Try the Reverse DNS

Reverse DNS and Email Deliverability: Why Your PTR Record Silently Matters

A missing PTR record silently degrades email deliverability. Here's how forward-confirmed reverse DNS works, why it matters for email authentication, who controls PTR records, and how reverse DNS is used in security investigation.

By sadiqbd Β· June 8, 2026

Share:
Reverse DNS and Email Deliverability: Why Your PTR Record Silently Matters

Reverse DNS is the email authentication signal most administrators forget to configure

An IP address maps to a hostname. That's the forward record (A record). A hostname resolving back to an IP is the reverse record (PTR record). Together, when the hostname derived from a PTR record resolves back to the original IP, you have forward-confirmed reverse DNS (FCrDNS) β€” one of the quieter but significant signals in email deliverability and IP reputation.

The two directions of DNS

Forward DNS: example.com β†’ 93.184.216.34
Query an A record; get an IP address.

Reverse DNS: 93.184.216.34 β†’ example.com
Query a PTR record in the special in-addr.arpa namespace; get a hostname.

The reverse DNS zone for 93.184.216.34 is queried as: 34.216.184.93.in-addr.arpa β€” the IP octets are reversed and the in-addr.arpa suffix is added.

For IPv6, the format is similar but uses the ip6.arpa namespace with each hexadecimal nibble reversed.

Why reverse DNS matters for email

When your mail server sends an email, the receiving server performs a series of authentication checks. One of them β€” not standardised, but widely practiced β€” is checking whether the sending IP has a PTR record, and whether that PTR record's hostname resolves forward back to the same IP.

The FCrDNS check:

  1. Receiving server notes the sending IP: 203.0.113.50
  2. Reverse DNS lookup: 50.113.0.203.in-addr.arpa β†’ PTR returns mail.example.com
  3. Forward lookup: mail.example.com β†’ A record returns 203.0.113.50
  4. IP matches β†’ FCrDNS passes βœ“

If any step fails β€” no PTR record, or PTR hostname doesn't resolve forward, or resolves to a different IP β€” the sending server fails the FCrDNS check. Many receiving mail servers add a spam score penalty for this. Some (particularly strictFCrDNS implementations) reject email outright.

Common failure modes:

  • No PTR record at all (most common β€” easy to overlook during server setup)
  • PTR record set to a generic hostname like ip-203-0-113-50.staticip.isp.com rather than your mail server's hostname
  • PTR record points to the right hostname but that hostname's A record doesn't exist or returns a different IP

Who controls PTR records

This is the most important thing to understand: you cannot set PTR records yourself in your domain's DNS zone. PTR records are controlled by the owner of the IP address block β€” which is your hosting provider or ISP.

To set rDNS for your server's IP:

  • VPS providers (DigitalOcean, Linode/Akamai, Vultr, Hetzner): usually a self-service setting in the server dashboard under networking/rDNS settings
  • Dedicated servers: typically in the hosting provider's control panel
  • AWS EC2: manage via Elastic IP address settings in the console
  • Google Cloud: configure via the Compute Engine instance settings
  • ISP-allocated IPs: contact the ISP directly with your requested PTR record

The PTR record you set should match the hostname configured in your mail server's EHLO/HELO banner. Mismatches between the PTR hostname and what the mail server announces itself as are another spam signal.

Uses of reverse DNS beyond email

Security investigation and threat intelligence

When an IP appears in server logs (failed SSH attempts, suspicious web requests, scan traffic), reverse DNS provides context:

  • An IP resolving to crawler.googlebot.com is a legitimate Google crawler
  • An IP resolving to mail.spamoperation.cn in your login logs is more concerning than a generic IP
  • An IP with no rDNS at all is a weak signal (many legitimate IPs lack rDNS) but combined with other indicators can inform blocking decisions

Security analysts use rDNS as part of threat intelligence workflows: enriching IP data from firewall logs, SIEM events, and incident response.

Confirming your own server identity

After configuring your mail server and PTR record, running a reverse DNS lookup confirms the setup is correct before sending email. If the PTR record isn't set or doesn't match your mail server hostname, deliverability will suffer.

CDN and cloud service identification

Many CDN and cloud providers set descriptive PTR records for their IP ranges. Cloudflare edges resolve to cloudflare.net hostnames. AWS endpoints resolve to amazonaws.com patterns. Google services to google.com patterns. This makes network traffic analysis faster β€” you can often identify what service an IP belongs to from the PTR record.

Verifying your mail server's rDNS

The complete check:

  1. Find your mail server's sending IP β€” from an email header in a sent message (look for the first Received: line's IP)
  2. Reverse lookup the IP using the Reverse DNS tool
  3. Confirm a PTR record exists and points to your mail server's hostname
  4. Forward lookup the hostname β€” confirm it resolves back to the same IP (FCrDNS)
  5. Verify the hostname matches your EHLO β€” check your mail server configuration for the hostname it announces in the SMTP handshake

How to use the Reverse DNS Lookup on sadiqbd.com

  1. Enter the IP address β€” IPv4 or IPv6
  2. Look up β€” the tool queries the PTR record in the appropriate in-addr.arpa or ip6.arpa zone
  3. Read the hostname β€” this is what the IP resolves to in reverse DNS
  4. Run a forward lookup on the hostname β€” confirm FCrDNS

Frequently Asked Questions

Does a missing PTR record cause email to be rejected? It depends on the receiving server. Many major providers (Gmail, Microsoft) use PTR as a soft signal β€” missing PTR increases spam scoring but doesn't cause immediate rejection. Some corporate mail servers and smaller ISPs apply stricter rules and may reject mail from IPs without PTR records. Best practice is always to set a proper PTR record for any IP used to send email.

What should my PTR record contain? Your mail server's fully qualified domain name (FQDN) β€” the same hostname the server announces in its EHLO banner. For example: mail.example.com if your server announces EHLO mail.example.com.

My hosting provider won't let me set a custom PTR. What can I do? Switch to a provider that allows rDNS control (most VPS providers do), or use a transactional email relay (Mailgun, Postmark, SendGrid) that handles rDNS configuration on their sending IPs.

Is the Reverse DNS Lookup free? Yes β€” completely free, no sign-up required.

Reverse DNS is one of the infrastructure details that runs silently in the background β€” until email starts landing in spam and you spend an afternoon discovering the PTR record was never set. Ten minutes of configuration prevents that entirely.

Try the Reverse DNS Lookup free at sadiqbd.com β€” translate any IP address to its hostname and verify FCrDNS for email deliverability.

Share:
Try the related tool:
Open Reverse DNS

More Reverse DNS articles

Reverse DNS Lookup β€” Translate Any IP Address to Its Hostname Reverse DNS Lookup β€” Translate Any IP Address to Its Hostname IP Geolocation: How It Works, Why City-Level Accuracy Is Unreliable, and the VPN Problem IP Geolocation: How It Works, Why City-Level Accuracy Is Unreliable, and the VPN Problem Reverse DNS for IPv4 vs IPv6: Why ip6.arpa Delegation Works So Differently from in-addr.arpa Reverse DNS for IPv4 vs IPv6: Why ip6.arpa Delegation Works So Differently from in-addr.arpa