• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Email / How FCrDNS affects email deliverability & security

How FCrDNS affects email deliverability & security

by Murtazah Shah
July 14, 2020August 30, 2022Filed under:
  • Deliverability
  • Email

Forward Confirmed Reverse DNS (FCrDNS) is a technical DNS configuration that shows the relationship between an IP address and a hostname.

FCrDNS allows you to prove that your IP address is using a sending domain that you own; this allows a form of authentication that some mailbox providers use in their spam filter methodology and if set up correctly will help the deliverability and security of your email. 

Improving security

The objective of FCrDNS is to reduce the amount of incoming spam that is processed by a mail server. This check happens as soon as a connection is made to your SMTP server before any other header information is received. As a result, the SMTP server can reject mail early on and not waste processing time or resources.

Misconceptions regarding where should FCrDNS be setup

When setting up FCrDNS on an IP address that is sending out mail, it is best practice to set up the hostname with an A record in your DNS. When an IP address is set up this way, the IP has a reverse DNS resolution of a single hostname. The hostname reversed points back to the IP address. That IP now uses the same hostname to introduce itself during SMTP transactions.

Not every hostname needs to be set up with A/AAAA records; a single hostname can point to multiple IP addresses. Vice versa, a single IP can also point to a different hostname or to nothing at all. 

The above example shows an IP being pointed to multiple PTR records, a setup we do not recommend because anyone verifying such an IP will need to do multiple DNS lookups for verification, requiring more computing power and time. Our recommendation is that only one IP sending mail should have FCrDNS. However, please note that this is not a definitive setup as not all outgoing mail servers have it configured.

Do all Cloud Providers support FCrDNS?

Some cloud email sending services don’t support FCrDNS. For example, Office 365 is a shared environment that provides email services and sends from a variety of different IPs. When emails are sent via Office 365 SMTP, FCrDNS can’t be implemented. However, if you have a static IP that you own to send email, FCrDNS can be configured. 

FCrDNS, SPF and DKIM and DMARC

It is important to strengthen your email authentication infrastructure by implementing SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance). These three protocols work together and have been identified as best practice to secure your email domain.

But, what does each one of these protocols do and how do they enhance FCrDNS?

  • SPF allows you to publish a list of IP addresses that are authorized to send email on your behalf 
  • DKIM is a digital signature that travels with your emails, which is then validated by the receiving server as your legitimate signature
  • DMARC uses the results of SPF and DKIM to tell the receiving server if they should either put the email in the end user’s inbox, put it in the spam folder or reject the email

DMARC, DKIM and SPF combine to give you extra security and deliverability by:

  1. Allowing the receiving server to verify ownership, letting them reverse look up your sending IP to your domain
  2. Allowing the receiving server to validate that the sending IP is authorized
  3. Providing extra authentication via DKIM and ensuring your email keeps their authentication information even if that email is forwarded by an intermediate service like a distribution list
  4. Telling the receiving server if they should accept or reject an email based on your DMARC pass/fail results and your DMARC policy

Demystify your DMARC, DKIM, SPF, FCrDNS and TLS setup by using our free Investigate tool today!

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • Cloud Computing
  • Email Deliverability
  • email security

Post navigation

Previous Post SPF and the cloud
Next Post Value preservation – lessons from the Florentine Banker attack

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Red Sift