Frequently Asked Question
Error 501 Domain Must Resolve & Error 501 PTR Records mismatch
Last Updated 5 years ago
Symptoms | |
When sending or receiving email to GEN, the sending system is returned either an Error 501 Domain Must Resolve Error 501 PTR Records mismatch by GEN Mail systems. | |
Cause | |
During the conversation with GEN's mail gateway: The IP address that is originating the connection must match its PTR Records, that is, if the email is originating from 213.249.192.101 then our server will aquire the PTR (reverse lookup) of that address and come up with dyn001.core.gen.net.uk. Our system will then ask for the address of this and come up with 213.249.192.101, a match. The mail session will be allowed to proceed. ALL Genuine mail hosts *WILL* pass this test as this is a very simple requirement of host identification on the internet and mandated by RFC1123/1124 which form part of Internet Standard 1. (Common DNS misconfigurations are outlined in RFC 1912, of particular note is section 2.1 that states, under the heading "Inconsistent, Missing or Bad Data", "Make sure your PTR and A records match". Those ISPs that will not or cannot configure reverse DNS will generate problems for hosts on their networks, by virtue of RFCs being contravened when communicating with hosts that do follow the RFC guidelines.) Next, the first step of the conversation is the introduction, in the case of SMTP its the 'HELO' (EHLO for ESMTP). This must contain the hostname of the machine asking to transfer mail. This domain name is passed to DNS to ensure it actually exists. If it does, then the conversation continues. ALL Genuine mail hosts *WILL* pass this test as this is a very simple requirement of SMTP/ESMTP. Next, the originating system will provide the MAIL FROM (from) address with the command MAIL FROM: Fred@bloggs.com Our system will ask the DNS Server that is authoritive for bloggs.com for all the A (address) and MX (mail server) records for bloggs.com. This confirms a reverse path. Providing the domain name exists, and supplies its A and MX records, then the session will continue, otherwise our system will give a 501 error to the originator and terminate the connection. Its worth noting at the point that DNS verification is not uncommon, but unlike most, we choose to return 501 instead of 550 so that most mail sofware will generate a bounceback to the sender. If you wish to check your own reverse DNS, then you are welcome to use the special rDNS tool available at http://www.gensupport.net/index.php/tools/22-reverse-dns.html | |
Solution | |
Correct configuration of the domain name system is crucial to the correct operation of the internet and is based upon long established and clearly defined standards. All good ISP's globally have properly configured DNS & Mail Servers, but people trying to abuse the system in order to send bulk email which is hard to track will often try to forge/fudge one or more of the above checks, and as such, their email will be rejected by GEN. Whilst senders who are unable to quickly resolve their DNS configuration issues can have their originating IP whitelisted, this should not be considered a solution. If whitelisting is required then please raise a ticket at the helpdesk and supply the IP Address(s) of the originating email servers that are mis-configured. Some Internet standards are available online to anyone who needs them. A selection are available on the GEN support website at http://www.gensupport.net again for anyone who wants them. See: RFC1912 for common DNS misconfigurations |