In order to protect our users from spam may happen that our mail server (mx1.servermx.com) bounces (*) incoming messages back to the original domain with one of the following two messages:
1) "Client Policy Restriction: No consistent reverse DNS set".
2) "Client Policy Restriction: Reverse DNS indicates end user IP".
(*) This feature can be turned off by email administrators clicking on:
"Mailboxes management -> Mailbox_list -> Policy_restriction"
1) Error: Client Policy Restriction: No consistent reverse DNS set
This verification is very important in detecting email phishing and scams. It happens when the reverse DNS entries of the incoming message do not match. This is called FCrDNS verification, this helps to prevent others from spoofing the legitimate hosts, only the domain owner can make FCrDNS work correctly. Any host over the Internet is supposed to have a valid reverse DNS (PTR Resource Record) declared, as required by RFC 1033: Domain administrators operations guide
In case of legitimate email with this problem this error indicates that the senders's mail server is misconfigured and we recommend to contact the ISP of the sender and ask him to setup a reverse record (PTR) that matches the hostname of his mail server.
Here's how FCrDNS is supposed to work. For example an host with IP = 100.101.102.103:
100.101.102.103 ------- PTR Record ===> hostname.yourdomainname.tld
hotsname.yourdomainname.tld ------- A Record ===> 100.101.102.103
- Forward Confirmed Reverse DNS Lookup Testing (FCrDNS)
- Wikipedia Forward Confirmed RDNS
- Reverse DNS Test
- RFC 2317
2) Error: Client Policy Restriction: Reverse DNS indicates end user IP
Another reason for mail bounced is that the incoming email server is a dynamic IP or an end user and not a reliable MTA (Mail Transfer Agent). This source of errors is when the sender uses an IP which looks like an end user so its IP Address is typical of a dynamic/residential IP Address. Also when rDNS that may be similar to dynamic IP space for example containing pool, dhcp, dyn, etc.
For instance, when the sender has the name "45-55-198-22.domain.tld", the number "45-55-198-22" indicates that the sender is a final user using a dynamic or static IP and not a reliable email host sender. Spammers use this kind of hosts for sending emails.