What is a FCrDNS check?

A forward-confirmed reverse DNS check (https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS) is an increasingly common anti-spam measure on mailservers, which checks the sending IP of an email to see if the hostname returned has a DNS record matching that same IP address.

For example, if an email reaching a mailserver were to have a sending IP of 127.0.0.1, the server will perform a host lookup on that IP. If the hostname returned is 'server.example.com' the mailserver will then check the DNS record for 'server.example.com'.

Now, say the DNS record for 'server.example.com' does not exist or returns a different IP of 127.2.2.2. If this is the case, since the message claims to be from 'server.example.com' but 'server.example.com' does not resolve to that sending IP address of 127.0.0.1, there is a strong possibility that the message may be forging the sending host, and the mailserver will reject that message. If, however, the 'server.example.com' record points back to that 127.0.0.1 address that it was sent from, the FCrDNS check passes, and the message will move on to the next checks, and/or complete delivery.

The purpose of a FCrDNS check is to cut down on the amount of incoming spam that is processed by the mailserver. Since this check typically happens as soon as a connection is made, before any other header information is sent, a server can reject suspicious messages more efficiently, since it would not be wasting resources processing that header information from suspect senders.

Because spammers often forge information in headers to make it seem like they're coming from other hosts, or perhaps send messages via malicious scripts injected into unrelated websites, the messages will often fail the FCrDNS check. Legitimate senders, however, should typically have these records setup correctly, and may likely never notice that the check is occuring.

Please refer to the following RFC Standards documentation for relevant information on the standard DNS configuration / common server connection errors:

https://tools.ietf.org/html/rfc1912#section-2.1
https://tools.ietf.org/html/rfc7601#section-3

 

  • 5 کاربر این را مفید یافتند
آیا این پاسخ به شما کمک کرد؟

مقالات مربوطه

How is Inbound Email Filtered?

Server-LevelThe first level of filtering on inbound mail is server-level; this goes through basic...

What is a Real-Time Blacklist (RBL)?

An RBL is a third-party listing of IP addresses which have been reported or detected to have...

SMTP Authentication / Trouble Sending Email

If you are having trouble sending email from within an email client such as Outlook, MacMail,...

What is the maximum size of email attachments?

While our email system currently supports a maximum message size of 50MB, this doesn't...

How to enable Apache SpamAssassin in cPanel?

Apache SpamAssassin is a mail filter that identifies spam. It is an intelligent email filter that...