Join Lisa Bock for an in-depth discussion in this video Understanding PTR records, part of IT Security Foundations: Operating System Security.
- Domain Name System maps a host name to an IP address. It is essential on any network. DNS Records are important for email delivery and spam protection. DNS Records must be configured correctly If not, other mail servers might not deliver your mail. Now, there are several DNS Records. When dealing with email, here are a few. An A record maps a name to an IPv4 address.
AAAA record maps a name to an IPv6 address. An MX record is the mail exchange record and a PTR record is a reverse lookup. PTR records are another tool for spam filters. The PTR record is a reverse lookup, meaning instead of what the DNS does, this maps the IP address to the name. Understand the fight against spam is ongoing and some mail servers will not allow an email to come from a server unless a reverse DNS lookup can be performed.
When looking at spam, in general, it is a serious problem. I'm at this website, spamcop.net but there are many others that monitor and give statistics on the amount of spam that is received over a period of time. As you can see, total spam report volume can be measured according to hours, weeks, months or even years. How much spam is out there? Let's take a look at one website and give statistics. I'm at this website, which gives us a pie chart and this is just one example of showing you how much spam clogs up your mail servers.
When coming across the internet, and once it's identified as spam, as you can see, 80 percent of the mail that's coming into the mail servers are identified as spam, which leaves a little less than 20 percent as legitimate mail. Now, before aggressive spam filtering was done you can only imagine, out of every 10 emails, getting eight emails that are identified as spam. This was costly and it takes up a lot of time in your day to identify which is legitimate email and what is spam.
So again, the fight against spam is ongoing. Now, when we look at spam and spammers and how they work, spammers will most likely use a bogus domain name and will most likely not have a legitimate PTR record. Now, periodically a legitimate business might be flagged because their PTR record is coming up as generic or invalid. That will then classify your email as spam or junk mail. With a legitimate business, this can be considered a serious problem.
How does this happen? Well, there are times when either a phishing or spear phishing attack gets someone to reply with a username and password of their organization. That individual, the spammer, then uses that username and password and then your mail server might be used as what's called a spam relay. Of course organizations are careful not to let the email server be used as a spam relay, which may result in the organization being blocked as it only takes one email to harm an organization.
There are websites available out there that you can check to see if your organization is on a blacklist. But all in all, PTR records are important for email delivery and spam protection in the fight against spam.
Note: This training maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). See https://www.microsoft.com/learning/en-us/exam-98-367.aspx for more information.
- Creating strong passwords
- Understanding biometric security
- Adjusting permission behavior
- Enabling auditing
- OS hardening
- Using the Microsoft Baseline Security Analyzer
- Protecting email