System Administration & Network Administration
domain-name-system spf reverse-dns ptr-record
Updated Sun, 31 Jul 2022 01:42:58 GMT

Do I need to Set-up PTR record in SPF Setting?


I have set-up the RDNS from my hosting provider for the ip address to resolve to "maximus.example.com". After that, do I also need to add the PTR records to the SPF Text details in my DNS zone file as well like this?

v=spf1 include:_spf.google.com ip4:111.11.11.111 ptr:maximus.example.com ~all

My question: Is the above addition of PTR details to SPF record necessary or is it not needed when the host already set-up the RDNS for my ip address?

I was going to add the record to my SPF and I then read this somewhere that this is strongly discouraged.

Note: The ptr sender mechanism is strongly discouraged by RFC 7208 which even goes so far as to suggest its immediate removal for performance reasons since it places a load on the IN-ADDR.ARPA (IPv4) or IP6.ARPA reverse-map domains which generally have less capacity than the gTLD and ccTLD domains.

REF: http://www.zytrax.com/books/dns/ch9/spf.html#ptr

I am not sure if I have misunderstood what it meant. So can someone please clarify this for me please since I am unsure whether I need to add PTR to my zone file or not..

Solution

Since you state your hosting provider has created the RDNS entry, that is the PTR record. If you are asking whether ptr: is needed in your SPF record, no, there is no particular need for that. If this server has an MX record, you might be better off using

v=spf1 include:_spf.google.com mx -all

which says to include the google spf records, and that you otherwise only allow mailservers listed as MX hosts for your domain to send mail "from" it. Let the other mailserver look up the RDNS entry if it wants.

Comments (4)

  • +0 – Perfect. Thats clears my confusion. Thank you so much @NickW. In my server, my mx resolves to gmail by my web server still send transaction emails through postfix. So I guess I should be having my spf as v=spf1 include:_spf.google.com ip4:111.11.11.111 ~all then I assume where the ipaddress is my webserver. :) — Jan 02, 2015 at 15:38  
  • +1 – Yeah, if you can, set up an MX record, it's just another (small) sign that you're a competent and valid mail server :) — Jan 05, 2015 at 09:49  
  • +0 – @NickW Your comments regarding the MX directive in SPF records are incorrect. — Jan 14, 2021 at 15:25  
  • +0 – @ATLief feel free to edit them then! — Mar 26, 2021 at 11:42  

External Links

External links referenced by this document:

References