How to configure FCrDNS


This is my first post on the Cloudflare community. Our DMARC provider (OnDMARC) has made a recommendation for me to configure FCrDNS to further improve the security and deliverability of email. I’m not sure what steps are required to complete this with Cloudflare and Office365. Has anyone done this before? Here’s a bit more info about FCrDNS for context.

Forward-confirmed reverse DNS (FCrDNS) is a spam filtering mechanism that tests if a given IP address has both forward (name-to-address) and reverse (address-to-name) Domain Name System (DNS) entries that match each other.

This verification is a weak form of authentication that exists to prove that there is a valid relationship between the owner of a domain name and the owner of the network that has been given an IP address. As this is difficult for spammers and spoofers to bypass FCrDNS is checked by some mail receivers in an effort to reduce phishing attacks and spam.

Legitimate email servers should be correctly configured for FCrDNS to avoid deliverability issues.

I found this:

I want to info you that it’s not feasible to achieve that in Office 365. Because Office 365 is a shared environment that provides email service and the IPs are variable rather than fixed when sending emails via Office 365 SMTP server, it will return errors when using reverse DNS check. About this point, we appreciate your understanding and suggest you submit feedback to the related team via the link below:

Instead of sending mail via PHP or a local mail server, you should follow the below article to use Office 365 as a SMTP relay. Here the IP address used to send the email will be Office 365 managed, so there will likely more trusted than regular domains with rDNS.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.