability, it is advised to also cover IPv6 on your mail server. It appears that some mail providers such as Gmail are not tracing the PTR on IPv4 exclusively and rely on declarations on IPv6 level. To implement this, remember to create a AAAA record in your DNS settings and to create a second PTR record – this time for IPv6:
To generate the appropriate PTR record value for your IPv6 address, I recommend using this tool by whatsmydns.net.
Basically, PTR records are the exact opposite of A / AAAA records. Instead of assigning an IP address to a domain, a domain name is assigned to an IP address. In fact, the PTR term – standing for POINTER – even indicates such use case.
By implementing this two-way mechanism, requests for “Domain to IP” (DNS) and “IP to Domain” (Reverse DNS) can be resolved.
This way, effective anti-spam can be established, as email providers can now double-check if the domain names of incoming senders are actually associated with the senders mail server.