How improper configuration of DNS Records affects Spam filtering

How improper configuration of DNS Records affects Spam filtering

Some of the DNS records are correlated to the mailing and it will affect the spam filtering activity too. In this article, I am discussing some of the DNS records correlated to spamfiltering. SPF, rDNS, DKIM and DMARC are the important dns records that are affecting spam filtering. Without proper setting of these records may cause detecting your mail as spam. For the smooth delivery of the mails, these DNS records should be configured correctly.

How email works ?

Whenever we send some data over e-mail, the e-mail client interacts with the SMTP server to andle the sending. The SMTP server on the host may have conversations with other SMTP servers to deliver the e-mail. Starting from the very first level of mail communication, let’s see how email service is related to DNS service with the help of a flow chart.

DNS Records correlated to spamfiltering

MX Records

In the first stage of the mail delivery process an email address matched to a domain name, and the DNS converts the domain to IP address and send the data. So, the first DNS record checking in the mail delivery process is the A record for the domain. Then the mail server will check for the mail server for the destination domain, so it looks for the MX of the domain. Also, the MX of the domain should have an A record set to an IP address of the mail server.

MX record for the MX 0 A 123.321.123.321

These are the minimum DNS records needed for the mail server working. Now we need to add few DNS records correlated to spam filtering which will help in the proper delivery of the mails without getting filtered as spam mails in spam filtering solutions used in the destination mail servers.

PTR Records

PTR records are used in reverse DNS lookups that are conducted by mail servers to make sure that the other mail server they are dealing with is who they say they are. Basically, this record tells other mail servers that the IP of our mail server is authoritative for sending and receiving mail for our domain. In normal case we set the hostname as the rDNS for the IP. When a mail server receives a request from your domain’s mail servers, it will take the IP provided (of your mail server) and do a reverse DNS lookup and confirm the reverse DNS matching the SMTP Banner of the mail server. Also confirms the reverse DNS and A record for the domain are matching, if A record and reverse DNS are not matched, the SMTP test will show “Reverse DNS Mismatch”

rDNS check and SMTP Banner check

Unsolicited mails or Spam mails

Spam is an electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited email. However, if a long-lost brother finds your email address and sends you a message, this could hardly be called spam, even though it is unsolicited. Real spam is generally email advertising for some product sent to a mailing list or newsgroup.


Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. It can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.

Spoofing used to gain access to a target’s personal information, spread malware through infected links or attachments, bypass network access controls, or redistribute traffic to conduct a denial-of-service attack. It is often the way a malicious attacker gains access in order to execute a larger cyber-attack such as an advanced persistent threat or a man-in-the-middle attack.

Prevent mail spamming

Now we are going to create a special kind of record, it will tell the other mail servers about the authorised mail server of your domain. This record will tell those servers to only trust mail coming from IP addresses and hostnames that you specify. We will need to create an SPF record that
contains our domain and the IP address of our mail server.

SPF record added to the DNS zone for the domain and it is a specially formatted version of a
standard DNS TXT record. An SPF record looks something like this:

Example: 3599 IN TXT “v=spf1 ~all”

DKIM Record

DKIM (DomainKeys Identified Mail) is a method to validate the authenticity of email messages. Each email sent from the mail server signed with a private key and validated at the remote server using the public key. This will help to verify the mails are unaltered in the trust process.

Similar to SPF, DKIM also uses DNS TXT records with a special format. When a private/public key pair is created, the public key is added to your domain’s DNS:

Example: IN TXT “k=rsa\; p=XXXXXXXX”

DMARC Record

Determination of a fraudulent email is based on a combination of a SPF (Sender Policy Framework) and/or DKIM (DomainKeys Identified Mail) check. Once the recipient email server determines the status of the email, it then looks at the DMARC DNS record to understand how it should react.

Example:  v=DMARC1;p=reject;pct=100;

In this sample, the DMARC record instructs the recipient email server to reject or delete any email it suspects as being fraudulent and to send an aggregated report back to a specified email address as evidence.


This should give a fair idea about how DNS records, when not configured properly can affect spam filtering. Proper configuration of these DNS records helps the smooth delivery of mails to the inbox of the destination mail account. There are several online tools available to check these DNS records, you can use any of them to verify these records. And of course you can contact our admins for fixing these DNS records for your mail server.

Facebook Comments