Integral to any machine functioning on the Internet is DNS (Domain Name Service) Records.  

In order to send mail to our email servers your must have a fully qualified domain name that resolves both to the DNS Forward and Reverse records.  This requires a valid 'MX' and or 'A' record that is properly configured with your DNS server. 

If you need assistance configuring your DNS - our services are available on a consult basis at $60 per hour.

 

Example Log Entry for 'Rejected Mail'

In the example listed below the mail was 'rejected' at our mail server and will continue to be rejected until the sending DNS is properly configured.  I sure hope someone isn't paying to send these Greetings in the example below :-)
SMTP 8 Oct 2 00:03:01 A 3066 1005 Connection from [216.33.111.150] [216.33.111.150]
SMTP 8 Oct 2 00:03:01 A 1005 220 INTIMIDATOR.ourdomain.com WindowsNT SMTP Server v3.03.0017/1.akjv/SP ESMTP ready at Tue, 8 Oct 2002 00:03:01 -0600
SMTP 8 Oct 2 00:03:01 A 3066 1005 EHLO www.americangreetings.com
SMTP 8 Oct 2 00:03:06 F 3284 1005 EHLO - inconsistent hostname / IP address www.americangreetings.com [216.33.111.150]
SMTP 8 Oct 2 00:03:06 F 3262 1005 EHLO rejected mail from www.americangreetings.com [216.33.111.150]
DNS Forward Resolution for the  'Fully Qualified Domain' 
-> *NSLOOKUP on www.americangreetings.com
Name: www.americangreetings.com
Address: 216.33.97.70  (not 216.33.111.150 - the mail machine it is attempting to send from) 
DNS Reverse Resolution
-> *NSLOOKUP on 216.33.111.150
*** neptune.unn.com can't find 216.33.111.150: Non-existent domain
* NSLOOKUP is a system function / tool used primarily for reading DNS records. 
Resolution - In the above example the mail sending machine needs to have a DNS 'A' (Alias) record created pointing to the 216.33.111.150 if they are sending mail from  www.americangreetings.com fully qualified domain. Problem with this is even if they would've had the DNS Forward configured properly  - the DNS Reverse does not resolve, so the email  would've been rejected on the DNS Reverse Authentication.  

 

What is the difference between a 'qualified' domain and a 'fully qualified domain' ? 
A qualified domain can be an upper level domain.  Which in this example americangreetings.com resolves to 216.33.97.70, which if our mail servers accepted  'qualified domain name'  the mail would be received.  But spammers can spoof qualified domain names fairly easily.

If you are running behind a NAT Firewall - an 'A' record will be required to receive mail.  

A 'fully qualified domain' requires the full entry (note the first part of the domain name) - example below

  • www.americangreetings.com
  • mail.americangreetings.com
  • anything_i_want.americangreetings.com

 

 Why we do this ?
Most 'spammers' or 'list servers' will not take the time to setup and propagate their DNS Records, Using the DNS Records their IP Address / Block can be 'discovered' and corrective actions can be taken by their ISP to shut down these spamming email accounts.  

 
A Note on Email Blacklists
Email servers that do not use stringent 'Authentication Methods' and 'Spam Filters' are subject to being blacklisted.  Websites such as www.ordb.org and www.mailabuse.org will upon notification from an email user or random testing - list an email server on their 'blacklist'.  

Companies hoping to cut down on 'spam' email, will purchase this list / services from these companies and apply the list to all their 'receiving' emails.  Mail from an email server that is on the 'blacklist' will be automatically rejected.  

The sender rarely receives notification that the email was rejected, typically it's the Email Postmaster.  The mail will simply go into the 'lost mail oblivion'.

Our policies help to ensure that our mail servers will not be 'blacklisted' and that your mail is being received by the recipient.

 

Are we the only one who do this ?
No, we use the same software application that such companies as Qwest Communications and Hewlett Packard use for their Microsoft based web email services.  In my 4 years experience as an Internet Engineer for Qwest Communications - I never once reviewed theses logs.

Most companies will not take the time to notify the sender / receiver of the misconfigured DNS - It's just assumed that if the sending ISP's System Administrator doesn't know how to configure DNS - you ought not be playing on the Internet - stay on the porch.  

 

Notification
Will I be notified if the sending ISP does not have their ISP configured properly ?  

If you suspect mail is being rejected from a 'valid' send - please contact us and we will review the logs and notify the sending ISP of the issue - or you may send them the link for this page. If they chose not to configure their DNS properly, perhaps it is best to have the mail sent to a 'sloppy' email system (like AOL, Hotmail, Yahoo) etc.  The Internet is a big place, and it's hard enough managing our little piece to ensure our clients get the best possible business services - let alone trying to be the 'Internet DNS Police'. This is an issue with their DNS - our DNS services are configured properly.

For the most part - we will NOT notify the sending ISP of the issue. If it is a spammer sending the mail - it is best the mail is rejected. This 'clogged' up mail will continue to attempt to send through our mail servers for 4 days, which can create bottlenecks for other customers.  In this situation - the misconfigured email server will be banned from our servers.  The less knowledge the 'spammers' have the better off the rest of the Internet is.  

Affluency Webs | 303.941.2999

All rights reserved.