I’ve read Cloudflare’s entry on PTR records, but I’m not clear on certain details regarding how to manage DNS once a PTR record has been set up.
We host a website (with Cloudflare service) for a client – another company hosts their email. The client wants to set up a PTR record to prevent their group emails from ending up in spam folders. I need to guide the company hosting email on the PTR issue.
Question 1:
Should I have them set up a PTR record where the email is hosted?
Question 2:
I’m quite confused about the DNS side of this. I’m seeing guidance that advises turning off the DNS/HTTP proxy for the mail subdomain – but there’s no option for doing so (no orange cloud icon) beside MX record entries.
Do I need to set up a new subdomain for email service? And would this be an MX record, or some other kind of record?
So typically an MTA will check the PTR on the host sending the mail. So if mail is being sent from the other company hosting their mail (wherever the group mails are sent from). The PTR should match the forward lookup for the zone so if the MTA is mail.somehost.com pointing to 1.2.3.4 the PTR record for 1.2.3.4 should be mail.somehost.com. PTR records actually look like 1.2.3.4.in-addr.arpa.
PTR records are managed by whoever owns the network block the host is residing on (often, but not always the datacenter provider).
If the customer is sending mails from their webserver (insert whole host of reasons this can be a bad thing here) the webserver itself needs a PTR record, but this would be the true IP address of the origin server, not the Cloudflare proxy because the true origin IP address is going to be the sending IP address for this. It doesn’t really matter what this host name/PTR record pair are (mostly) they just need to match. So it could be that the host name is something.hostingprovider.com it doesn’t need to match the name of the domain sending the mail.
On the Cloudflare side we generally try to keep you from shooting yourself in the foot. So Mx records can’t be orange clouded. And when it points to a 3rd party MTA there is no A record for that in your DNS, nor is there a need for it. So you should be just fine.
Thanks for the information, cscharff – that clears up points I was unclear on. Trying to get a PTR record set up on the email server, which I assume will resolve the issue.