Email Security

Importance of PTR Records for Reliable Mail Delivery

by Christopher on September 25, 2011

Outgoing email rejections are becoming increasingly common, and while this is good news in the fight against spam, it can hurt your business if your emails are not reaching their intended targets. One reason for the increase in rejections is that growing numbers of incoming mail servers are rejecting emails from outgoing servers without a valid PTR record.

A PTR record, or pointer record, enables someone to perform a reverse DNS lookup. This allows them to determine your domain name based on your IP address. Because generic domain names without a PTR are often associated with spammers, incoming mail servers identify email from hosts without PTR records as spam. If you do not have a PTR, these same servers may identify legitimate emails from your business as spam and block them from reaching your customers.

Why Are PTR Records Important?

There is no requirement that you have a valid PTR record, but you may be unable to successfully send email to certain sites if you do not.

PTR records are most commonly used by spam filters to determine the suspiciousness of an email. Because spammers are more likely to use fake domain names and dial-up IP addresses, they are considerably less likely than legitimate organizations to have a valid PTR record. If a spam filter determines that your PTR record is generic or invalid, it is more likely to classify your email as junk mail. Blocked emails can result in lost business, damaged relationships with clients, and wasted time.

Unless you are certain that you have a valid PTR, do not assume your business is not at risk simply because you’ve received few complaints about missing emails; you may still have a problem. Because many organizations do not have matching PTR records, including those that use dynamic IP addresses, many spam filters use this criteria as part of a weighted algorithm in an attempt to reduce false-positives. Therefore, some or most of your emails may be getting through, leading you to erroneously believe your company is not being negatively affected. Unfortunately, it may take only one blocked email to seriously harm your organization.

In some cases, your email will be summarily rejected if you do not have a valid PTR record. AOL, for example, rejects email messages without valid PTRs. To avoid triggering spam filters, your PTR record should match with the host name on port 25 when the receiving server returns a verification check.

Contact your ISP to verify you have a valid PTR record or to request they create a PTR for your mail server IP address. PTR records are not created when you register your domain name; it is the responsibility of your ISP to create them. If your business uses a dynamic address and you cannot obtain a PTR, you can work around the problem by sending your outgoing mail through a server that does have a valid PTR record.

Ideally, you should stick to one PTR unless your business has a specific need for more than one. While DNS does not restrict the number of PTR records associated with each reverse DNS entry, having multiple records for a single IP address is generally a bad idea.

Be the first to comment

Just How Pervasive is Botnet Spam?

by Christopher on May 12, 2011

If you’re aware of key concerns in the fields of anti-spam technology and managed email security, you’ve heard about the threat of your computer being recruited into a botnet via email spam. Malware can be uploaded onto your computer with just one wrong click in a spam message. Some of it secretly hijacks your email account for use in a network of “bot” or “zombie” computers that sends out mass quantities of spam.

To many, this sounds like a remote possibility with a science fiction tinge to it. However, botnets are quite real; they control millions of computers all around the world and send out the vast majority of the global spam in circulation at any given time.

According to the MessageLabs Intelligence 2010 Annual Security Report, an average of 88.2 percent of all spam originated from botnets last year. One botnet in particular, called Rustock, was solely responsible for 47.5 percent of all spam, cranking out an average of 44.1 billion spam emails per day over the course of the year. And while it’s easy to get the impression from much of the writing on the subject that the botnet threat is mostly of concern to people in Asia, Europe, and Africa, the Unites States is the primary source of infection for the estimated 1.1 to 1.7 million computers acting as Rustock zombies.

Grum, the second largest spam botnet, sent an average of 7.9 billion spam messages a day, or 8.5 percent of 2010’s global spam, using between 310,000 and 470,000 hijacked computers. Last year’s third most significant botnet was Cutwail, launching 5.9 billion emails a day, on average, and sending 6.3 percent of all spam for the year to control somewhere between 560,000 and 840,000 bot computers.

The remaining top ten 2010 botnets, in descending order of how much spam they sent, are called Maazben, Mega-D, Cimbot, Bobax, Xarvester, Festi, and Gheg. In total, botnets were responsible for an average of 71.1 billion spam emails every day last year, in stark contrast to the 21.8 billion daily spam messages sent from non-botnet computers. Up to 5.4 million computers are believed to have been under botnet control in 2010.

While most spam is more nuisance than threat, there was an alarming increase in the amount of malware delivered by botnet-infected computers last year, notes the MessageLabs Intelligence Report. Cutwail was identified as the most significant botnet in this respect, especially with its massive mailings of spam messages containing the Bredolab Trojan.

In addition, the acquisition of medications from unlicensed online sellers is a leading spam-related health and safety concern. According to a January 11, 2011 article in PC World, about 36 million Americans reportedly make such purchases. The majority of spam originating from botnets is pharmaceutical spam, which even made up the bulk of Rustock’s emails last year.

Spam, computer infections, and other threats originating from botnets are far more pervasive and serious than many people realize. If your email account were to be compromised, it would jeopardize everyone whose email address is stored in your account. Addresses in your contacts list, and any your account can auto-complete, will be the first to get spam from your hijacked computer. Messages will arrive seeking to upload malware to their systems in an attempt to recruit them into the same botnet.

This can be an embarrassment, but it can also be damaging when professional contacts start receiving spam from your email address. Of course, your computer will also be transferring any risks associated with the spam, including viruses or potentially harmful content, such as pharmaceutical spam.

Be the first to comment

Securing Email and Other Online Accounts: Avoiding Common Password Mistakes

April 24, 2011

As more people open more online accounts, the opportunities to hack into them multiply and the potential benefits become more substantial. On the other end, this means Internet users have an ever-growing need for a larger collection of strong, secure passwords. Unfortunately, the majority of people opt for the convenience of easily remembered passwords when [...]

Read the full article →

Email security is more important than ever

November 20, 2010

Spam email has evolved far past the point of being merely a nuisance aiming to sell a product or service. The International Computer Security Association points to spam email messages year after year as the most prolific spreader of viruses. In fact, today’s spam, regardless how innocuous it may appear, can serve as a delivery [...]

Read the full article →