The Problem

On self-hosted email servers you may experience that certain email providers such as Gmail or Microsoft Hotmail will reject your outgoing email. In the returning error message from the Mail Delivery System a SMTP 550-5.7.25 Error is named as a reason for the failure.

Such an error message may look like this:

Action: failed
Status: 5.7.25
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.25 [f293:a083:1c13:b38d:d8bb:8073:a0a7:cb15] The IP
    address sending this 550-5.7.25 message does not have a PTR record setup,
    or the corresponding 550-5.7.25 forward DNS entry does not point to the
    sending IP.

The Solution

This happens most likely because you don’t have a PTR record listed in your domain’s DNS. So let’s fix that.

Log in into your domain registrars website and adjust the DNS settings of your mail servers domain. Let’s imagine that your mail server runs under the domain mail.example.com with the IP address of 120.10.128.64. The corresponding new PTR record to create would look like this then:

NameRecord TypeValueTTL
mailPTR64.128.10.120.in-addr.arpa3600

Please note that the individual octet blocks of your IP address are listed in reverse order, followed by a .in-addr.arpa domain value. This domain has to be added, as PTR records are stored within the .arpa top-level domain in the DNS. For more background on this topic, I suggest you to read this article by CloudFlare.

For higher reliability, it is advised to also cover IPv6 on your mail server. It appears that some mail providers such as Gmail are not tracing the PTR on IPv4 exclusively and rely on declarations on IPv6 level. To implement this, remember to create a AAAA record in your DNS settings and to create a second PTR record – this time for IPv6:

NameRecord TypeValueTTL
mailAAAAf293:a083:1c13:b38d:d8bb:8073:a0a7:cb153600
mailPTR5.1.b.c.7.a.0.a.3.7.0.8.b.b.8.d.d.8.3.b.3.1.c.1.3.8.0.a.3.9.2.f.ip6.arpa3600

To generate the appropriate PTR record value for your IPv6 address, I recommend using this tool by whatsmydns.net.

The Explanation

Basically, PTR records are the exact opposite of A / AAAA records. Instead of assigning an IP address to a domain, a domain name is assigned to an IP address. In fact, the PTR term – standing for POINTER – even indicates such use case.

By implementing this two-way mechanism, requests for “Domain to IP” (DNS) and “IP to Domain” (Reverse DNS) can be resolved.

This way, effective anti-spam can be established, as email providers can now double-check if the domain names of incoming senders are actually associated with the senders mail server.

Leave a Reply

Your email address will not be published.

You May Also Like