Overview

Top  Previous  Next

Reverse DNS (REVDNS or RDNS)

 

All internet addresses are accessed by their IP address that looks something like 222.222.222.222. These of course would be hard to remember, so all computers utilize the Domain Name System or DNS. When a domain name is assigned like www.alligate.com, it is mapped to a specific IP address using a DNS record. When www.alligate.com is accessed, your computer accesses your assigned DNS server and it translates the friendly domain name to the assigned IP address.

 

Reverse DNS is the opposite. It takes the IP address and queries the DNS to see what friendly name that IP address is assigned to.

 

When a connection is requested from Alligate by a remote computer, Alligate will look up the REVDNS entry. While REVDNS records are not absolutely required, virtually all legitimate servers have them. Not only do servers have them, but so do home computers by way of their service providers.

 

Theoretically, the only computers accessing Alligate should be other legitimate mail servers. Alligate will accept email from users sending outgoing mail, however these are usually authenticated or from local addresses and Alligate recognizes these and treats them differently.

 

The REVDNS value (or lack of one) can tell us a lot about the sender. If the message is not outgoing, Alligate will analyze the REVDNS value for signs that the remote computer is not actually a legitimate email server.

 

DNS Blacklists (DNSBL)

 

Alligate also lets you define two third party blacklists (DNSBL Service "A" and DNSBL Service "B") that it can use to help provide greater accuracy in spam identification. DNS Blacklists are specialized DNS servers. They are maintained privately by people who hate spam and want to contribute to the overall effort of spam elimination.