Lots of times I see someone asking a question and they talk about their sending domain. And it’s sometimes not 100% clear which domain they mean by that – and when we’re talking about alignment and reputation it can make a difference. So here’s a list of (some of?) the different places a mailserver uses a domain.
Hostnames
Machine Hostname: What the operating system running on the mailserver thinks it’s called. If you log in to it and run the hostname command, this is what you get. It might be single word (e.g. pazu) or it might be a fully qualified domain name (FQDN) (e.g. pazu.wordtothewise.com). This is configured by whoever manages the mailserver.
Reverse DNS: We can use DNS to convert an IP address to a hostname, so if our mail is being sent from 104.225.223.158, the reverse DNS of that is mail.wordtothewise.com. This is configured by whoever owns the IP address. There’s nothing in the spec that says you can’t have multiple different reverse DNS hostnames, but please don’t, it strongly suggests something bad is going on.
Full Circle reverse DNS: If the reverse DNS of 104.225.223.158 is mail.wordtothewise.com, and we look up mail.wordtothewise.com in DNS and we get the same IP, 104.225.223.158 back, then that’s called round trip reverse DNS or full circle reverse DNS or FCrDNS. To configure this requires both the owners of the wordtothewise.com domain and the 104.225.223.158 IP address to agree that the hostname and IP address go together, so it’s a much stronger data point than just reverse DNS. (Reverse DNS and Full Circle reverse DNS apply to IPv6 addresses too, not just IPv4.)
HELO: When a mailserver reaches out to talk to another mailserver the first thing it says is “HELO” (although that’s usually spelled “EHLO” on the modern internet). It includes a hostname that’s not really used for much. It’s configured by whoever manages the mailserver and usually defaults to the (FQDN) machine hostname. The HELO name of a server shouldn’t change – rotating HELO names is distinctive behaviour of some sorts of malware, and will get your server blocked.
Banner: When you connect to a mailserver on port 25 (or 587) the first thing you’ll see is something like “220 mail.wordtothewise.com ESMTP Postfix“. That’s the SMTP banner, and the hostname in it is the banner hostname. This is configured by whoever manages the mailserver, and is almost invariably the same as the hostname in the HELO.
Return Path, aka MAIL FROM, aka bounce domain, aka 821.From, aka SPF domain: This is part of the email address that’s given in the “MAIL FROM” part of the SMTP transaction, and it’s the email address that asynchronous bounces are sent to. It almost always appears in the Return-Path: header of a received email. The right hand side of it – the bit after the @ sign – is the hostname used for SPF authentication. It is configured by whoever is responsible for the final preparations before an email is sent, and for handling bounces if the mail isn’t delivered. That’s usually the ESP responsible for managing sending the mail.
DKIM: DKIM is the other email authentication method. It’s included in a DKIM-Signature header of an email, in the “d=” part. It identifies an entity who is taking some responsibility for the mail. There may be multiple DKIM-Signatures with different d= values, e.g. there may be one for the company that’s running an email marketing campaign and a different one for the ESP responsible for physically sending it. It must be added as the last step before the mail is sent, so it is configured by whoever manages the mailserver. For DKIM to mean anything the owner of the domain name in the d= tag must publish a cryptographic key, so both the mailserver operator and the domain owner must cooperate to set this hostname.
From address, aka 822.From aka From header, aka (incorrectly) Friendly From: This is the email address in the visible From: header in the email. It’s configured by whoever composes the email.
All of these hostnames can be different from each other, though it’d be very odd for the banner and helo hostnames to differ, and they’re usually the same as the machine hostname.
Alignment
There’s a trend to want at least some of these hostnames to, if not be identical at least to “align”. When we talk about two hostnames being aligned we mean that they have the same “organizational domain” (e.g. yahoo.com or turscar.ie or demon.co.uk) at the end. pazu.wordtothewise.com and mail.wordtothewise.com are aligned. mail.blighty.com and mail.wordtothewise.com are not aligned.
More often we talk about a single hostname being “aligned”, and then we mean that it’s aligned with the domain in the From address.
The most important thing to have aligned is one of your DKIM hostnames. If you can’t have aligned DKIM then you must have aligned SPF. Having SPF and DKIM both aligned with the From: address is ideal. This allows you to publish a DMARC record, which makes large mailbox providers happy, and lets you play with BIMI to get brand icons in your recipients inboxes.
Alignment of anything else (either the hostnames listed above, or hostnames used for links or images in the body of the email) is much, much, much less interesting.
RSS - Posts