Deliverability issue with Proofpoint


I recently updated my MIAB, in the process I changed the IP.
Prior to updating I checked that the new IP wasn’t blacklisted. Unfortunately after updating email sent from MIAB are blocked (550 5.7.0) by Proofpoint (used by Apple for iCloud).

I thought that the IP was probably blocked because of some previous owner misuse. But here is the response from Proofpoint support:


The listing is due to invalid or generic PTR (reverse DNS) Record for the IP. The PTR record designates ownership and authorized use of the IP. The IP needs to be given a fully qualified domain name which resolved back to that IP.

For Example:

Also, if the PTR starts with either: mail, mts, mx, out, smtp, that will help resolve the issue.

Please feel free respond to this message once the PTR record has been fixed, and the IP will be re-evaluated by the Threat Operations Team.


Proofpoint Support

My glue records are set correctly, and everything is green in MIAB. They don’t wan’t to remove the block. Are they suggesting that the issue is the actual domain name of MIAB box.xxxxx.xxxx? Should I just try to change the primary domain.

What do you guys suggest?


PTR Record (Reverse DNS) is something different :wink:

It’s set by the owner/provider of your IP address …so your VPS provider or ISP if hosting at home …

My favorite ISP has a great article about it and will happily set one for you if you join :slight_smile:

@Box Thank you for the response.

Indeed, my bad for the write up of the issue. Nevertheless the reverse DNS is set properly from digital ocean, and shows as green in MIAB.

Do you have IPv6 as well?

I would double check your PTR Record is correct for both IPv4/6 and e-mail them back the details (perhaps including links to the online tools below) with request to unblock.

Or request more information on what it should be …

Or even better compare against the old IP address (if it has still set the PTR record) with the following commands:
dig -x @

dig PTR



nslookup -debug

nslookup -type=PTR

nslookup -debug -d2 -type=PTR

and see if you can spot something different.


No, IPv6 is disabled completely.

The reverse lookup form MXtoolbox and the DNS report from the domain are bringing up the correct information. I will resubmit to Proofpoint with the details.

Keep in mind that rDNS also takes time to propagate. It could quite well be that it wasn’t fully propagated yet when you made your inquiry. But yes, check with them again.

If they deny you again, send them a link to the MiaB doc’s recommending that ‘box’ be used as the hostname … or simply change your MiaB hostname to ‘mail’ to comply with their requirements. Rather silly methinks … but …

You could also point out that there are over 20k installations of MiaB …

@alento, thanks for the feedback.

I has been over two weeks, so I don’t think the propagation is an issue. Could it be that the PTR record on the old IP is still active? Proofpoint mentioned “Generic PTR” what would it mean?

I submitted a new ticket but they still replied the same automated response. I’m just left with the option to change the main domain of my MIAB?

For anyone facing the same issue.

Changing the primary domain from to did solve the issue. I still suspect that it’s because of an IP change on rather than Proofpoint not liking the box. sub domain.