Wondering why outbound messages flagged as spam on EC2 Windows? We can help you.
As a part of our AWS Support Services, we often receive similar requests from our AWS customers.
Today, let’s see the steps followed by our Support Techs to help our customers.
Outbound messages flagged as spam on EC2 Windows
Outbound messages might flagged as spam if you’re missing DKIM authentication, SPF records, or a reverse DNS record set.
Configurable Reverse DNS for Amazon EC2’s Elastic IP Addresses
You can now provide AWS support with a configurable Reverse DNS record for any of your Elastic IP addresses.
Once you’ve supplied them with the record, reverse DNS lookups (from IP address to domain name) will work as expected: the Elastic IP address in question will resolve to the domain that you specified in the record.
You can provide them with your Reverse DNS records using this form.
They will set up the mappings as quickly as possible and we’ll send you an email once everything is all set up.
Enable reverse DNS functionality for Route 53 with a PTR record
To configure reverse DNS resolution for a Simple Mail Transfer Protocol (SMTP) server, you must first determine the appropriate method for your use case:
- If you have an on-premises SMTP server and you use non-AWS resources, your IP addresses might be owned by a third party.
The third party might be another cloud computing platform or your internet service provider (ISP).
In this case, you must use the method provided by the IP address owner to configure reverse DNS.
The IP address owner might require you to create a reverse DNS record and provide only the name servers to them for delegation.
In this case, complete the Resolution steps in the “Using on-premises SMTP servers” section. You must configure Route 53 to respond to reverse DNS lookup queries for your server by creating a public hosted zone.
Then, you must add a pointer (PTR) record in it.
- If you have an SMTP server hosted in Amazon Virtual Private Cloud (Amazon VPC) and you use AWS-provided Elastic IP addresses for your servers.
Then, complete the Resolution steps in the “Using SMTP servers hosted in Amazon VPC” section to configure reverse DNS.
How to resolve it?
Today, let us see the steps followed by our Support Techs to resolve this issue.
Using on-premises SMTP servers
Please note, this resolution uses the following example IP addresses for the SMTP server: 18.104.22.168 (IPv4) and 2000:1234:5678:9012:3456:7890:1234:5678 (IPv6).
Create a public hosted zone
Create a public hosted zone for your server’s IP address.
Create a record set and PTR record
- Firstly, create a record set for your hosted zone.
- Then, create a PTR record for your SMTP server.
- Next, for Name, enter the reversed IP address plus in-addr.arpa (IPv4) or ip6.arpa (IPv6).
- For Type, choose PTR – Pointer.
- For Value, enter the fully qualified domain name (FQDN) of the SMTP server. For example, mail.example.com.
Please note, if your domain has multiple IP blocks, you must create additional reverse hosted zones with corresponding PTR records to resolve the IP addresses.
Set up delegation
After you create the PTR record, you must ask the IP address owner to set up delegation to the name servers in your reverse hosted zone. To locate name server details, follow these steps:
- Firstly, open the Route 53 console.
- In the navigation pane, choose Hosted zones.
- Then, select your hosted zone.
- For Type, choose NS.
- Note the record’s Value.
Please note, the time for this new configuration to take effect depends on the time to live (TTL) records of the previous NS record.
Note that the TTL records of the previous name server (NS) record might be cached in end-user local DNS servers.
Using SMTP servers hosted in Amazon VPC
- Firstly, create a forward DNS record (record type A) that points to the appropriate Elastic IP address.
- Then, create or update the reverse DNS record for an Elastic IP address:
- For AWS Elastic IP addresses in the US East (Ohio), Africa (Cape Town), Asia Pacific (Mumbai), Canada (Central), and Europe (Milan) Regions – Update the reverse DNS address using the Amazon Elastic Compute Cloud (Amazon EC2) console or the AWS Command Line Interface (AWS CLI).
- For AWS Elastic IP addresses in all other Regions
[Need help with more AWS queries? We’d be happy to assist]
To conclude, today we saw how our Support Engineers resolved outbound messages flagged as spam on EC2 Windows.