Why do email servers need PTR records?

Receiving servers check if your IP's reverse DNS matches your claimed identity. If 192.0.2.10 claims to be mail.example.com but PTR says unknown.hosting.com, that's a red flag. Gmail and Microsoft reject or defer mail from IPs without proper PTR records.

Where do I set up a PTR record?

PTR records are controlled by whoever owns the IP address—your VPS provider, not your domain registrar. DigitalOcean, Vultr, Hetzner, and most VPS providers let you set PTR in their control panel. AWS requires an Elastic IP and a support request.

Should PTR match my mail server hostname exactly?

Yes. If your server's hostname is mail.example.com and it sends email from 192.0.2.10, the PTR for that IP should resolve to mail.example.com. And mail.example.com should have an A record back to 192.0.2.10. This bidirectional match is called FCrDNS.

What happens if I don't have a PTR record?

Many mail servers will reject your email outright or heavily penalize it. Gmail and Microsoft both check PTR. Without one, you'll see rejections like '550 IP not in DNS' or get flagged as suspicious sender.

How do I check my PTR record?

Use: dig -x 192.0.2.10 +short (replace with your IP). Or nslookup 192.0.2.10. The result should be your mail server's hostname. Online tools like MXToolbox also check PTR.

PTR Records (Reverse DNS) for Email Servers: Complete Guide

What PTR Records Do

PTR records provide reverse DNS—they map IP addresses to hostnames. While A records answer "what IP does mail.example.com have?", PTR records answer "what hostname does 192.0.2.10 have?"

PTR records are a key part of your email DNS configuration. For email servers, this matters because receiving servers want to verify your identity:

Your server connects from 192.0.2.10 and says "I'm mail.example.com"
Receiver looks up PTR for 192.0.2.10
If PTR says "mail.example.com", identities match = good
If PTR says something else or doesn't exist = suspicious

Forward-Confirmed Reverse DNS (FCrDNS)

The gold standard for email is Forward-Confirmed reverse DNS:

1. IP 192.0.2.10 → PTR lookup → mail.example.com
2. mail.example.com → A lookup → 192.0.2.10

Both directions match. This proves:

You control the IP (can set its PTR)
You control the domain (can set its A record)
The two are intentionally linked

Checking Your Current PTR

Using dig

# Check PTR for an IP
dig -x 192.0.2.10 +short
# Example output: mail.example.com.

# Full output
dig -x 192.0.2.10

Using nslookup

nslookup 192.0.2.10
# Look for "name = mail.example.com"

Online Tools

MXToolbox: mxtoolbox.com/ReverseLookup.aspx
DNSChecker: dnschecker.org/reverse-dns.php

Setting Up PTR Records

Who Controls PTR?

PTR records are set by whoever owns the IP address block—almost always your VPS or hosting provider, not your domain registrar.

Provider	PTR Configuration
DigitalOcean	Droplet settings → Rename droplet to FQDN
Vultr	Server settings → Reverse DNS
Hetzner	Robot panel → Server → IPs → rDNS
Linode	Networking → Reverse DNS
OVH	Control panel → IP → Reverse
AWS	Elastic IP + support request
Google Cloud	Compute Engine → External IP → Reverse DNS
Azure	Public IP → Configuration → DNS name label

DigitalOcean

DigitalOcean sets PTR based on the droplet name:

Go to your droplet
Click "Rename"
Set the name to your mail server's FQDN: mail.example.com
PTR updates automatically (usually within an hour)

Vultr

Go to Server Settings
Find "Reverse DNS"
Enter your mail server hostname: mail.example.com
Save changes

Hetzner

Log into Robot panel
Go to Servers → [Your Server]
Click IPs
Find your server IP
Click the pencil icon next to rDNS
Enter: mail.example.com

AWS

AWS requires extra steps because PTR isn't self-service:

Allocate an Elastic IP and associate with your EC2 instance
Submit a support request to remove sending limits and set PTR
AWS reviews your use case (takes 24-48 hours typically)
Once approved, PTR is set

Practitioner note: AWS's PTR request process frustrates people, but it exists because spammers used to spin up EC2 instances to send spam. If you're running legitimate email infrastructure, explain your use case clearly in the support request. Mention your domain, expected volume, and that you have SPF/DKIM/DMARC configured.

Google Cloud

Go to VPC Network → External IP addresses
Find your server's IP
Click "Reverse DNS" under the three-dot menu
Enter your mail server hostname

Verifying Configuration

After setting PTR, verify the complete chain:

# Step 1: Check PTR
dig -x 192.0.2.10 +short
# Should return: mail.example.com.

# Step 2: Check A record matches
dig A mail.example.com +short
# Should return: 192.0.2.10

# Step 3: Verify from your server
hostname -f
# Should return: mail.example.com

All three should be consistent.

Troubleshooting

"PTR record does not exist"

Your IP has no PTR configured.

Fix: Configure PTR through your VPS provider (see instructions above).

"PTR doesn't match hostname"

PTR returns a different hostname than your mail server claims.

dig -x 192.0.2.10 +short
# Returns: server123.hosting.com (wrong)
# Should be: mail.example.com

Fix: Update PTR to match your mail server's hostname.

"PTR points to localhost or generic hostname"

Common when PTR was never configured:

dig -x 192.0.2.10 +short
# Returns: localhost or 10.2.0.192.in-addr.arpa or nothing

Fix: Set proper PTR through your provider.

"Forward DNS doesn't match"

PTR is set, but A record doesn't match:

dig -x 192.0.2.10 +short
# Returns: mail.example.com

dig A mail.example.com +short
# Returns: 192.0.2.99 (different IP!)

Fix: Update A record to match the IP, or update PTR to match the hostname that has the correct A record.

PTR Changes Not Taking Effect

DNS caching. PTR records are cached by resolvers. Wait 1-24 hours for propagation.

Test with uncached query:

dig -x 192.0.2.10 @8.8.8.8 +short

If this returns the correct value but other checks don't, wait for cache expiration.

Practitioner note: PTR propagation is usually fast (under an hour) but some resolvers cache aggressively. I've seen old PTR values stick around for 24+ hours. If you're in a hurry, test against multiple DNS resolvers (8.8.8.8, 1.1.1.1, 9.9.9.9) to see current state.

PTR for Multiple IPs

If you have multiple sending IPs (see IP pools), each needs its own PTR:

192.0.2.10 → mail.example.com
192.0.2.11 → mail2.example.com
192.0.2.12 → mail3.example.com

And corresponding A records:

mail.example.com.    A    192.0.2.10
mail2.example.com.   A    192.0.2.11
mail3.example.com.   A    192.0.2.12

Don't point multiple IPs to the same hostname PTR—it works but is considered poor practice.

Common Mistakes

Setting PTR at domain registrar PTR is controlled by IP owner (your VPS provider), not domain owner. You can't set PTR at GoDaddy or Cloudflare—it must be at DigitalOcean, Vultr, etc.

Using subdomain in PTR PTR should be your mail server's FQDN, not a random subdomain. Use mail.example.com, not server1.mail.example.com (unless that's actually your hostname).

Forgetting IPv6 If your server has an IPv6 address and sends mail over IPv6, that address also needs a PTR record (AAAA record correspondence).

Not waiting for propagation PTR changes take time to propagate. Test after an hour, not immediately.

Email Service Impact

Receiving Server	PTR Requirement
Gmail	Required. Rejects or defers without PTR
Microsoft	Required. Checks and penalizes missing PTR
Yahoo	Required. Part of reputation scoring
Corporate servers	Often required by policy
Spam filters	Heavy weight on PTR validity

Without proper PTR, your email deliverability suffers. You'll see errors like:

"550 IP not found in DNS"
"Your IP does not have a PTR record"
"Failed reverse DNS lookup"

If you're setting up email infrastructure and need help configuring DNS including PTR records, schedule a consultation.

Sources

RFC 1912: Common DNS Operational and Configuration Errors
RFC 5321: Simple Mail Transfer Protocol (Section 2.3.5)
Google: Sender Guidelines - PTR Records
Microsoft: Sender Guidelines
M3AAWG: Best Practices for Sending Email

v1.0 · March 2026