U

Visitor

 • 

6 Messages

Mon, Aug 1, 2022 4:33 PM

What has happend to Comcast? Need PTR Resource Record configured in DNS

I have been an Xfinity customer for 7+ years. I have heard horror stories prior to becoming a customer; however, I have been pleasantly surprised with both performance and support. That is, until now. 

I live in the Chicagoland area and starting on around June 16 of 2022 my modem started acquiring a different Class A subnet, from 24.14... to 76.136...

Unfortunately, the newly acquired IP does not have PTR resource records in Comcast's DNS. This is causing customers, including myself, to be blocked from e-mail providers' SMTP servers because their servers check for an existing PTR record in DNS for the connecting IP address.  See https://datatracker.ietf.org/doc/html/rfc1912#section-2.1

This was working perfectly fine for me since I became a customer. I confirmed my previous IP did, and still does, have a PTR RR in DNS. I am not going to name names, but I was told by level 2 support that Comcast made platform changes and this DNS configuration step was missed. I was told multiple times by support, "No sweat, sir. No worries. We will fix this for you".

I have called support five times over the past three weeks, each time having to re-explain the issue, and each time having to have a new support case opened because of "policy". The last time I was told by Level 2 that the case was closed and they did not know why. I was told a supervisor would call me back within 24 hours. This was last Thursday and I have not heard from Comcast, again.

Can anyone here help? This seems insanely simple and I hate to leave Comcast over a lack of communication. 

Accepted Solution

Official Employee

 • 

960 Messages

2 m ago

Good afternoon,

Apologies for the million questions, but I'm just trying to understand the full picture plus usually engineering work requires more specifics and details. Much like a mechanic, you can't just tell them "its broke" you have to be able to provide details like "there's a gasoline smell", "there is a funny noise coming from X", etc. Good news is that I worked with the appropriate engineers to get it resolved and also reached out to cloudmark who also put a solution in place - try again and let me know if you continue to have the same issue. 


Visitor

 • 

6 Messages

@XfinityCSAEmail​ 

Believe me, I understand what you're saying (and your analogy provided some much-needed brevity), however from my perspective I've explained all those details numerous times to various levels of support and I've reached nothing but dead ends, closed tickets, and no call-backs.

My purpose in this forum post was to get straight to the point. From a technical perspective, I completely agree and understand Comcast's position that this sort rDNS policy restriction should not be applied to clients attempting to connect to SSL SMTP ports, but I asked Cloudmark and verified twice that I was a residential consumer and not a relay server. Further complicating factors are that as noted, my previous Comcast IP had a PTR record. So with that evidence and the information I was provided hopefully you can understand where I'm coming from in terms of controlling what I can. Stuck between a rock and a hard place; stuck between two leading Internet service vendors with different viewpoints. Having Comcast add back in a DNS record that previously existed certainly seemed like the path of least resistance compared to requesting an mta provider change its multi-year standing policy for one customer. 

Thanks for stepping up and going the last mile - I was told they put a temporary release on my IP so I will not be able to confirm the solution works until the 20th. 

Official Employee

 • 

325 Messages

2 m ago

Hi, @user_210845

 

Could you please send our team a direct message with your full name and full address? Our team can most definitely take a further look at this issue.

To send a "Peer to peer" ("Private") message:
Click "Sign In" if necessary
• Click the "Peer to peer chat" icon
• Click the "New message" (pencil and paper) icon
• Type "Xfinity Support" in the "To:" line and select "Xfinity Support" from the drop-down list which appears. The "Xfinity Support" graphic replaces the "To:" line
• Type your message in the text area near the bottom of the window
• Press Enter to send it

Visitor

 • 

6 Messages

@XfinityOtto​ 

Thanks. Done. 

XfinityAmir

Official Employee

 • 

7K Messages

Thanks! Please reach back out to us via the private message you sent to continue. 

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick

Official Employee

 • 

960 Messages

2 m ago

Good afternoon,

To clarify - not all IP addresses require and/or have a PTR record. PTR record pertains strictly to email servers' records and its against the acceptable use policy to host an email server on the residential Comcast internet connection. To add, most email providers don't block connections due to PTR or any other email server record since its not even checked when authenticating to SMTP. PTR is checked when you send an email. The block is commonly due to IP reputation, which from a dynamically assigned IP standpoint is not even a valid method of blocking and/or filtering connections since an IP address could change between the users on the ISPs network from once to hundreds of times a day - meaning that the IP can change frequently. I guess the main thing I would like to ask for clarification on is - what are you connecting to that you are getting errors for? what is the error? where were you told that you need a PTR record on your home network? 

to hopefully clarify a bit more - PTR is not checked when you use the internet to connect to smtp.comcast.net or to smtp.gmail.com. Once you do connect and authenticate, in Comcast example one of these servers: http://postmaster.comcast.net/outbound-mail-servers.html are all managed and have valid PTR, DNS, DMARC, etc. records which will be provided if they were to for example send an email to a gmail.com email address. 

Here is an example of how email works. I've highlighted you and the recipient in the green box and the red is the email host/provider that manages all PTR,DMARC, etc. records that are required for email communications. You or the recipient in the green section have no control over and are not affected whether the records exist or not when connecting to the MTA/MDA via your home internet connection.

Visitor

 • 

6 Messages

@XfinityCSAEmail​ 

I am not running an e-mail server or any server. As you stated it's not allowed by Comcast's TOC, nor would it be advisable with a dynamically allocated IP address.

I guess the main thing I would like to ask for clarification on is - what are you connecting to that you are getting errors for?

With the new address space assigned, I am now failing to connect to my e-mail provider's outbound SMTP server on port 587.

what is the error?

The error is 554, mcc-obgw-5001a.ext.cloudfilter.net cmsmtp ESMTP server not available AUP#DNS.

where were you told that you need a PTR record on your home network?

Cloudmark support. "Cloudmark requires all senders to have a valid PTR record in DNS." Further, it's "industry standard... we [Cloudmark] have coverage across most of the big email and mobile carriers across the world and its a standard policy across all of them."

This seems to be supported by rfc1912 section-2.1 (https://datatracker.ietf.org/doc/html/rfc1912#section-2.1):

Many services available on the Internet will not talk to you if you aren't correctly registered in the DNS. Make sure your PTR and A records match.  For every IP address, there should be a matching PTR record in the in-addr.arpa domain.

I'm not trying to tell Comast engineers what to do or what is right and what is wrong. I'm a customer looking for a solution. I've been allocated IP addresses since I became a customer with Comcast over 7 years ago and they all had PTR records in DNS because I have never had issues conducting my e-mail operations. Now, on or around June 16, Comcast has made a change to its platform in the Chicagoland area (suburbs), and I've started receiving a completely different address space that does have a DNS zone created with PTR records. 

Official Employee

 • 

960 Messages

Good morning,

I appreciate the further information. Do you by chance also have a webmail method of access to this hosted email and are you still experiencing issues there? Also, was there further details in the error you received besides what you posted, like for example a 554 5.7.1 or 554 5.1.1. What email client are you using to connect to the hosted email? have you changed your DNS settings on your home network by chance or any of the devices using your network? To also get more detailed, is this error message appearing when you launch the email program or when you attempt to send an email? If you don't mind what is the domain of the email you are trying to send from?

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick

Visitor

 • 

6 Messages

2 m ago

I'm confused about what the purpose of these questions is. Can Comcast add the PTR record as I have previously had for 7+ years, or not? 

Do you by chance also have a webmail method of access to this hosted email and are you still experiencing issues there?

There are no issues with webmail, nor am I asking about webmail, nor is webmail a solution.

was there further details in the error you received besides what you posted, like for example a 554 5.7.1 or 554 5.1.1

No. The 554 error text indicates a DNS-related issue and as previously communicated, I have literally received a direct response from Cloudmark stating exactly what Comcast needs to do regarding the error (Add the PTR record back for the newly acquired IP).

 What email client are you using to connect to the hosted email

Thunderbird (and every client). 

have you changed your DNS settings on your home network by chance or any of the devices using your network? 

No. I'm using default Comcast DNS servers via DHCP. Again why does this matter? As shown in the error provided I'm successfully resolving the SMTP server host. Not being able to resolve a domain would result in a completely different error.

 is this error message appearing when you launch the email program or when you attempt to send an email? If you don't mind what is the domain of the email you are trying to send from?

The error occurs in the client when I attempt to send an email, but again, the underlying problem is on the connection itself to the SMTP server (before authentication). The e-mail provider's domain is mediacombb.net

(edited)

forum icon

New to the Community?

Start Here