Email authentication can be quite confusing. You SPF, DKIM, DMARC types records and then with those you have PTR mechanisms, A records, MX records, IPV4 and IPV6 records. What does it all mean?
To the average Joe, it is code for I need to go run and tuck my head in the sand and hide from it all. But, for those who care about email delivery, Inbox placement and getting eyes on emails it means a lot. It means you need to learn it all or hire someone who knows what all of this means.
I am writing this today to help those of you who want to learn it. Over the past few months, I have looked into well over 1000 domains and what I can tell you is that 91% of the domains I inspected are not configured properly for email authentication. In easier terms, either their DMARC, DKIM or SPF records are wrong or non existent.
One of the recent trends I have been seeing is the use of a PTR mechanism inside of SPF records. DNS pointer records (PTR) are essentially considered to be reverse DNS addresses.
PTR records are the opposite of A records. Instead of resolving a domain name to an IP address, it resolves an IP address to a domain name. What this means is if the sender is sending an email from IP address 184.108.40.206, the receiver will perform a PTR lookup of 220.127.116.11 to attempt to retrieve a hostname (domain name). Lastly, if a hostname is discovered for IP address 18.104.22.168, then that hostname’s domain is compared to the domain that was originally used to lookup the SPF record.
This from of validation and lookup mechanism is slow and not as reliable as other mechanisms. Because of that, it should not be used as a validation method in SPF records per RFC 4408: https://mxtoolbox.com/problem/spf/spf-type-ptr-check. MOST IMPORTANTLY: Some large receivers will skip the mechanism – or worse they'll skip the entire SPF record – because such mechanisms cannot be easily cached which then causes a SPF validation failure.
Other mechanisms for validation should be used instead, such as: "A", "MX", "iP4", "iP6", "include".
If you are using email to communicate with clients and prospects, proper validation is the key if you actually want your emails to have a chance at landing in the inbox.