- A PTR record maps an IP address back to a hostname, and it is the foundation of reverse DNS (rDNS) verification used by every major mailbox provider.
- Forward-Confirmed reverse DNS (FCrDNS) requires your PTR record and A record to match each other; failing this check can cause emails to land in spam or be rejected outright.
- Google, Yahoo, and Microsoft all mandate valid PTR records for bulk senders as of their 2024-2025 sender requirements.
- Only the owner of an IP address (typically your hosting provider or ISP) can create or modify PTR records.
- Each sending IP must have exactly one PTR record pointing to a fully qualified domain name (FQDN) with a matching A record.
What Is a PTR Record?
A PTR (Pointer) record is a type of DNS record that resolves an IP address to a domain name. It is the reverse of an A record, which maps a domain name to an IP address. While A records live in your domain's DNS zone, PTR records live in a special reverse DNS zone managed by the organization that controls the IP address block, usually your hosting provider or ISP.
When a receiving mail server accepts an inbound SMTP connection, one of the first things it does is perform a reverse DNS lookup on the connecting IP address. The server queries the DNS system for a PTR record associated with that IP. If a valid PTR record exists and resolves to a legitimate hostname, the connection passes the initial trust check. If no PTR record exists, or if it points to a generic hostname like host-192-168-1-50.provider.net, the receiving server may treat the connection with suspicion.
How Reverse DNS Works for Email
Reverse DNS operates through a dedicated namespace in the DNS hierarchy. For IPv4 addresses, this namespace is .in-addr.arpa. For IPv6, it is .ip6.arpa. When a mail server needs to verify the identity of a connecting IP, it constructs a reverse lookup query by reversing the octets of the IP address and appending the .in-addr.arpa suffix.
For example, if your mail server's IP is 198.51.100.25, the reverse DNS query looks up 25.100.51.198.in-addr.arpa for a PTR record. The expected result is a hostname like mail.yourdomain.com.
The rDNS Lookup Process Step by Step
- Your mail server connects to the recipient's server and presents its IP address.
- The recipient's server performs a PTR lookup on your IP, querying the reverse DNS zone.
- The DNS system returns the hostname associated with your IP (e.g.,
mail.yourdomain.com). - The recipient's server then performs a forward DNS lookup (A record) on that hostname.
- If the A record resolves back to the original IP address, the check passes. This is called Forward-Confirmed reverse DNS (FCrDNS).
Use the reverse DNS checker to quickly verify that your sending IP has a valid PTR record and that it passes FCrDNS validation before launching any email campaign.
Forward-Confirmed Reverse DNS (FCrDNS) Explained
FCrDNS is the gold standard check that mailbox providers use to validate PTR records. A PTR record alone is not enough; the hostname it returns must also resolve back to the same IP address via an A record. This bidirectional confirmation prevents attackers from pointing PTR records to domains they do not control.
Here is what a passing FCrDNS check looks like:
# Step 1: Reverse lookup on IP
$ dig -x 198.51.100.25 +short
mail.yourdomain.com.
# Step 2: Forward lookup on the returned hostname
$ dig mail.yourdomain.com A +short
198.51.100.25
# Result: Both match - FCrDNS passesAnd here is what a failure looks like:
# Step 1: Reverse lookup on IP
$ dig -x 198.51.100.25 +short
host-198-51-100-25.generichost.net.
# Step 2: Forward lookup
$ dig host-198-51-100-25.generichost.net A +short
198.51.100.25
# Result: PTR resolves to a generic hostname, not your domain.
# While technically FCrDNS passes, the generic name signals
# that this IP has not been configured for legitimate mail sending.Major providers like Gmail explicitly require that sending IPs have valid PTR records resolving to non-generic hostnames. A generic ISP-assigned hostname will technically pass FCrDNS but still signals to spam filters that the sender has not invested in proper email authentication infrastructure.
Why PTR Records Are Critical for Deliverability
PTR records serve as the first layer of trust verification in the email delivery chain. Before a receiving server even evaluates SPF, DKIM, or DMARC, it checks whether the connecting IP has a valid reverse DNS entry. Here is why this matters:
Early Spam Filter Signal
Most spam originates from IPs without valid PTR records, including botnets, compromised home computers, and disposable servers. Checking PTR is a fast, low-cost filter that eliminates a significant portion of illegitimate traffic before deeper content analysis begins. If your sending IP lacks a PTR record, you are immediately grouped with these bad actors.
Mailbox Provider Requirements
| Provider | PTR Requirement | Enforcement Level |
|---|---|---|
| Gmail | Valid PTR with FCrDNS required for all senders | Strict - emails may be rejected or spam-filtered |
| Yahoo Mail | Valid PTR required for bulk senders | Moderate - impacts spam filtering decisions |
| Microsoft Outlook | Valid PTR recommended; part of sender requirements since May 2025 | Moderate to strict for high-volume senders |
| Apple Mail (iCloud) | Valid PTR expected | Moderate - factors into reputation scoring |
Long-Term Reputation Impact
Even when emails are technically delivered, a missing or misconfigured PTR record erodes your sender reputation over time. Mailbox providers track authentication signals across millions of messages, and senders with properly configured PTR records statistically exhibit better sending behavior. The algorithms learn this pattern and reward it with improved inbox placement.
PTR records are also valuable for network troubleshooting. Tools like traceroute and mtr display hostnames via reverse DNS lookups. Without PTR records, you only see raw IP addresses, making it harder to identify which network hop is causing problems.
How to Set Up a PTR Record for Your Mail Server
Unlike A records or MX records, you cannot create a PTR record in your own domain's DNS zone. PTR records must be configured by the organization that owns or controls the IP address block. For most senders, this means contacting your hosting provider, VPS provider, or ISP.
Prerequisites
- A static or dedicated IP address. Shared IPs used by multiple senders cannot support unique PTR records. If you are on a shared hosting environment, your provider manages the PTR record for their IP range. For custom PTR configuration, you need a dedicated IP.
- An A record for your mail server hostname. Before requesting a PTR record, ensure that a hostname like
mail.yourdomain.comhas an A record pointing to your sending IP. - Access to your hosting provider's control panel or support team. Some providers (such as DigitalOcean, Vultr, Linode, and AWS) allow self-service PTR configuration. Others require a support ticket.
Step-by-Step Setup
- Identify your mail server's public IP: On Linux, run
curl ifconfig.meorhostname -I. On Windows, usenslookup yourdomain.com. - Create the A record: In your domain's DNS, add an A record for
mail.yourdomain.compointing to your server's IP address (e.g.,198.51.100.25). - Request or create the PTR record: Log in to your hosting provider's panel and look for "Reverse DNS," "PTR Records," or "IP Management." Set the PTR record for your IP to resolve to
mail.yourdomain.com. If no self-service option exists, open a support ticket requesting: "Please create a PTR record for IP198.51.100.25resolving tomail.yourdomain.com." - Wait for DNS propagation: PTR record changes can take anywhere from a few minutes to 24 hours to propagate globally.
- Verify the setup: Use
dig -x 198.51.100.25or the reverse DNS checker tool to confirm the PTR record returns the correct hostname.
Important: Your PTR record hostname, A record, and HELO/EHLO greeting should all align. Many mail servers announce themselves with a HELO command during the SMTP handshake. If the HELO hostname does not match the PTR record, some receiving servers will flag the mismatch as suspicious.
Common PTR Record Problems and How to Fix Them
No PTR Record Found
This is the most common issue. Your IP has no reverse DNS entry at all. The fix is to contact your hosting provider and request one, as described above. Many VPS providers set a default generic PTR, which is better than nothing but not ideal.
Generic or ISP-Assigned Hostname
Hostnames like server-192-168-1-50.datacenter.net satisfy the bare minimum PTR check, but they signal to mailbox providers that the IP has not been configured for professional email sending. Always request a custom PTR pointing to your own domain.
FCrDNS Mismatch
If your PTR record points to mail.yourdomain.com, but the A record for mail.yourdomain.com points to a different IP, FCrDNS fails. Ensure both records reference the same IP address.
Multiple PTR Records for One IP
While technically possible to have multiple PTR records for a single IP, it is not recommended. During a reverse lookup, a server may pick any one of the records at random, and the selected record might not match your A record. Stick to one PTR record per IP for reliable verification.
HELO/EHLO Mismatch
Your mail server's SMTP banner and HELO greeting should announce the same hostname that your PTR record resolves to. Check your mail server configuration (Postfix: myhostname, Exim: primary_hostname, Microsoft Exchange: receive connector FQDN) and update it to match.
PTR Records vs. SPF, DKIM, and DMARC
PTR records are not a replacement for email authentication protocols like SPF, DKIM, and DMARC. They serve a different and complementary purpose in the trust chain:
| Check | What It Verifies | When It Runs |
|---|---|---|
| PTR / rDNS | The sending IP belongs to a named, legitimate host | At SMTP connection, before message transfer |
| SPF | The sending IP is authorized to send for the envelope domain | After MAIL FROM command |
| DKIM | The message content has not been altered and is cryptographically signed | After message data transfer |
| DMARC | SPF and/or DKIM align with the From header domain | After SPF and DKIM evaluation |
Think of PTR as the "caller ID" for email. It is the first check that happens, even before SPF or DKIM are evaluated. A valid PTR record does not guarantee inbox placement on its own, but a missing one can prevent your message from even reaching the authentication stage.
PTR records verify that your sending IP belongs to a named host. They are checked before SPF, DKIM, or DMARC. All major mailbox providers require valid PTR records, and the hostname must match your A record (FCrDNS). Set up PTR through your hosting provider, ensure your HELO matches, and use one PTR record per IP.
How to Verify Your PTR Record Configuration
Regular verification ensures your PTR records remain correctly configured, especially after infrastructure changes like IP migrations or hosting provider switches.
Using Command-Line Tools
# Linux/macOS: Using dig
dig -x 198.51.100.25 +short
# Linux/macOS: Using host
host 198.51.100.25
# Windows: Using nslookup
nslookup 198.51.100.25
# Verify FCrDNS by checking the forward lookup
dig mail.yourdomain.com A +shortUsing Online Verification Tools
The SenderReputation.org reverse DNS checker performs both the reverse and forward lookups in a single step and clearly reports whether your FCrDNS passes. For a broader view, run your sending IP through the sender reputation checker to see how PTR configuration factors into your overall reputation profile.
Frequently Asked Questions
PTR records are controlled by the organization that owns the IP address block. Some VPS providers (DigitalOcean, Vultr, Linode, Hetzner) offer self-service PTR configuration in their control panels. Others require you to submit a support ticket. You cannot add a PTR record in your domain registrar's DNS settings.
If you send through a third-party ESP, they manage the PTR records for their sending infrastructure. You are only responsible for configuring PTR records if you operate your own mail server or if your ESP has provisioned a dedicated IP address for your account. In that case, confirm with the ESP that the PTR is properly set.
Generic hostnames like host-10-0-0-1.provider.net satisfy the minimum requirement that a PTR record exists, but they signal to mailbox providers that the IP has not been configured for professional email. This can negatively affect your sender reputation and spam filtering outcomes. Always configure a custom hostname under your own domain.
DNS propagation for PTR records typically takes between a few minutes and 24 hours, depending on the TTL values and the responsiveness of your provider. You can test propagation against multiple DNS servers (e.g., Google's 8.8.8.8 and Cloudflare's 1.1.1.1) to check consistency across resolvers.
Technically yes, but it is strongly discouraged. When multiple PTR records exist for one IP, a DNS resolver may return any one of them at random. If the randomly selected hostname does not match your A record, the FCrDNS check fails. Best practice is exactly one PTR record per sending IP.