Reverse DNS validation failed — PTR record missing or mismatched
Production Risk
High — missing or broken PTR records cause widespread rejection across major mail providers.
The receiving server performed a reverse DNS (PTR) lookup on the sending server's IP address and either found no PTR record or found one that does not match the forward DNS for the connecting hostname. Many receiving servers reject mail from IPs without valid reverse DNS.
- 1The sending server's IP address has no PTR record configured.
- 2The PTR record exists but does not resolve forward to the same IP (forward-confirmed reverse DNS failure).
- 3The PTR record points to a generic ISP hostname (e.g., pool-1-2-3-4.isp.com) which is treated as suspicious.
The receiving MTA performs a PTR lookup on the connecting IP and rejects because the result is absent or mismatched.
# Receiving server log:
NOQUEUE: reject: RCPT from unknown[203.0.113.1]: 550 5.7.25
Client host rejected: cannot find your hostname, [203.0.113.1]
# The IP 203.0.113.1 has no PTR recordexpected output
550 5.7.25 ...
Fix
Configure a PTR record for your sending IP
WHEN Setting up a new mail server or after IP change
# Request PTR record from your hosting provider or ISP: # PTR: 203.0.113.1 -> mail.yourdomain.com # Then verify forward confirmation: dig PTR 1.113.0.203.in-addr.arpa +short # Should return: mail.yourdomain.com. dig A mail.yourdomain.com +short # Should return: 203.0.113.1
Why this works
Forward-confirmed reverse DNS (FCrDNS) requires that the PTR record resolves to a hostname that A-records back to the original IP.
✕ Use a shared hosting IP for transactional email without verifying PTR records
Shared IPs frequently lack proper PTR records; use a dedicated IP for mail servers.
RFC 3463 — Enhanced Mail System Status Codes
Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev