PTR mechanisms in SPF records
If PTR mechanisms are detected, the current diagnostic output is:
Warning: PTR mechanisms SHOULD NOT be used and cannot be resolved using this diagnostic tool.
What does the PTR mechanism mean? When an email receiver gets a piece of email and the PTR mechanism is in the sender’s SPF record, the receiver will look at the incoming IP address and do a “PTR” lookup.
For example, if the sender is sending email from IP address 1.2.3.4, the receiver will perform a PTR lookup of 1.2.3.4 to attempt to retrieve a hostname. Lastly, if a hostname is discovered for IP address 1.2.3.4, then that hostname’s domain is compared to the domain that was originally used to lookup the SPF record.
Three important things about the above:
- The PTR mechanism has been deprecated. See the relevant RFC for more info.
- The SPF Surveyor cannot resolve PTR mechanisms because a real connection from a real sender is necessary to complete the lookup.
- MOST IMPORTANTLY: Some large receivers will skip the mechanism – or worse they’ll skip the entire SPF record – because such mechanisms cannot be easily cached. Imagine a large receiver doing a PTR lookup for millions of different connections… the size of the local cache explodes.
We’re Here to Help
With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul.
You can get in touch with us or register for a free trial where our onboarding and support team will help you along the way.
Want to continue the conversation? Head over to the dmarcian Forum.
