Domain name/IP anti-resolution

Source: Internet
Author: User
Tags net domain nslookup

Today, with the proliferation of spam, spam has brought great harm to our life, work, and study. Due to the lack of an effective sending authentication mechanism between SMTP servers, even if spam recognition blocking technology is adopted, in addition, the spam recognition blocking technology mainly identifies emails based on certain conditions after receiving them, which requires a lot of server resources. If you can take some measures before the emails arrive at the server, this greatly improves the server efficiency. Therefore, many email servers, such as sina.com, hotmail.com, and yahoo.com.cn, have adopted the spam identification blocking technology + reverse IP resolution verification technology to better block spam.

Let's take a look at what reverse IP resolution is. In fact, a friend who has worked on a DNS server will surely know that there are two regions in the DNS server, namely "forward lookup area" and "reverse lookup area". The reverse lookup area is the IP reverse resolution mentioned here, it is used to query the PTR record of the IP address to obtain the domain name pointed to by the IP address. Of course, to obtain the domain name successfully, you must have the PTR record of the IP address.
So how is reverse IP resolution applied to the mail server to block Spam? Let's take a look at the following example:

One day, a q visited Company A and handed him A business card containing information such as his "hacker murder club" and phone number, company A thought it was necessary to make A simple investigation into the origins of Q, so he called the Telecommunications Bureau of the phone number on Q's business card to check the situation, if the Telecommunications Bureau tells Company A that its phone number does not belong to the "black road killing club", Company A will reject the visit by Q. If the phone number does belong to the "black road killing club ", company A may accept A visit from Q and may further investigate the situation. Therefore, the company called the registrar of the "black road murder club". If the answer was received to confirm that the club had the phone number, company A will accept A visit from Q; otherwise, the visit will be rejected.

In this example, a q is like our mail server, and company A is the mail server of the other party, the "black road murder club" is the HELO domain name used by the email server to communicate with the other's email server (not the domain name after the email address ), the phone number on the business card is the public IP address at the exit of our email server. Company A's investigation of Q is equivalent to A reverse resolution verification process. From this we can see that reverse resolution verification is actually performed by the other server. If we do not do reverse resolution, the reverse resolution verification of the other server will fail, in this way, the recipient's server rejects the email we sent because we are an unknown sender, this is why we cannot send emails to sina.com or homail.com without reverse resolution after we exclude other reasons (such as being blacklisted by the other party, having no MX records, and using dynamic IP addresses.

So how can we smoothly perform reverse resolution? First, you must have a fixed public IP address and available domain name (preferably not used by other services). For example, if you have a diyway.net domain name, you can ask your domain name registrar to add an mx.diyway.net domain name for you and direct its A record to the public IP address at the exit of your SMTP server, for example: 61.192.56.23, then, contact your ISP (China Telecom or China Netcom) to request reverse resolution of your IP address to mx.diyway.net. After that, do not forget to change the HELO domain name of your SMTP server to mx.diyway.net.

 

========================================================== ====================

Nslookup-qt = ptr yourIP

For example, my domain name is diyway.net.
My mail server address is mail.diyway.net.
Email user name format is username@diyway.net
Set the HELO of the mail system to mx.diyway.net on the mail server.
The email server IP address is 61.192.56.23.
Find the local telecom to do the 61.192.56.23 IP anti-resolution to mx.diyway.net

In Windows, run cmd and then in the window that opens, enter nslookup-qt = ptr 61.192.56.23.

The returned information is as follows:
C: \ Documents ents and Settings \ user> nslookup-qt = ptr 61.192.56.23
Server: mx.diyway.net
Address: 61.192.56.23

This indicates that the anti-resolution of this IP address is successful.

The returned information is as follows:
C: \ Documents ents and Settings \ user> nslookup-qt = ptr 61.192.56.23
* ** Can't find server name for address 61.142.80.154: Non-existent domain
Server: UnKnown
Address: 61.192.56.23

This indicates that the anti-resolution of this IP address is not performed.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.