• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Red Sift Blog

Democratizing technology essential for cybersecurity.

Red Sift Blog
  • redsift.com
  • Featured
  • About
  • Get in touch
You are here: Home / Email / How does FCrDNS affect your email deliverability and domain security?

How does FCrDNS affect your email deliverability and domain security?

by Murtazah Shah
July 14, 2020September 28, 2020Filed under:
  • Email

Forward Confirmed Reverse DNS (FCrDNS) is a technical DNS configuration that shows the relationship between an IP address and a hostname.

FCrDNS allows you to prove that your IP address is using a sending domain that you own; this allows a form of authentication that some mailbox providers use in their spam filter methodology and if setup correctly will help the deliverability and security of your email. 

Improving security

The objective of FCrDNS is to reduce the amount of incoming spam that is processed by a mail server. This check happens as soon as a connection is made to your SMTP server, prior to any other header information being received. As a result, the SMTP server can reject mail early on and not waste processing time or resources.

Misconceptions regarding where should FCrDNS be setup

When setting up FCrDNS on an IP address that is sending out mail, it is best practice to set up the hostname with an A record in your DNS. When an IP address is set up this way, the IP has a reverse DNS resolution of a single hostname. The hostname reversed points back to the IP address. That IP now uses the same hostname to introduce itself during SMTP transactions.

Not every hostname needs to be set up with A/AAAA records; a single hostname can point to multiple IP addresses. Vice versa, a single IP can also point to a different hostname or to nothing at all. 

The above example shows an IP being pointed to multiple PTR records, a setup we do not recommend because anyone verifying such an IP will need to do multiple DNS lookups for verification, requiring more compute power and time. Our recommendation is that only one IP sending mail should have FCrDNS. However, please note that this is not a definitive setup as not all outgoing mail servers have it configured.

Do all Cloud Providers support FCrDNS?

Some cloud email sending services don’t support FCrDNS. For example, Office 365 is a shared environment that provides email services and sends from a variety of different IPs. When emails are sent via Office 365 SMTP, FCrDNS can’t be implemented. However, if you have a static IP that you own to send email, FCrDNS can be configured. 

FCrDNS, SPF and DKIM and DMARC

It is important to strengthen your email authentication infrastructure by implementing SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance). These three protocols work together and have been identified as best practice to secure your email domain.

But, what does each one of these protocols do and how do they enhance FCrDNS?

  • SPF allows you to publish a list of IP addresses that are authorised to send email on your behalf 
  • DKIM is a digital signature that travels with your emails, which is then validated by the receiving server as your legitimate signature
  • DMARC uses the results of SPF and DKIM to tell the receiving server if they should either put the email in the end user’s inbox, put it in the spam folder or reject the email

DMARC, DKIM and SPF combine to give you extra security and deliverability by:

  1. Allowing the receiving server to verify ownership, letting them reverse look up your sending IP to your domain
  2. Allowing the receiving server to validate that the sending IP is authorized
  3. Providing extra authentication via DKIM and ensuring your email keeps their authentication information even if that email is forwarded by an intermediate service like a distribution list
  4. Telling the receiving server if they should accept or reject an email based on your DMARC pass/fail results and your DMARC policy

Demystify your DMARC, DKIM, SPF, FCrDNS and TLS setup by using our free Investigate tool today!

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • Cloud Computing
  • Email Deliverability
  • email security

Post navigation

Previous Post SPF & the cloud
Next Post Webinar: Value preservation – lessons from the Florentine Banker attack

Primary Sidebar

Recent Posts

  • 2021 The Threat Landscape: Brand protection and BEC attacks lead the charge
  • OnDMARC Wins “Best-Of DMARC” Award On Review Platform Expert Insights
  • The case for embracing DORA
  • Red Sift – Closing the Net on the Phishing Problem
  • Beware of this common NHS Covid-19 Vaccine email scam

Archives

  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • November 2016
  • October 2016
  • February 2016

Categories

  • AI
  • BEC
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Uncategorized
  • Work @ Red Sift

Copyright © 2021 · Milan Pro on Genesis Framework · WordPress · Log in