Cannot set a PTR (rDNS) record for improving email deliverability

Our domain name servers are at Cloudflare because our web design company requires it, but this has interfered with mail delivery to some domains from our on-premises mail server that sends directly to the internet. The error says we have no PTR record so it refuses to accept the mail from us. The Cloudflare support docs explain what reverse DNS is but then the support doc at https://support.cloudflare.com/hc/en-us/articles/360019093151-Managing-DNS-records-in-Cloudflare says:

The main reason to have a PTR record is to prevent emails from ending up in spam folders. Since Cloudflare doesn’t support email traffic by default, you would instead need to set the PTR record where your email server is located. Please reach out to your email provider for assistance.
The PTR record option shown in the DNS Records dropdown is not for adding PTR records for Reverse DNS resolution. It is instead for adding a PTR Record to the Forward DNS resolution for the domain. …

We have no “email provider” other than ourselves so we cannot ask anyone else to set up a PTR record. Must we cancel our Cloudflare account and reclaim control of our DNS or is there a way around this problem?

As you’ll see from many PTR discussions here and your linked article, Cloudflare can not set a PTR record for your domain.

Where exactly are you seeing this error? I don’t use PTR records for any of my mail domains, and my domains pass all spam tests.

To be clear, this will be done through your IP provider. Cancelling Cloudflare will make literally zero difference here as Cloudflare is not involved.

I’m getting non-delivery reports such as:
The following recipient(s) cannot be reached: [email protected] on 25/08/2020 3:53 PM
mx.tb.ukmail.iss.as9143.net: 421 mx1.tb.ukmail.iss.as9143.net mx1.tb.ukmail.iss.as9143.net MXIN108 Failure to determine Reverse DNS for your IP 92.207… . Fix or retry later. ;id=…;sid=…;mta=mx1.tb;d=20200830;t=171602[CET];

OK @thedaveCA - so the PTR needs to be set by the issuer of our static IP and this is our fibre broadband ISP.

Yes.

When I, as a receiving email server, get a connection from your server, I will look up the IP’s reverse DNS by following a chain through the in-addr.arpa TLD, and get referred to your ISP, and I’ll ask them for your PTR record.

I will then resolve that record back to an A or AAAA record and make sure that it matches the IP, only then trusting the resulting record.

The PTR record is handled by your ISP. It can be delegated to you if you have a range and your provider chooses to offer this, but typically they just do the configuration for you for smaller customers.

The verification step will involve your domain’s hosting nameservers, which will be Cloudflare, but this just uses normal A/AAAA records and doesn’t need any special setup.

That’s most helpful, thanks, @thedaveCA. It would be useful if the Cloudflare support doc linked above could be edited slightly. Currently it says

“Please reach out to your email provider for assistance”

but this could be improved to

“Please reach out to the provider of your mail server’s IP address for assistance”

It’s all a bit mind-bending but I understand now.

*** The support doc on rDNS at https://www.cloudflare.com/learning/dns/glossary/reverse-dns/ could also be improved. The last section “How does reverse DNS work?” could usefully indicate that the rDNS PTR record can only be set in the authoritative NS for the IP address.