Back to Community Threads
FCrDNS with Reverse DNS
Problem reported by Scarab - 1/2/2026 at 5:26 PM
Submitted
I'm posting this a suggestion rather than a problem as I have a sneaking suspicion that despite the way it is described in the Help that the Reverse DNS Spam Check is somehow "Working As Intended" when in reality it almost useless as implemented.

Forward Confirm Fail and Forward Confirm Mismatch spam settings should be concerned with the HELO/EHLO address that is provided by the connecting SMTP server. An Host A lookup should be done on the HELO/EHLO address to get an IP adddress. That IP Address from the Host A lookup should match the IP address the SMTP server is connecting with otherwise it should FAIL. A PTR query for that IP Address should come up with a rDNS record that should match the HELO/EHLO provided otherwise it should FAIL. The rDNS value should then have a Host A record that matches the IP address the SMTP server is connecting with otherwise it should FAIL.

What is happening in reality is that the SMTP server gives a HELO/EHLO. Smartermail is then looking up the IP Address from the Host A record for that HELO/EHLO and then the PTR record and the Host A record for the results given. It is matching just the IP Address and not the HELO/EHLO and the domain in rDNS. It is never attempting to match the results of the PTR record in rDNS with the HELO/EHLO and providing a FAIL when they mismatch. (NOTE: This is a separate issue from the HELO/EHLO resolving with a CNAME instead of a Host A record.)

The vast majority of Spam has a mismatching HELO/EHLO from the PTR record. For some examples:

Received: from mail.ddooodster.com (mail.renturf.website [185.48.248.145])
Received: from mail.theatiantic.com (mail.tpcgloble.online [91.236.116.135])
Received: from mail.navilclips.com (mail.bestmoringatrees.website [88.135.73.15])
Received: from mail.emenuegypt.com (it-pom-server.powered-by.c1vhosting.it [5.59.248.154])
Received: from servicemail.com (static-ip178-19.static.cytanet.com.cy [213.149.178.19])
Received: from cs-1009388095865-default.europe-west4-a.c.od237066db22328bb-tp.internal (226.187.91.34.bc.googleusercontent.com [34.91.187.226])
In all of these examples, the HELO/EHLO matches the IP address from a Host A lookup and the results of the Host A record from the results of the PTR lookup rDNS record match IP addresses so SmarterMail gives them a PASS, when in reality they are two different Host names that mismatch and should FAIL.

Although the way SmarterMail is currently doing a FCrDNS may be technically correct, it doesn't address the real reason why FCrDNS should be performed to be effective against Spam. Most ASNs have something populating their PTR records in rDNS that will almost always match a Host A record, i.e. Google Cloud or AWS (such as 226.187.91.34.bc.googleusercontent.com or ec2-44-225-173-64.us-west-2.compute.amazonaws.com). However, running a SMTP Server at those services you may have a Host A record that resolves to that IP but your HELO/EHLO will not necessarily match the Host name in the PTR record for that IP unless you are running a SMTP service authorized by that Hosting Provider who has modified their PTR record to match your STMP server's HELO/EHLO. Which is precisely why matching the results of the PTR record and the HELO/EHLO are critical in fighting Spam (a.k.a. those pesky AAA, 0maha Steaks, Keurig, BlueCross, and Marriott & Hilton Hotel spam everyone here on the Community Forums often complain about).

Would it be too much to ask that there be an option in the Reverse DNS Spam Check to match the HELO/EHLO to the PTR with a Weight so that it can actually catch the majority of Spam and therefore live up to it's potential as a truly useful Spam Check?
D
Douglas Foster Replied
1/6/2026 at 2:02 PM
You are correct that HELO is more important than RDNS, because the HELO name is always supposed indicate the server organization, while the RDNS name while often indicate the ISP.    

The more important issue is that fcDNS, on either name, is pretty much useless as a spam check.   Here is my data:
  • Verified RDNS accounts for 83% of my unique IP addresses, 95% of all messages, 86% of blocked messages, 98% of quarantined messages, and 96% of allowed messages.
  • Verified HELO accounts for 64% oif unique IP addresses, 84% of all messages, 85% of blocked messages, 95% of quarantined messages, and 83% of allowed messages.
fcDNS is useful, but it is useful for authentication rather than risk assessment.
  • Problem:
    Assume Example.Com has a missing, invalid, or incorrect SPF record, and you determine that it legitimately comes from Outlook.com.   How does one configure a local policy rule that establishes equivalence to SPF PASS?    Itemizing all of the IP addresses in Outlook.com is not feasible.
  • Solution:
    Create a local policy rule which check to see if an Example.Com message comes from Outlook.com and the host name verifies with fcDNS.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Spam and Security Checks for IPv6 SystemsSmarterMail > Antispam and Antivirus
Cannot Send Email MessagesSmarterMail > Troubleshooting
Configure SmarterMail as a Backup MX ServerSmarterMail > Installation and Configuration