Kategoriler
EXCHANGE ONLINE MICROSOFT 365

MICROSOFT 365 (EXCHANGE ONLINE) and PTR RECORD

We’ve had a lot of questions about this recently. That’s why I wanted to prepare a short blog post on this subject.

First of all, let’s talk about the PTR record:
PTR, queries the DNS record to which an IP address corresponds, as opposed to the A record. That’s why it is also called Reverse DNS.

E-mail servers try to understand that the e-mail is not manipulated or spoofed until it arrives from the exiting server to the receiving server. They can verify this with authentication methods such as SPF, DKIM, and DMARC embedded in the header of incoming emails. In addition, some servers need to check the PTR record as well.

So, what should the content of the PTR record be?
Basically, the PTR record provides verification of your sending server addresses. For example, the IP address of the server used to send mail that you have included in your SPF record is 172.217.22.14. You should create a PTR record for this IP address and enter the server DNS address/hostname in the corresponding value.

You need to do this to all addresses you have authorized for sending e-mails.

So, how do things work on Microsoft 365, Exchange Online?

Unfortunately, the PTR record is not a viable verification method on Exchange Online. This situation is caused by the Exchange Online architecture. An Exchange online user does not always send mail from a fixed IP address/server while sending mail. A random IP address from a very large IP/server pool is used when sending mail. Therefore, every time the user sends an e-mail, the e-mail is output from a different IP address.

Since there is such a large and dynamic IP usage, it is not a viable method to create a PTR record for each IP address. Therefore, if you are a Microsoft 365 user, you cannot use the PTR record verification method.

What should we do in this situation?

After making sure that your SPF, DKIM and DMARC records are published correctly, we can submit the proof that they work to the recipient side and ask them to add us to the trusted addresses on their mail servers.

In this way, we can have an uninterrupted mail flow between the recipient side and us.

Yorumda bulunun

Aşağıya bilgilerinizi girin veya oturum açmak için bir simgeye tıklayın:

WordPress.com Logosu

WordPress.com hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap /  Değiştir )

Twitter resmi

Twitter hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap /  Değiştir )

Facebook fotoğrafı

Facebook hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap /  Değiştir )

Connecting to %s