PTR (Reverse DNS) Setup Guide
Configure reverse DNS records to verify your mail server's identity and improve email deliverability.
What is PTR/Reverse DNS?
PTR (Pointer) records, also known as reverse DNS, allow receiving mail servers to verify that your mail server's IP address matches a valid domain name. While forward DNS translates domain names to IP addresses, reverse DNS does the opposite - it translates IP addresses back to domain names.
Without proper PTR records, your emails may face:
- Higher spam scores and deliverability issues
- Rejection by strict mail servers (especially government and corporate)
- Failed authentication checks
- Reduced sender reputation
How PTR Lookups Work
Step 1: Email Received
Receiving server gets an email from your mail server's IP address
Step 2: Reverse DNS Lookup
Server performs a PTR lookup to find the hostname associated with the IP
Step 3: Forward DNS Check
Server performs a forward DNS lookup (A record) on the hostname
Step 4: Match Verification
Verification succeeds if forward lookup matches the original IP address
Why PTR is Critical for Email Deliverability
PTR records are one of the first checks performed by receiving mail servers. Many email providers use PTR validation as a fundamental trust signal.
Server Legitimacy
Valid PTR records indicate your mail server is professionally configured and legitimate
Spam Prevention
Spammers rarely configure reverse DNS properly, so PTR checks help filter malicious mail
Reputation Building
Proper PTR configuration contributes to your overall sender reputation and domain trust
Forward-Reverse DNS Matching
For PTR records to work correctly, you must have matching forward and reverse DNS. This is also known as FCrDNS (Forward-Confirmed reverse DNS).
mail.example.com → A record → 192.0.2.100 ✓
Requirements for proper matching:
- PTR record must point to a valid, fully-qualified domain name (FQDN)
- The hostname returned by PTR must have an A record
- The A record must resolve back to the same IP address
- The hostname should ideally match your HELO/EHLO greeting
PTR Record Format
PTR records are stored in a special reverse DNS zone using the IP address in reverse order with ".in-addr.arpa" appended for IPv4:
For IPv6, the format is more complex using ".ip6.arpa":
Step-by-Step Setup
1. Identify Your Mail Server IP
Find the public IP address(es) your mail server uses to send email. This is typically:
- Your dedicated mail server IP
- Your VPS or cloud instance IP
- Provided by your email service (Google, Microsoft, etc. handle this automatically)
2. Choose a Hostname
Select a fully-qualified domain name for your mail server:
This should match your server's HELO/EHLO greeting for best results.
3. Create Forward DNS Record
In your domain's DNS, create an A record:
- Host/Name: mail (or your chosen subdomain)
- Type: A
- Value: Your mail server's IP address
- TTL: 3600
4. Contact Your Hosting Provider
Important: PTR records are controlled by whoever owns the IP address block - usually your hosting provider, ISP, or cloud provider. You cannot set PTR records in your own DNS.
Contact your provider's support and request:
- IP Address: The IP requiring a PTR record
- Hostname: The FQDN it should point to (e.g., mail.yourdomain.com)
- Purpose: Email server reverse DNS
5. Provider-Specific Instructions
AWS/EC2
Use the Request to Remove Email Sending Limitations form to set PTR records
DigitalOcean
Configure via Droplet settings → Networking → PTR Record
Google Cloud
Create PTR records through Cloud Console → VPC Network → External IP addresses
Microsoft Azure
Managed through Azure DNS or contact support for dedicated IPs
Verification Steps
Test Your PTR Record
After your provider configures the PTR record, verify it using our PTR Checker Tool.
You can also verify manually using command-line tools:
nslookup 192.0.2.100
host 192.0.2.100
Verify Forward-Reverse Match
Ensure the hostname from your PTR lookup resolves back to the same IP:
# Should return: 192.0.2.100
Send Test Emails
Send test emails and check the headers to confirm PTR validation passes. Look for "Received-SPF" and authentication headers that show successful PTR verification.
Common Issues and Solutions
No PTR Record Found
Cause: Your hosting provider hasn't configured the PTR record yet.
Solution: Contact your provider's support team. Some providers require 24-48 hours to process PTR requests.
PTR/A Record Mismatch
Cause: The PTR record points to a hostname, but that hostname's A record points to a different IP.
Solution: Update your A record to match the IP, or contact your provider to update the PTR record to match your A record.
Generic/Invalid Hostname
Cause: PTR points to a generic hostname like "host123.provider.com" or invalid name.
Solution: Request your provider change it to your actual mail server hostname. Generic hostnames reduce trust and deliverability.
Cannot Control PTR (Shared Hosting)
Cause: Using shared hosting where the IP is shared among multiple users.
Solution: Use a dedicated email service (Google Workspace, Microsoft 365, SendGrid) or upgrade to a VPS/dedicated IP for better control and deliverability.
Multiple PTR Records
Cause: More than one PTR record configured for a single IP address.
Solution: Contact your provider to keep only one PTR record - the one matching your primary mail server hostname.
Best Practices
- Use a dedicated IP address for sending email when possible
- Ensure PTR hostname matches your HELO/EHLO greeting
- Use a descriptive, professional hostname (mail.yourdomain.com, not server1234.host.com)
- Keep forward (A) and reverse (PTR) DNS in sync
- Test PTR records after any IP or DNS changes
- Document your PTR configuration for future reference
- Monitor your sender reputation and deliverability metrics
Next Steps
Verify your PTR configuration and complete your email authentication setup: